Vulnerabilities (CVE)

Filtered by vendor Debian Subscribe
Total 9011 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-4772 4 Canonical, Debian, Postgresql and 1 more 4 Ubuntu Linux, Debian Linux, Postgresql and 1 more 2024-11-21 4.0 MEDIUM N/A
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.
CVE-2007-4739 1 Debian 1 Reprepro 2024-11-21 5.0 MEDIUM N/A
reprepro 1.3.0 through 2.2.3 does not properly verify signatures when updating repositories, which allows remote attackers to construct and distribute an ostensibly valid Release.gpg file by signing it with an unknown key, related to the update command.
CVE-2007-4657 3 Canonical, Debian, Php 3 Ubuntu Linux, Debian Linux, Php 2024-11-21 7.5 HIGH N/A
Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE: this affects different product versions than CVE-2007-3996.
CVE-2007-4476 3 Canonical, Debian, Gnu 3 Ubuntu Linux, Debian Linux, Tar 2024-11-21 7.5 HIGH N/A
Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."
CVE-2007-3998 3 Canonical, Debian, Php 3 Ubuntu Linux, Debian Linux, Php 2024-11-21 5.0 MEDIUM N/A
The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' argument set.
CVE-2007-3919 2 Debian, Xensource Inc 2 Debian Linux, Xen 2024-11-21 6.0 MEDIUM N/A
(1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm.
CVE-2007-3912 1 Debian 1 Debian-goodies 2024-11-21 7.2 HIGH N/A
checkrestart in debian-goodies before 0.34 allows local users to gain privileges via shell metacharacters in the name of the executable file for a running process.
CVE-2007-3798 6 Apple, Canonical, Debian and 3 more 7 Mac Os X, Mac Os X Server, Ubuntu Linux and 4 more 2024-11-21 6.8 MEDIUM 9.8 CRITICAL
Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.
CVE-2007-3409 3 Canonical, Debian, Net-dns 3 Ubuntu Linux, Debian Linux, Net\ 2024-11-21 4.3 MEDIUM 7.5 HIGH
Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop.
CVE-2007-3387 6 Apple, Canonical, Debian and 3 more 6 Cups, Ubuntu Linux, Debian Linux and 3 more 2024-11-21 6.8 MEDIUM N/A
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.
CVE-2007-3278 2 Debian, Postgresql 2 Debian Linux, Postgresql 2024-11-21 6.9 MEDIUM N/A
PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1.
CVE-2007-2875 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2024-11-21 2.1 LOW N/A
Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file.
CVE-2007-2839 1 Debian 1 Gfax 2024-11-21 7.2 HIGH N/A
gfax 0.4.2 and probably other versions creates temporary files insecurely, which allows local users to execute arbitrary commands via unknown vectors.
CVE-2007-2838 2 Debian, Gsambad 2 Debian Linux, Gsambad 2024-11-21 7.2 HIGH N/A
The populate_conns function in src/populate_conns.c in GSAMBAD 0.1.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gsambadtmp temporary file.
CVE-2007-2837 2 Debian, Fireflier 2 Debian Linux, Fireflier 2024-11-21 3.6 LOW N/A
The (1) getRule and (2) getChains functions in server/rules.cpp in fireflierd (fireflier-server) in FireFlier 1.1.6 allow local users to overwrite arbitrary files via a symlink attack on the /tmp/fireflier.rules temporary file.
CVE-2007-2835 2 Debian, Unicon-imc2 2 Debian Linux, Unicon-imc2 2024-11-21 6.8 MEDIUM N/A
Multiple stack-based buffer overflows in (1) CCE_pinyin.c and (2) xl_pinyin.c in ImmModules/cce/ in unicon-imc2 3.0.4, as used by zhcon and other applications, allow local users to gain privileges via a long HOME environment variable.
CVE-2007-2834 4 Apache, Canonical, Debian and 1 more 5 Openoffice, Ubuntu Linux, Debian Linux and 2 more 2024-11-21 9.3 HIGH N/A
Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow.
CVE-2007-2833 3 Debian, Gnu, Mandrakesoft 4 Debian Linux, Emacs, Mandrake Linux and 1 more 2024-11-21 7.8 HIGH N/A
Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation.
CVE-2007-2798 3 Canonical, Debian, Mit 3 Ubuntu Linux, Debian Linux, Kerberos 5 2024-11-21 9.0 HIGH N/A
Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.
CVE-2007-2797 3 Debian, Redhat, Xterm 3 Debian Linux, Enterprise Linux, Xterm 2024-11-21 2.1 LOW N/A
xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in Debian GNU/Linux, sets the wrong group ownership of tty devices, which allows local users to write data to other users' terminals.