Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2007-09-05 CVE-2007-4476 Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."
network
low complexity
gnu debian canonical
7.5
2007-09-04 CVE-2007-4657 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read.
network
low complexity
php debian canonical CWE-119
7.5
2007-07-05 CVE-2007-2839 Local Arbitrary Command Execution vulnerability in Debian Gfax 0.4.2
gfax 0.4.2 and probably other versions creates temporary files insecurely, which allows local users to execute arbitrary commands via unknown vectors.
local
low complexity
debian
7.2
2007-07-03 CVE-2007-2838 Unspecified vulnerability in Gsambad 0.1.4
The populate_conns function in src/populate_conns.c in GSAMBAD 0.1.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gsambadtmp temporary file.
local
low complexity
debian gsambad
7.2
2007-06-26 CVE-2007-2443 Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value.
low complexity
mit debian canonical
8.3
2007-06-26 CVE-2007-3409 Uncontrolled Recursion vulnerability in multiple products
Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop.
network
low complexity
net-dns debian canonical CWE-674
7.5
2007-06-21 CVE-2007-2833 Remote Denial of Service vulnerability in GNU Emacs Image Processing
Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation.
network
low complexity
debian mandrakesoft gnu
7.8
2007-05-14 CVE-2007-2444 Improper Privilege Management vulnerability in multiple products
Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user.
local
low complexity
samba debian canonical CWE-269
7.2
2007-05-09 CVE-2007-1864 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors.
network
low complexity
php debian canonical redhat CWE-119
7.5
2007-05-02 CVE-2007-1320 Out-Of-Bounds Write vulnerability in multiple products
Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow.
local
low complexity
qemu fedoraproject opensuse debian CWE-787
7.2