Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-11-02 | CVE-2007-5795 | Local Variable Handling Code Execution vulnerability in GNU Emacs The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration. | 6.3 |
| 2007-10-30 | CVE-2007-5718 | Link Following vulnerability in Vobcopy 0.5.14 vobcopy 0.5.14 allows local users to append data to an arbitrary file, or create an arbitrary new file, via a symlink attack on the (1) /tmp/vobcopy.bla or (2) /tmp/vobcopy_0.5.14.log temporary file. | 4.9 |
| 2007-10-28 | CVE-2007-3919 | Link Following vulnerability in Xensource INC XEN 3.0.301/3.0.303 (1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm. | 6.0 |
| 2007-10-04 | CVE-2007-5193 | Information Disclosure vulnerability in Twiki 4.1.2 The default configuration for twiki 4.1.2 on Debian GNU/Linux, and possibly other operating systems, specifies the work area directory (cfg{RCS}{WorkAreaDir}) under the web document root, which might allow remote attackers to obtain sensitive information when .htaccess restrictions are not applied. | 5.0 |
| 2007-09-04 | CVE-2007-3998 | Improper Input Validation vulnerability in multiple products The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' argument set. | 5.0 |
| 2007-07-03 | CVE-2007-2835 | Buffer Overflow vulnerability in Unicon-Imc2 3.0.4 Multiple stack-based buffer overflows in (1) CCE_pinyin.c and (2) xl_pinyin.c in ImmModules/cce/ in unicon-imc2 3.0.4, as used by zhcon and other applications, allow local users to gain privileges via a long HOME environment variable. | 6.8 |
| 2007-06-27 | CVE-2007-1665 | Remote Denial of Service vulnerability in EKG 20050411 Memory leak in the token OCR functionality in ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service. | 5.0 |
| 2007-06-27 | CVE-2007-1664 | Remote Denial of Service vulnerability in EKG 20050411 ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service (NULL pointer dereference) via a vector related to the token OCR functionality. | 5.0 |
| 2007-06-27 | CVE-2007-1663 | Remote Denial of Service vulnerability in EKG 20050411 Memory leak in the image message functionality in ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service. | 5.0 |
| 2007-05-16 | CVE-2007-2691 | MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables. | 4.9 |