Next Page >>
Debian/specific
- ------------------------------------------------------------------------
Package : openssl
Vulnerability : predictable random number generator
Problem type : remote
Debian-specific: yes
CVE Id(s) : CVE-2008-0166
Luciano Bello discovered that the random number generator in Debian's
openssl package is predictable. This is caused by an incorrect
Debian-specific change to the openssl package (CVE-2008-0166). As a
- -------------------------------------------------------------------------
Package : acpid
Vulnerability : several
Problem type : remote
Debian-specific: partly
CVE ID : CVE-2011-1159 CVE-2011-2777 CVE-2011-4578
Multiple vulnerabilities were found in the acpid, the Advanced
Configuration and Power Interface event daemon:
- ------------------------------------------------------------------------
Package : network-manager/network-manager-applet
Vulnerability : information disclosure
Problem type : local
Debian-specific: no
CVE Id : CVE-2009-0365
Debian Bug : 519801
It was discovered that network-manager-applet, a network management
framework, lacks some dbus restriction rules, which allows local users
- ------------------------------------------------------------------------
Package : xulrunner
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-3986 CVE-2009-3985 CVE-2009-3984 CVE-2009-3983 CVE-2009-3981 CVE-2009-3979
Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications, such as the Iceweasel web
browser. The Common Vulnerabilities and Exposures project identifies
- ------------------------------------------------------------------------
Package : transmission
Vulnerability : directory traversal
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2010-0012
Dan Rosenberg discovered that Transmission, a lightwight client for
the Bittorrent filesharing protocol performs insufficient sanitising
of file names specified in .torrent files. This could lead to the
- ------------------------------------------------------------------------
Package : php5
Vulnerability : DoS (crash)
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2010-0397
Debian Bug : 573573
Auke van Slooten discovered that PHP 5, an hypertext preprocessor,
crashes (because of a NULL pointer dereference) when processing invalid
- ------------------------------------------------------------------------
Package : sendmail
Vulnerability : insufficient input validation
Problem type : remote
Debian-specific: no
CVE ID : CVE-2009-4565
Debian bug : 564581
It was discovered that sendmail, a Mail Transport Agent, does not properly handle
a '\0' character in a Common Name (CN) field of an X.509 certificate.
- ------------------------------------------------------------------------
Package : wireshark
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-4337 CVE-2010-0304
Several remote vulnerabilities have been discovered in the Wireshark
network traffic analyzer, which may lead to the execution of arbitrary
code or denial of service. The Common Vulnerabilities and Exposures
- ------------------------------------------------------------------------
Package : krb5
Vulnerability : use-after-free
Problem type : remote
Debian-specific: no
CVE ID : CVE-2010-0629
Debian Bug : 567052
Sol Jerome discovered that kadmind service in krb5, a system for authenticating
- ------------------------------------------------------------------------
Package : mysql-dfsg-5.0
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-4019 CVE-2009-4030 CVE-2009-4484
Several vulnerabilities have been discovered in the MySQL
database server.
The Common Vulnerabilities and Exposures project identifies the
- ------------------------------------------------------------------------
Package : kdm (kdebase)
Vulnerability : race condition
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2010-0436
Sebastian Krahmer discovered that a race condition in the KDE Desktop
Environment's KDM display manager, allow a local user to elevate privileges
to root.
- ------------------------------------------------------------------------
Package : phpmyadmin
Vulnerability : several
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2008-7251 CVE-2008-7252 CVE-2009-4605
Several vulnerabilities have been discovered in phpMyAdmin, a tool
to administer MySQL over the web. The Common Vulnerabilities and Exposures
project identifies the following problems:
- ------------------------------------------------------------------------
Package : pidgin
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2010-0420 CVE-2010-0423
Debian Bug : 566775
Several remote vulnerabilities have been discovered in Pidgin, a multi
protocol instant messaging client. The Common Vulnerabilities and
- ------------------------------------------------------------------------
Packages : qt4-x11
Vulnerability : several vulnerabilities
Problem type : local (remote)
Debian-specific: no
CVE Ids : CVE-2009-0945 CVE-2009-1687 CVE-2009-1690 CVE-2009-1698
CVE-2009-1699 CVE-2009-1711 CVE-2009-1712 CVE-2009-1713
CVE-2009-1725 CVE-2009-2700
Debian Bugs : 532718 534946 538347 545793
- ------------------------------------------------------------------------
Packages : fuse
Vulnerability : denial of service
Problem type : local
Debian-specific: no
CVE Id : CVE-2009-3297
Debian Bug : 567633
Dan Rosenberg discovered a race condition in FUSE, a Filesystem in USErspace.
A local attacker, with access to use FUSE, could unmount arbitrary
- ------------------------------------------------------------------------
Package : kvm
Vulnerability : privilege escalation/denial of service
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2010-0298 CVE-2010-0306 CVE-2010-0309 CVE-2010-0419
Several local vulnerabilities have been discovered in kvm, a full
virtualization system. The Common Vulnerabilities and Exposures project
identifies the following problems:
- ------------------------------------------------------------------------
Package : pango1.0
Vulnerability : missing input sanitization
Problem type : local
Debian-specific: no
CVE Id : CVE-2010-0421
Debian Bug : 574021
Marc Schoenefeld discovered an improper input sanitization in Pango, a library
- --------------------------------------------------------------------------
Package : ikiwiki
Vulnerability : insufficient input sanitization
Problem type : local/remote
Debian-specific: no
Debian bug : none
CVE ID : none assigned yet
Ivan Shmakov discovered that the htmlscrubber component of ikwiki, a wiki
compiler, performs insufficient input sanitization on data:image/svg+xml
- --------------------------------------------------------------------------
Package : ntp
Vulnerability : denial of service
Problem type : remote
Debian-specific: no
Debian bug : 560074
CVE ID : CVE-2009-3563
Robin Park and Dmitri Vinokurov discovered that the daemon component of
the ntp package, a reference implementation of the NTP protocol, is
- ------------------------------------------------------------------------
Package : ganeti
Vulnerability : missing input sanitation
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2009-4261
It was discovered that ganeti, a virtual server cluster manager, does
not validate the path of scripts passed as arguments to certain
commands, which allows local or remote users (via the web interface in
- ------------------------------------------------------------------------
Package : lintian
Vulnerability : multiple
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2009-4013 CVE-2009-4014 CVE-2009-4015
Multiple vulnerabilities have been discovered in lintian,
a Debian package checker. The following Common Vulnerabilities and
Exposures project ids have been assigned to identify them:
- ------------------------------------------------------------------------
Package : firefox-sage
Vulnerability : insufficient input sanitising
Problem type : remote
Debian-specific: no
CVE Id : CVE-2009-4102
Debian Bug : 559267
It was discovered that firefox-sage, a lightweight RSS and Atom feed
reader for Firefox, does not sanitise the RSS feed information
- ------------------------------------------------------------------------
Package : asterisk
Vulnerability : several vulnerabilities
Problem type : remote
Debian-specific: no
CVE ID : CVE-2009-0041 CVE-2008-3903 CVE-2009-3727 CVE-2008-7220 CVE-2009-4055 CVE-2007-2383
Debian Bug : 513413 522528 554487 554486 559103
Several vulnerabilities have been discovered in asterisk, an Open Source
- ----------------------------------------------------------------------
Package : linux-2.6
Vulnerability : privilege escalation/denial of service/sensitive memory leak
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2009-3939 CVE-2009-4027 CVE-2009-4536 CVE-2009-4538
CVE-2010-0003 CVE-2010-0007 CVE-2010-0291 CVE-2010-0298
CVE-2010-0306 CVE-2010-0307 CVE-2010-0309 CVE-2010-0410
CVE-2010-0415
- ------------------------------------------------------------------------
Package : kvm
Vulnerability : several vulnerabilities
Problem type : local
Debian-specific: no
Debian bugs : 557739 562075 562076
CVE Ids : CVE-2009-3638 CVE-2009-3722 CVE-2009-4031
Several vulnerabilities have been discovered in kvm, a full virtualization system.
- ------------------------------------------------------------------------
Package : unbound
Vulnerability : cryptographic implementation error
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-3602
It was discovered that Unbound, a DNS resolver, does not properly
check cryptographic signatures on NSEC3 records. As a result, zones
signed with the NSEC3 variant of DNSSEC lose their cryptographic
- ------------------------------------------------------------------------
Package : aria2
Vulnerability : buffer overflow
Problem type : local (remote)
Debian-specific: no
CVE Id : CVE-2009-3575
Debian Bug : 551070
It was discovered that aria2, a high speed download utility, is prone
to a buffer overflow in the DHT routing code, which might lead to the
- ------------------------------------------------------------------------
Package : gzip
Vulnerability : several
Problem type : local (remote)
Debian-specific: no
CVE Ids : CVE-2009-2624 CVE-2010-0001
Debian Bug : 507263
Several vulnerabilities have been found in gzip, the GNU compression
utilities. The Common Vulnerabilities and Exposures project identifies
- ------------------------------------------------------------------------
Package : samba
Vulnerability : several
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2009-3297 CVE-2010-0547
Two local vulnerabilities have been discovered in samba, a SMB/CIFS file,
print, and login server for Unix. The Common Vulnerabilities and
Exposures project identifies the following problems:
- ------------------------------------------------------------------------
Package : phpgroupware
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2010-0403 CVE-2010-0404
Several remote vulnerabilities have been discovered in phpgroupware, a
Web based groupware system written in PHP. The Common Vulnerabilities
and Exposures project identifies the following problems:
Next Page>>
|
