Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2007-04-30 CVE-2007-2029 Resource Management Errors vulnerability in Clam Anti-Virus Clamav 0.84Rc2
File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file.
network
low complexity
debian clam-anti-virus CWE-399
7.8
2007-04-06 CVE-2007-1887 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by calling the sqlite_udf_decode_binary function with a 0x01 character.
network
low complexity
php canonical debian CWE-120
7.5
2007-03-02 CVE-2006-7094 Remote Security vulnerability in Ftpd
ftpd, as used by Gentoo and Debian Linux, sets the gid to the effective uid instead of the effective group id before executing /bin/ls, which allows remote authenticated users to list arbitrary directories with the privileges of gid 0 and possibly enable additional attack vectors.
network
gentoo ftpd debian
8.5
2007-02-16 CVE-2007-0897 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor.
network
low complexity
clamav apple debian CWE-772
7.5
2007-02-06 CVE-2007-0454 USE of Externally-Controlled Format String vulnerability in multiple products
Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping.
network
low complexity
samba debian mandrakesoft CWE-134
7.5
2006-12-12 CVE-2006-5873 Denial of Service vulnerability in L2TPNS Heartbeat Handling
Buffer overflow in the cluster_process_heartbeat function in cluster.c in layer 2 tunneling protocol network server (l2tpns) before 2.1.21 allows remote attackers to cause a denial of service via a large heartbeat packet.
network
low complexity
l2tpns debian
7.8
2006-10-10 CVE-2006-5170 Improper Handling of Exceptional Conditions vulnerability in multiple products
pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver.
network
low complexity
redhat fedoraproject debian CWE-755
7.5
2006-09-27 CVE-2006-5051 Double Free vulnerability in multiple products
Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.
network
high complexity
openbsd debian apple CWE-415
8.1
2006-04-14 CVE-2006-1724 Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to DHTML.
network
low complexity
mozilla debian
7.5
2006-04-14 CVE-2006-1531 Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML.
network
low complexity
mozilla debian
7.5