National Vulnerability Database

National Vulnerability Database

National Vulnerability

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:debian:debian_linux:7.1
There are 49 matching records.
Displaying matches 41 through 49.
Vuln ID Summary CVSS Severity

sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.

Published: July 18, 2008; 12:41:00 PM -04:00
    V2: 6.5 MEDIUM

w_editeur.c in XWine 1.0.1 for Debian GNU/Linux allows local users to overwrite or print arbitrary files via a symlink attack on the temporaire temporary file. NOTE: some of these details are obtained from third party information.

Published: March 03, 2008; 07:44:00 PM -05:00
    V2: 7.2 HIGH

w_export.c in XWine 1.0.1 on Debian GNU/Linux sets insecure permissions (0666) for /etc/wine/config, which might allow local users to execute arbitrary commands or cause a denial of service by modifying the file.

Published: March 03, 2008; 07:44:00 PM -05:00
    V2: 6.3 MEDIUM

The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the MySQL dspam database password in a command line argument, which might allow local users to read the password by listing the process and its arguments.

Published: December 17, 2007; 07:46:00 PM -05:00
    V2: 2.1 LOW

Send ICMP Nasty Garbage (sing) on Debian GNU/Linux allows local users to append to arbitrary files and gain privileges via the -L (output log file) option. NOTE: this issue is only a vulnerability in limited environments, since sing is not installed setuid, and the administrator would need to override a non-setuid default during installation.

Published: December 03, 2007; 08:46:00 PM -05:00
    V2: 7.2 HIGH

The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration.

Published: November 02, 2007; 06:46:00 PM -04:00
    V2: 6.3 MEDIUM

The default configuration for twiki 4.1.2 on Debian GNU/Linux, and possibly other operating systems, specifies the work area directory (cfg{RCS}{WorkAreaDir}) under the web document root, which might allow remote attackers to obtain sensitive information when .htaccess restrictions are not applied.

Published: October 04, 2007; 12:17:00 PM -04:00
    V2: 5.0 MEDIUM

xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in Debian GNU/Linux, sets the wrong group ownership of tty devices, which allows local users to write data to other users' terminals.

Published: August 27, 2007; 01:17:00 PM -04:00
    V2: 2.1 LOW

Multiple stack-based buffer overflows in (1) CCE_pinyin.c and (2) xl_pinyin.c in ImmModules/cce/ in unicon-imc2 3.0.4, as used by zhcon and other applications, allow local users to gain privileges via a long HOME environment variable.

Published: July 02, 2007; 09:30:00 PM -04:00
    V2: 6.8 MEDIUM