Vulnerabilities > Debian
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-03-15 | CVE-2006-1244 | Multiple Unspecified vulnerability in XPDF Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. | 7.6 |
2006-02-18 | CVE-2006-0042 | Denial of Service vulnerability in Apache Libapreq2 Quadratic Behavior Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers to cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity. | 5.0 |
2005-12-31 | CVE-2005-4728 | Local Code Execution vulnerability in Debian Amaya 9.2.1.6 Untrusted search path vulnerability (RPATH) in amaya 9.2.1 on Debian GNU/Linux allows local users to gain privileges via a malicious Mesa library in the /home/anand directory. | 4.6 |
2005-12-31 | CVE-2005-4536 | Unspecified vulnerability in Debian Libmail-Audit-Perl 2.15 Mail::Audit module in libmail-audit-perl 2.1-5, when logging is enabled without a default log file specified, uses predictable log filenames, which allows local users to overwrite arbitrary files via a symlink attack on the [PID]-audit.log temporary file. | 2.1 |
2005-12-31 | CVE-2005-4347 | Unspecified vulnerability in Debian Linux and Kernel-Patch-Vserver The Linux 2.4 kernel patch in kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux does not correctly set the "chroot barrier" with util-vserver, which allows attackers to access files on the host system that are outside of the vserver. | 5.0 |
2005-12-31 | CVE-2005-3626 | Resource Management Errors vulnerability in multiple products Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. network low complexity easy-software-products kde libextractor poppler sgi tetex xpdf conectiva debian gentoo mandrakesoft redhat sco slackware suse trustix turbolinux ubuntu CWE-399 | 5.0 |
2005-12-31 | CVE-2005-3625 | Resource Management Errors vulnerability in multiple products Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." network low complexity easy-software-products kde libextractor poppler sgi tetex xpdf conectiva debian gentoo mandrakesoft redhat sco slackware suse trustix turbolinux ubuntu CWE-399 critical | 10.0 |
2005-12-31 | CVE-2005-3624 | Numeric Errors vulnerability in multiple products The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. network low complexity easy-software-products kde libextractor poppler sgi tetex xpdf conectiva debian gentoo mandrakesoft redhat sco slackware suse trustix turbolinux ubuntu CWE-189 | 5.0 |
2005-12-12 | CVE-2005-4178 | Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations. | 6.5 |
2005-11-30 | CVE-2005-3912 | Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call. | 7.5 |