Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-03-27 | CVE-2008-1531 | Denial of Service vulnerability in Lighttpd SSL Error The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost. | 4.3 |
| 2008-03-04 | CVE-2008-0931 | Permissions, Privileges, and Access Controls vulnerability in Xwine 1.0.1 w_export.c in XWine 1.0.1 on Debian GNU/Linux sets insecure permissions (0666) for /etc/wine/config, which might allow local users to execute arbitrary commands or cause a denial of service by modifying the file. | 6.3 |
| 2008-02-19 | CVE-2008-0807 | Permissions, Privileges, and Access Controls vulnerability in Horde products lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify address data via a modified object_id parameter to edit.php, as demonstrated by modifying a personal address book entry when there is write access to a shared address book. | 4.9 |
| 2008-01-09 | CVE-2007-4772 | Resource Management Errors vulnerability in multiple products The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression. | 4.0 |
| 2008-01-04 | CVE-2007-6599 | Race Condition vulnerability in multiple products Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list operations without the host_glock lock. | 4.3 |
| 2007-12-04 | CVE-2007-6220 | Numeric Errors vulnerability in Typespeed typespeed before 0.6.4 allows remote attackers to cause a denial of service (application crash) via unspecified network behavior that triggers a divide-by-zero error. | 5.0 |
| 2007-11-30 | CVE-2007-6170 | SQL Injection vulnerability in multiple products SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments. | 6.5 |
| 2007-11-02 | CVE-2007-5795 | Local Variable Handling Code Execution vulnerability in GNU Emacs The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration. | 6.3 |
| 2007-10-30 | CVE-2007-5718 | Link Following vulnerability in Vobcopy 0.5.14 vobcopy 0.5.14 allows local users to append data to an arbitrary file, or create an arbitrary new file, via a symlink attack on the (1) /tmp/vobcopy.bla or (2) /tmp/vobcopy_0.5.14.log temporary file. | 4.9 |
| 2007-10-28 | CVE-2007-3919 | Link Following vulnerability in Xensource INC XEN 3.0.301/3.0.303 (1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm. | 6.0 |