Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2008-03-31 CVE-2008-1567 Cleartext Storage of Sensitive Information vulnerability in multiple products
phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information.
5.5
2008-03-27 CVE-2008-1531 Denial of Service vulnerability in Lighttpd SSL Error
The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.
network
lighttpd debian
4.3
2008-03-19 CVE-2008-0063 Use of Uninitialized Resource vulnerability in multiple products
The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."
7.5
2008-03-19 CVE-2008-0062 Improper Initialization vulnerability in multiple products
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.
network
low complexity
mit debian canonical fedoraproject CWE-665
critical
9.8
2008-03-04 CVE-2008-0931 Permissions, Privileges, and Access Controls vulnerability in Xwine 1.0.1
w_export.c in XWine 1.0.1 on Debian GNU/Linux sets insecure permissions (0666) for /etc/wine/config, which might allow local users to execute arbitrary commands or cause a denial of service by modifying the file.
6.3
2008-03-04 CVE-2008-0930 Link Following vulnerability in Freshmeat Xwine 1.0.1
w_editeur.c in XWine 1.0.1 for Debian GNU/Linux allows local users to overwrite or print arbitrary files via a symlink attack on the temporaire temporary file.
local
low complexity
debian freshmeat CWE-59
7.2
2008-02-25 CVE-2008-0932 Improper Input Validation vulnerability in the Sword Project Diatheke Front END and Sword
diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the range parameter.
network
low complexity
debian redhat the-sword-project CWE-20
7.5
2008-02-22 CVE-2008-0162 Permissions, Privileges, and Access Controls vulnerability in SAM Lantinga Splitvt
misc.c in splitvt 1.6.6 and earlier does not drop group privileges before executing xprop, which allows local users to gain privileges.
local
low complexity
debian sam-lantinga CWE-264
7.2
2008-02-19 CVE-2008-0807 Permissions, Privileges, and Access Controls vulnerability in Horde products
lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify address data via a modified object_id parameter to edit.php, as demonstrated by modifying a personal address book entry when there is write access to a shared address book.
network
debian horde CWE-264
4.9
2008-01-25 CVE-2007-6415 Code Injection vulnerability in Debian Linux 3.1/4.0
scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute arbitrary code by invoking scp, as implemented by OpenSSH, with the -F and -o options.
network
low complexity
debian CWE-94
8.5