Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-10-04 | CVE-2007-5193 | Information Disclosure vulnerability in Twiki 4.1.2 The default configuration for twiki 4.1.2 on Debian GNU/Linux, and possibly other operating systems, specifies the work area directory (cfg{RCS}{WorkAreaDir}) under the web document root, which might allow remote attackers to obtain sensitive information when .htaccess restrictions are not applied. | 5.0 |
| 2007-09-04 | CVE-2007-3998 | Improper Input Validation vulnerability in multiple products The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' argument set. | 5.0 |
| 2007-07-03 | CVE-2007-2835 | Buffer Overflow vulnerability in Unicon-Imc2 3.0.4 Multiple stack-based buffer overflows in (1) CCE_pinyin.c and (2) xl_pinyin.c in ImmModules/cce/ in unicon-imc2 3.0.4, as used by zhcon and other applications, allow local users to gain privileges via a long HOME environment variable. | 6.8 |
| 2007-06-27 | CVE-2007-1665 | Remote Denial of Service vulnerability in EKG 20050411 Memory leak in the token OCR functionality in ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service. | 5.0 |
| 2007-06-27 | CVE-2007-1664 | Remote Denial of Service vulnerability in EKG 20050411 ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service (NULL pointer dereference) via a vector related to the token OCR functionality. | 5.0 |
| 2007-06-27 | CVE-2007-1663 | Remote Denial of Service vulnerability in EKG 20050411 Memory leak in the image message functionality in ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service. | 5.0 |
| 2007-05-16 | CVE-2007-2691 | MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables. | 4.9 |
| 2007-05-14 | CVE-2007-2650 | Resource Exhaustion vulnerability in multiple products The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file. | 4.3 |
| 2007-05-11 | CVE-2007-0244 | Denial Of Service vulnerability in PopTop PPTP Server GRE Packet pptpgre.c in PoPToP Point to Point Tunneling Server (pptpd) before 1.3.4 allows remote attackers to cause a denial of service (PPTP connection tear-down) via (1) GRE packets with out-of-order sequence numbers or (2) certain GRE packets that are processed using a wrong pointer and improperly dequeued. | 5.0 |
| 2007-05-10 | CVE-2007-2583 | The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference. | 4.0 |