Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2006-04-14 CVE-2006-1530 Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML.
network
low complexity
mozilla debian
7.5
2006-04-13 CVE-2006-1772 Local Database Administrator Password Disclosure vulnerability in Debian Linux 3.1
debconf in Debian GNU/Linux, when configuring mnogosearch in the mnogosearch-common 3.2.31-1 package, uses the world-readable config.dat file instead of the restricted passwords.dat for storing the cleartext database administrator password in the mnogosearch-common/database_admin_pass record, which allows local users to view the password.
local
low complexity
debian
7.2
2006-03-15 CVE-2006-1244 Multiple Unspecified vulnerability in XPDF
Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc.
network
high complexity
gnome libextractor xpdf debian
7.6
2005-11-30 CVE-2005-3912 Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call.
network
low complexity
webmin debian
7.5
2005-10-27 CVE-2005-3323 docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows remote attackers to include arbitrary files via include directives in RestructuredText functionality.
network
low complexity
zope debian
7.5
2005-08-05 CVE-2005-1854 Remote Command Execution vulnerability in Debian Apt-Cacher 0.9.4/0.9.9
Unknown vulnerability in apt-cacher in Debian 3.1, related to "missing input sanitising," allows remote attackers to execute arbitrary commands on the caching server.
network
low complexity
debian
7.5
2005-07-26 CVE-2005-1920 Improper Preservation of Permissions vulnerability in multiple products
The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could allow local users and possibly remote attackers to obtain sensitive information.
network
low complexity
kde debian CWE-281
7.5
2005-05-25 CVE-2005-1151 Unspecified vulnerability in Debian Qpopper 4.0.4/4.0.5
qpopper 4.0.5 and earlier does not properly drop privileges before processing certain user-supplied files, which allows local users to overwrite or create arbitrary files as root.
local
low complexity
debian
7.2
2005-05-19 CVE-2005-0392 Local Privilege Escalation vulnerability in PPXP
ppxp does not drop root privileges before opening log files, which allows local users to execute arbitrary commands.
local
low complexity
debian
7.2
2005-05-02 CVE-2005-0211 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter.
network
low complexity
squid-cache debian CWE-119
7.5