Vulnerabilities > Debian
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-03-31 | CVE-2008-1567 | Cleartext Storage of Sensitive Information vulnerability in multiple products phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information. | 5.5 |
2008-03-27 | CVE-2008-1531 | Denial of Service vulnerability in Lighttpd SSL Error The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost. | 4.3 |
2008-03-19 | CVE-2008-0063 | Use of Uninitialized Resource vulnerability in multiple products The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values." | 7.5 |
2008-03-19 | CVE-2008-0062 | Improper Initialization vulnerability in multiple products KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free. | 9.8 |
2008-03-04 | CVE-2008-0931 | Permissions, Privileges, and Access Controls vulnerability in Xwine 1.0.1 w_export.c in XWine 1.0.1 on Debian GNU/Linux sets insecure permissions (0666) for /etc/wine/config, which might allow local users to execute arbitrary commands or cause a denial of service by modifying the file. | 6.3 |
2008-03-04 | CVE-2008-0930 | Link Following vulnerability in Freshmeat Xwine 1.0.1 w_editeur.c in XWine 1.0.1 for Debian GNU/Linux allows local users to overwrite or print arbitrary files via a symlink attack on the temporaire temporary file. | 7.2 |
2008-02-25 | CVE-2008-0932 | Improper Input Validation vulnerability in the Sword Project Diatheke Front END and Sword diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the range parameter. | 7.5 |
2008-02-22 | CVE-2008-0162 | Permissions, Privileges, and Access Controls vulnerability in SAM Lantinga Splitvt misc.c in splitvt 1.6.6 and earlier does not drop group privileges before executing xprop, which allows local users to gain privileges. | 7.2 |
2008-02-19 | CVE-2008-0807 | Permissions, Privileges, and Access Controls vulnerability in Horde products lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify address data via a modified object_id parameter to edit.php, as demonstrated by modifying a personal address book entry when there is write access to a shared address book. | 4.9 |
2008-01-25 | CVE-2007-6415 | Code Injection vulnerability in Debian Linux 3.1/4.0 scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute arbitrary code by invoking scp, as implemented by OpenSSH, with the -F and -o options. | 8.5 |