Debian

Debian Linux

9140 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.5

CVE-2007-6415

Exploit
  • EPSS 1.2%
  • Published 25.01.2008 00:00:00
  • Last modified 09.04.2025 00:30:58

scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute arbitrary code by invoking scp, as implemented by OpenSSH, with the -F and -o options.

9.3

CVE-2007-6427

  • EPSS 3.74%
  • Published 18.01.2008 23:00:00
  • Last modified 09.04.2025 00:30:58

The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990.

5

CVE-2007-6284

  • EPSS 5.56%
  • Published 12.01.2008 02:46:00
  • Last modified 09.04.2025 00:30:58

The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.

7.5

CVE-2008-0226

  • EPSS 91.94%
  • Published 10.01.2008 23:46:00
  • Last modified 09.04.2025 00:30:58

Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yass...

4

CVE-2007-4772

Exploit
  • EPSS 1.18%
  • Published 09.01.2008 21:46:00
  • Last modified 09.04.2025 00:30:58

The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted reg...

7.2

CVE-2007-6601

  • EPSS 0.34%
  • Published 09.01.2008 21:46:00
  • Last modified 09.04.2025 00:30:58

The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. N...

4.3

CVE-2007-6599

  • EPSS 1.35%
  • Published 04.01.2008 02:46:00
  • Last modified 09.04.2025 00:30:58

Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes the handler for the Giv...

7.5

CVE-2007-6353

  • EPSS 2.34%
  • Published 20.12.2007 01:46:00
  • Last modified 09.04.2025 00:30:58

Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.

2.1

CVE-2007-6418

  • EPSS 0.05%
  • Published 18.12.2007 00:46:00
  • Last modified 09.04.2025 00:30:58

The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the MySQL dspam database password in a command line argument, which might allow local users to read the password by listing the process and its arguments.

2.1

CVE-2007-6206

  • EPSS 0.08%
  • Published 04.12.2007 00:46:00
  • Last modified 09.04.2025 00:30:58

The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might ...