Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2005-08-23 CVE-2005-2459 Null Pointer Dereference vulnerability in multiple products
The huft_build function in inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 returns the wrong value, which allows remote attackers to cause a denial of service (kernel crash) via a certain compressed file that leads to a null pointer dereference, a different vulnerability than CVE-2005-2458.
network
low complexity
linux debian CWE-476
5.0
2005-08-05 CVE-2005-1854 Remote Command Execution vulnerability in Debian Apt-Cacher 0.9.4/0.9.9
Unknown vulnerability in apt-cacher in Debian 3.1, related to "missing input sanitising," allows remote attackers to execute arbitrary commands on the caching server.
network
low complexity
debian
7.5
2005-08-04 CVE-2005-2456 Improper Locking vulnerability in multiple products
Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c in Linux kernel 2.6 allows local users to cause a denial of service (oops or deadlock) and possibly execute arbitrary code via a p->dir value that is larger than XFRM_POLICY_OUT, which is used as an index in the sock->sk_policy array.
local
low complexity
linux debian CWE-667
5.5
2005-07-26 CVE-2005-1920 Improper Preservation of Permissions vulnerability in multiple products
The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could allow local users and possibly remote attackers to obtain sensitive information.
network
low complexity
kde debian CWE-281
7.5
2005-07-18 CVE-2005-1689 Double Free vulnerability in multiple products
Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions.
network
low complexity
mit apple debian CWE-415
critical
9.8
2005-07-11 CVE-2005-2214 Unspecified vulnerability in Debian Apt-Setup
apt-setup in Debian GNU/Linux installs the apt.conf file with insecure permissions, which allows local users to obtain sensitive information such as passwords.
local
low complexity
debian
4.6
2005-07-06 CVE-2005-1916 Link Following vulnerability in multiple products
linki.py in ekg 2005-06-05 and earlier allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
local
low complexity
ekg-project debian CWE-59
5.5
2005-05-25 CVE-2005-1152 Unspecified vulnerability in Debian Qpopper 4.0.4/4.0.5
popauth.c in qpopper 4.0.5 and earlier does not properly set the umask, which may cause qpopper to create files with group or world-writable permissions.
local
low complexity
debian
2.1
2005-05-25 CVE-2005-1151 Unspecified vulnerability in Debian Qpopper 4.0.4/4.0.5
qpopper 4.0.5 and earlier does not properly drop privileges before processing certain user-supplied files, which allows local users to overwrite or create arbitrary files as root.
local
low complexity
debian
7.2
2005-05-19 CVE-2005-1260 Resource Exhaustion vulnerability in multiple products
bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").
network
low complexity
bzip canonical debian apple CWE-400
5.0