Debian

Debian Linux

9997 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 6.29%
  • Veröffentlicht 18.04.2008 17:05:00
  • Zuletzt bearbeitet 16.06.2026 22:52:41

Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when asse...

Exploit
  • EPSS 22.62%
  • Veröffentlicht 10.04.2008 19:05:00
  • Zuletzt bearbeitet 16.06.2026 22:52:21

Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow.

  • EPSS 0.3%
  • Veröffentlicht 31.03.2008 22:44:00
  • Zuletzt bearbeitet 16.06.2026 22:51:59

phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information.

  • EPSS 3.37%
  • Veröffentlicht 27.03.2008 23:44:00
  • Zuletzt bearbeitet 16.06.2026 22:51:55

The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a...

  • EPSS 10.14%
  • Veröffentlicht 19.03.2008 10:44:00
  • Zuletzt bearbeitet 16.06.2026 22:48:51

KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer derefe...

  • EPSS 3.48%
  • Veröffentlicht 19.03.2008 10:44:00
  • Zuletzt bearbeitet 16.06.2026 22:48:51

The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."

  • EPSS 6.29%
  • Veröffentlicht 17.03.2008 21:44:00
  • Zuletzt bearbeitet 16.06.2026 22:50:32

The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a ...

Exploit
  • EPSS 3.67%
  • Veröffentlicht 25.01.2008 00:00:00
  • Zuletzt bearbeitet 16.06.2026 22:48:01

scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute arbitrary code by invoking scp, as implemented by OpenSSH, with the -F and -o options.

  • EPSS 4.28%
  • Veröffentlicht 18.01.2008 23:00:00
  • Zuletzt bearbeitet 16.06.2026 22:48:03

The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990.

  • EPSS 2.57%
  • Veröffentlicht 12.01.2008 02:46:00
  • Zuletzt bearbeitet 16.06.2026 22:47:44

The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.