Vulnerabilities > Debian > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-09-05 | CVE-2007-4476 | Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack." | 7.5 |
| 2007-09-04 | CVE-2007-4657 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. | 7.5 |
| 2007-07-05 | CVE-2007-2839 | Local Arbitrary Command Execution vulnerability in Debian Gfax 0.4.2 gfax 0.4.2 and probably other versions creates temporary files insecurely, which allows local users to execute arbitrary commands via unknown vectors. | 7.2 |
| 2007-07-03 | CVE-2007-2838 | Unspecified vulnerability in Gsambad 0.1.4 The populate_conns function in src/populate_conns.c in GSAMBAD 0.1.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gsambadtmp temporary file. | 7.2 |
| 2007-06-26 | CVE-2007-2443 | Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value. | 8.3 |
| 2007-06-26 | CVE-2007-3409 | Uncontrolled Recursion vulnerability in multiple products Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop. | 7.5 |
| 2007-06-21 | CVE-2007-2833 | Remote Denial of Service vulnerability in GNU Emacs Image Processing Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation. | 7.8 |
| 2007-05-14 | CVE-2007-2444 | Improper Privilege Management vulnerability in multiple products Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user. | 7.2 |
| 2007-05-09 | CVE-2007-1864 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors. | 7.5 |
| 2007-05-02 | CVE-2007-1320 | Out-Of-Bounds Write vulnerability in multiple products Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow. | 7.2 |