Debian: >> Debian Linux >> 4.0 Security Vulnerabilities
The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278.
CVSS Score
7.2
EPSS Score
0.003
Published
2008-01-09
Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list operations without the host_glock lock.
CVSS Score
4.3
EPSS Score
0.013
Published
2008-01-04
Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.
CVSS Score
7.5
EPSS Score
0.023
Published
2007-12-20
The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the MySQL dspam database password in a command line argument, which might allow local users to read the password by listing the process and its arguments.
CVSS Score
2.1
EPSS Score
0.001
Published
2007-12-18
Send ICMP Nasty Garbage (sing) on Debian GNU/Linux allows local users to append to arbitrary files and gain privileges via the -L (output log file) option. NOTE: this issue is only a vulnerability in limited environments, since sing is not installed setuid, and the administrator would need to override a non-setuid default during installation.
CVSS Score
7.2
EPSS Score
0.001
Published
2007-12-04
The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information.
CVSS Score
2.1
EPSS Score
0.001
Published
2007-12-04
SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments.
CVSS Score
6.5
EPSS Score
0.004
Published
2007-11-30
Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.
CVSS Score
7.5
EPSS Score
0.114
Published
2007-11-07
iSCSI Enterprise Target (iscsitarget) 0.4.15 uses weak permissions for /etc/ietd.conf, which allows local users to obtain passwords.
CVSS Score
2.1
EPSS Score
0.001
Published
2007-11-05
The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration.
CVSS Score
6.3
EPSS Score
0.014
Published
2007-11-02