Packages that have open unimportant issues

This page lists packages that are affected by issues that are considered unimportant from a security perspective. These issues are thought to be unexploitable or uneffective in most situations (for example, browser denial-of-services).

PackageBugDescriptionReleases
aolserver4CVE-2009-4494AOLserver 4.5.1 writes data to a log file without sanitizing ...sid, squeeze, wheezy
apache2CVE-2001-1534mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's ...sid, squeeze, wheezy
CVE-2003-1307** DISPUTED ** ...sid, squeeze, wheezy
CVE-2003-1580The Apache HTTP Server 2.0.44, when DNS resolution is enabled for ...sid, squeeze, wheezy
CVE-2003-1581The Apache HTTP Server 2.0.44, when DNS resolution is enabled for ...sid, squeeze, wheezy
CVE-2007-0086** DISPUTED ** ...sid, squeeze, wheezy
CVE-2007-1743suexec in Apache HTTP Server (httpd) 2.2.3 does not verify ...sid, squeeze, wheezy
CVE-2007-3303Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows ...sid, squeeze, wheezy
CVE-2008-0455Cross-site scripting (XSS) vulnerability in the mod_negotiation module ...sid, squeeze, wheezy
CVE-2008-0456CRLF injection vulnerability in the mod_negotiation module in the ...sid, squeeze, wheezy
CVE-2011-4415The ap_pregsub function in server/util.c in the Apache HTTP Server ...sid, squeeze, wheezy
aptCVE-2011-3374apt-key insecure validationsid, squeeze, wheezy
apt-setupCVE-2005-2214apt-setup in Debian GNU/Linux installs the apt.conf file with insecure ...sid, squeeze, wheezy
aroraCVE-2011-3367Arora, possibly 0.11 and other versions, does not use a certain font ...sid, squeeze, wheezy
awffullCVE-2007-0510Multiple buffer overflows in (1) graphs.c, (2) output.c, and (3) ...sid, squeeze, wheezy
axisCVE-2007-2353Apache Axis 1.0 allows remote attackers to obtain sensitive ...sid, squeeze, wheezy
baculaCVE-2007-5626make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a ...sid, squeeze, wheezy
bansheeCVE-2009-1175Cross-site scripting (XSS) vulnerability in apps/web/vs_diag.cgi in ...sid, squeeze, wheezy
blenderCVE-2005-3151Buffer overflow in blenderplay in Blender Player 2.37a allows ...sid, squeeze, wheezy
CVE-2009-3850Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to ...sid, squeeze, wheezy
boaCVE-2009-4496Boa 0.94.14rc21 writes data to a log file without sanitizing ...sid, squeeze, wheezy
bochsCVE-2007-2894The emulated floppy disk controller in Bochs 2.3 allows local users of ...sid, squeeze, wheezy
bugzillaCVE-2006-2420Bugzilla 2.20rc1 through 2.20 and 2.21.1, when using RSS 1.0, allows ...squeeze
CVE-2008-6098Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, ...squeeze
busyboxCVE-2011-2716sid, squeeze, wheezy
cableswigCVE-2009-3560The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, ...sid, squeeze, wheezy
CVE-2009-3720The updatePosition function in lib/xmltok_impl.c in libexpat in Expat ...sid, squeeze, wheezy
cactiCVE-2009-4112Cacti 0.8.7e and earlier allows remote authenticated administrators to ...sid, squeeze, wheezy
cadaverCVE-2009-3560The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, ...sid, squeeze, wheezy
CVE-2009-3720The updatePosition function in lib/xmltok_impl.c in libexpat in Expat ...sid, squeeze, wheezy
chromium-browserCVE-2008-5749** DISPUTED ** ...sid, squeeze, wheezy
CVE-2008-7246Google Chrome 0.2.149.29 and earlier allows remote attackers to cause ...sid, squeeze, wheezy
CVE-2009-0374** DISPUTED ** ...sid, squeeze, wheezy
CVE-2009-1598Google Chrome executes DOM calls in response to a javascript: URI in ...sid, squeeze, wheezy
CVE-2009-3011Google Chrome 1.0.154.48 and earlier, 2.0.172.28, 2.0.172.37, and ...sid, squeeze, wheezy
CVE-2010-1384Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and ...sid, squeeze, wheezy
CVE-2010-1992Google Chrome 1.0.154.48 executes a mail application in situations ...sid, squeeze, wheezy
CVE-2010-2120Google Chrome 1.0.154.48 allows remote attackers to cause a denial of ...sid, squeeze, wheezy
CVE-2010-4037Unspecified vulnerability in Google Chrome before 7.0.517.41 allows ...sid, squeeze, wheezy
CVE-2010-4482Unspecified vulnerability in Google Chrome before 8.0.552.215 allows ...sid, squeeze, wheezy
CVE-2010-4484Google Chrome before 8.0.552.215 does not properly handle HTML5 ...sid, wheezy
CVE-2010-4485Google Chrome before 8.0.552.215 does not properly restrict the ...sid, squeeze, wheezy
CVE-2010-4488Google Chrome before 8.0.552.215 does not properly handle HTTP proxy ...sid, wheezy
CVE-2011-0781Google Chrome before 9.0.597.84 does not properly handle autofill ...squeeze
CVE-2011-1194Multiple unspecified vulnerabilities in Google Chrome before ...sid, squeeze, wheezy
CVE-2011-1304Unspecified vulnerability in Google Chrome before 11.0.696.57 allows ...squeeze
CVE-2011-1450Google Chrome before 11.0.696.57 does not properly present file ...squeeze
CVE-2011-1801Unspecified vulnerability in Google Chrome before 11.0.696.71 allows ...squeeze
CVE-2011-1812Google Chrome before 12.0.742.91 allows remote attackers to bypass ...squeeze
CVE-2011-1815Google Chrome before 12.0.742.91 allows remote attackers to inject ...squeeze
CVE-2011-1819Google Chrome before 12.0.742.91 allows remote attackers to perform ...squeeze
CVE-2011-2358Google Chrome before 13.0.782.107 does not ensure that extension ...squeeze
CVE-2011-2360Google Chrome before 13.0.782.107 does not ensure that the user is ...squeeze
CVE-2011-2361The Basic Authentication dialog implementation in Google Chrome before ...squeeze
CVE-2011-2791The International Components for Unicode (ICU) functionality in Google ...squeeze
CVE-2011-2836Google Chrome before 14.0.835.163 does not require Infobar interaction ...squeeze
CVE-2011-3420Multiple unspecified vulnerabilities in Google Chrome before ...squeeze
CVE-2011-3421Multiple unspecified vulnerabilities in Google Chrome before ...squeeze
CVE-2011-3875Google Chrome before 15.0.874.102 does not properly handle drag and ...squeeze
CVE-2011-3879Google Chrome before 15.0.874.102 does not prevent redirects to ...squeeze
CVE-2011-3880Google Chrome before 15.0.874.102 does not prevent use of an ...squeeze
CVE-2011-3898Google Chrome before 15.0.874.120, when Java Runtime Environment (JRE) ...squeeze
CVE-2011-4691Google Chrome 15.0.874.121 and earlier does not prevent capture of ...sid, squeeze, wheezy
CVE-2011-4692WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 ...sid, squeeze, wheezy
clamavCVE-2005-3229Multiple interpretation error in unspecified versions of ClamAV ...sid, squeeze, wheezy
CVE-2007-6596ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows ...sid, squeeze, wheezy
coin3CVE-2009-3560The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, ...sid, squeeze, wheezy
CVE-2009-3720The updatePosition function in lib/xmltok_impl.c in libexpat in Expat ...sid, squeeze, wheezy
courierCVE-2004-2313Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error ...sid, squeeze, wheezy
CVE-2005-1308SqWebMail allows remote attackers to inject arbitrary web script or ...sid, squeeze, wheezy
ctnCVE-2008-5146add-accession-numbers in ctn 3.0.6 allows local users to overwrite ...sid, squeeze, wheezy
dbusCVE-2011-2533The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows ...squeeze
dietlibcCVE-2012-1577squeeze
dilloTEMP-0560108-565B70browser-based css info disclosuresid, wheezy
dirmngrCVE-2011-2207sid, squeeze, wheezy
dnspythonCVE-2008-1447The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, ...sid, squeeze, wheezy
dovecotCVE-2008-4870dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly ...sid, squeeze, wheezy
CVE-2011-4318sid, squeeze, wheezy
dpkg-crossCVE-2008-4950** DISPUTED ** gccross in dpkg-cross 2.3.0 allows local users to ...sid, squeeze, wheezy
dropbearCVE-2006-1206Matt Johnston Dropbear SSH server 0.47 and earlier, as used in ...sid, squeeze, wheezy
drupal6TEMP-0000000-57BF72XSS in drupal printing modulesid, squeeze, wheezy
TEMP-0000000-8FB0B7XSS in drupal 6 calendar fieldsid, squeeze, wheezy
drupal7CVE-2007-6752** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in ...sid, wheezy
eglibcCVE-2010-3192Certain run-time memory protection mechanisms in the GNU C Library ...sid, squeeze, wheezy
CVE-2010-4051The regcomp implementation in the GNU C Library (aka glibc or libc6) ...sid, squeeze, wheezy
CVE-2010-4052Stack consumption vulnerability in the regcomp implementation in the ...sid, squeeze, wheezy
CVE-2010-4756The glob implementation in the GNU C Library (aka glibc or libc6) ...sid, squeeze, wheezy
enigmailCVE-2007-1264Enigmail 0.94.2 and earlier does not properly use the --status-fd ...sid, squeeze, wheezy
epiphany-browserCVE-2007-1084Mozilla Firefox 2.0.0.1 and earlier does not prompt users before ...sid, squeeze, wheezy
TEMP-0560108-565B70browser-based css info disclosuresid, squeeze, wheezy
erlangCVE-2009-0130** DISPUTED ** lib/crypto/c_src/crypto_drv.c in erlang does not ...sid, squeeze, wheezy
ettercapCVE-2010-3843sid, squeeze, wheezy
CVE-2010-3844sid, squeeze, wheezy
evolutionCVE-2007-1266Evolution 2.8.1 and earlier does not properly use the --status-fd ...sid, squeeze, wheezy
CVE-2011-3201sid, squeeze, wheezy
fcronCVE-2010-0792fcrontab in fcron before 3.0.5 allows local users to read arbitrary ...squeeze
fetchmailCVE-2011-1947fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time ...sid, squeeze, wheezy
ffmpegCVE-2008-4610MPlayer allows remote attackers to cause a denial of service ...squeeze
CVE-2009-4639The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows ...squeeze
fireholCVE-2008-4953** DISPUTED ** ...sid, squeeze, wheezy
foomatic-filtersCVE-2011-2923sid, squeeze, wheezy
freebsd-sendprCVE-2008-5142sendbug in freebsd-sendpr 3.113+5.3 on Debian GNU/Linux allows local ...sid, squeeze, wheezy
freeradiusCVE-2007-0080** DISPUTED ** ...sid, squeeze, wheezy
freetypeCVE-2012-1126FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...squeeze
CVE-2012-1127FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...squeeze
CVE-2012-1128FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...squeeze
CVE-2012-1129FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...squeeze
CVE-2012-1130FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...squeeze
CVE-2012-1131FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...squeeze
CVE-2012-1132FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...squeeze
CVE-2012-1135FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...squeeze
CVE-2012-1137FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...squeeze
CVE-2012-1138FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...squeeze
CVE-2012-1139Array index error in FreeType before 2.4.9, as used in Mozilla Firefox ...squeeze
CVE-2012-1140FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...squeeze
CVE-2012-1141FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...squeeze
CVE-2012-1143FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...squeeze
freevoCVE-2008-4955freevo.real in freevo 1.8.1 allows local users to overwrite arbitrary ...sid, squeeze, wheezy
galeonCVE-2007-3145Visual truncation vulnerability in Galeon 2.0.1 allows remote ...squeeze
TEMP-0560108-565B70browser-based css info disclosuresqueeze
galleryCVE-2008-3600Directory traversal vulnerability in contrib/phpBB2/modules.php in ...sid, squeeze, wheezy
gallery2CVE-2006-4976The Date Library in John Lim ADOdb Library for PHP allows remote ...sid
gdbCVE-2006-4146Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 ...sid, squeeze, wheezy
CVE-2011-4355gdb: arbitrary code execution via .debug_gdb_scriptssid, squeeze, wheezy
ghostscriptTEMP-0000000-2EA6C5NULL dereferences, similar to Adobe's CVE-2009-0658sid, squeeze, wheezy
gimpCVE-2007-3126Gimp 2.3.14 allows context-dependent attackers to cause a denial of ...sid, squeeze, wheezy
glib2.0CVE-2012-0039** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function ...sid, squeeze, wheezy
glpiCVE-2010-1618Cross-site scripting (XSS) vulnerability in the phpCAS client library ...sid, squeeze, wheezy
CVE-2010-2795phpCAS before 1.1.2 allows remote authenticated users to hijack ...sid, squeeze, wheezy
CVE-2010-2796Cross-site scripting (XSS) vulnerability in phpCAS before 1.1.2, when ...sid, squeeze, wheezy
CVE-2010-3690Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before ...sid, squeeze, wheezy
CVE-2010-3691PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is ...sid, squeeze, wheezy
CVE-2010-3692Directory traversal vulnerability in the callback function in ...sid, squeeze, wheezy
CVE-2011-2720The autocompletion functionality in GLPI before 0.80.2 does not ...squeeze
CVE-2012-1104squeeze
CVE-2012-1105squeeze
gnumailCVE-2007-1269GNUMail 1.1.2 and earlier does not properly use the --status-fd ...sid, squeeze, wheezy
gpwCVE-2011-4931sid, squeeze, wheezy
grubCVE-2008-3896Grub Legacy 0.97 and earlier stores pre-boot authentication passwords ...sid, squeeze, wheezy
gwtCVE-2007-2378The Google Web Toolkit (GWT) framework exchanges data using JavaScript ...sid, squeeze
hex-a-hopTEMP-0528250-2E3658hex-a-hop: buffer overflow in loading save gamessid, squeeze, wheezy
horde3CVE-2010-1638The IMP plugin in Horde allows remote attackers to bypass firewall ...sid, squeeze, wheezy
iceapeCVE-2006-0496Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and ...sid, squeeze, wheezy
CVE-2007-1084Mozilla Firefox 2.0.0.1 and earlier does not prompt users before ...sid, squeeze, wheezy
CVE-2007-4357Mozilla Firefox 2.0.0.6 and earlier allows remote attackers to spoof ...sid, squeeze, wheezy
CVE-2009-3560The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, ...sid, squeeze, wheezy
CVE-2009-3720The updatePosition function in lib/xmltok_impl.c in libexpat in Expat ...sid, squeeze, wheezy
CVE-2009-4629Mozilla Necko, as used in Thunderbird 3.0.1, SeaMonkey, and other ...sid, squeeze, wheezy
CVE-2010-1986Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to ...sid, squeeze, wheezy
CVE-2010-1987Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to ...sid, squeeze, wheezy
CVE-2010-1988Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to ...sid, squeeze, wheezy
CVE-2010-1990Mozilla Firefox 3.6.x, 3.5.x, 3.0.19, and earlier, and SeaMonkey, ...sid, squeeze, wheezy
icecast2CVE-2005-0837IceCast 2.20 allows remote attackers to bypass the XSL parser and ...sid, squeeze, wheezy
CVE-2005-0838Multiple buffer overflows in the XSL parser for IceCast 2.20 may allow ...sid, squeeze, wheezy
icedoveCVE-2006-5633Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers ...sid, squeeze, wheezy
CVE-2008-5430Mozilla Thunderbird 2.0.14 does not properly handle (1) ...sid, squeeze, wheezy
iceweaselCVE-2002-2436The Cascading Style Sheets (CSS) implementation in Mozilla Firefox ...squeeze
CVE-2002-2437The JavaScript implementation in Mozilla Firefox before 4.0, ...squeeze
CVE-2004-1639Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows ...sid, squeeze, wheezy
CVE-2005-2395Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the ...sid, squeeze, wheezy
CVE-2005-4685Firefox and Mozilla can associate a cookie with multiple domains when ...sid, squeeze, wheezy
CVE-2006-2723Unspecified versions of Mozilla Firefox allow remote attackers to ...sid, squeeze, wheezy
CVE-2006-5633Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers ...sid, squeeze, wheezy
CVE-2006-6954Flock beta 1 0.7 allows remote attackers to cause a denial of service ...sid, squeeze, wheezy
CVE-2007-1084Mozilla Firefox 2.0.0.1 and earlier does not prompt users before ...sid, squeeze, wheezy
CVE-2007-1256Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address ...sid, squeeze, wheezy
CVE-2007-1736Mozilla Firefox 2.0.0.3 does not check URLs embedded in (1) object or ...sid, squeeze, wheezy
CVE-2007-1970Mozilla Firefox does not warn the user about HTTP elements on an HTTPS ...sid, squeeze, wheezy
CVE-2007-2162(1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote ...sid, squeeze, wheezy
CVE-2007-2671Mozilla Firefox 2.0.0.3 allows remote attackers to cause a denial of ...sid, squeeze, wheezy
CVE-2007-4357Mozilla Firefox 2.0.0.6 and earlier allows remote attackers to spoof ...sid, squeeze, wheezy
CVE-2007-5415Cross-site scripting (XSS) vulnerability in Mozilla Firefox 2.0, when ...sid, squeeze, wheezy
CVE-2007-5896Mozilla Firefox 2.0.0.9 allows remote attackers to cause a denial of ...sid, squeeze, wheezy
CVE-2007-6715Mozilla Firefox allows remote attackers to cause a denial of service ...sid, squeeze, wheezy
CVE-2008-2014Mozilla Firefox 3.0 beta 5 allows remote attackers to cause a denial ...sid, squeeze, wheezy
CVE-2008-3444The content layout component in Mozilla Firefox 3.0 and 3.0.1 allows ...sid, squeeze, wheezy
CVE-2008-4324The user interface event dispatcher in Mozilla Firefox 3.0.3 on ...sid, squeeze, wheezy
CVE-2008-5715Mozilla Firefox 3.0.5 on Windows Vista allows remote attackers to ...sid, squeeze, wheezy
CVE-2008-7293Mozilla Firefox before 4 cannot properly restrict modifications to ...squeeze
CVE-2009-0071Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is ...sid, squeeze, wheezy
CVE-2009-0821Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to cause ...sid, squeeze, wheezy
CVE-2009-3010Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; ...sid, squeeze, wheezy
CVE-2009-3014Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; ...sid, squeeze, wheezy
CVE-2010-5074The layout engine in Mozilla Firefox before 4.0, Thunderbird before ...squeeze
CVE-2011-0082The X.509 certificate validation functionality in Mozilla Firefox ...sid, squeeze, wheezy
CVE-2011-1712The txXPathNodeUtils::getXSLTId function in ...squeeze
CVE-2011-4688Mozilla Firefox 8.0.1 and earlier does not prevent capture of data ...sid, squeeze, wheezy
imagemagickCVE-2005-0406A design flaw in image processing software that modifies JPEG images ...sid, squeeze, wheezy
CVE-2008-3134Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 ...sid, squeeze, wheezy
initramfs-toolsCVE-2008-4996** DISPUTED ** ...sid, squeeze, wheezy
iprouteCVE-2012-1088squeeze
irssi-plugin-otrTEMP-0569506-737DDEirssi emote leaksid, squeeze, wheezy
jettyCVE-2009-3579Cross-site scripting (XSS) vulnerability in the CookieDump.java sample ...sid, squeeze, wheezy
kazehakaseTEMP-0560108-565B70browser-based css info disclosuresqueeze
kde4libsCVE-2009-1692WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, ...sid, squeeze, wheezy
CVE-2009-1718WebKit in Apple Safari before 4.0 allows user-assisted remote ...sid, squeeze, wheezy
CVE-2009-1724Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...sid, squeeze, wheezy
CVE-2009-3015QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and ...sid, squeeze, wheezy
CVE-2009-3272Stack consumption vulnerability in WebKit.dll in WebKit in Apple ...sid, squeeze, wheezy
TEMP-0560108-565B70browser-based css info disclosuresid, squeeze, wheezy
TEMP-0568486-B6FCB6browser javascript document.write denial-of-servicesid, squeeze, wheezy
kdebaseCVE-2005-4684Konqueror can associate a cookie with multiple domains when the DNS ...squeeze
CVE-2006-6015Buffer overflow in the JavaScript implementation in Safari on Apple ...squeeze
CVE-2007-4229Unspecified vulnerability in KDE Konqueror 3.5.7 and earlier allows ...squeeze
CVE-2007-5963Unspecified vulnerability in kdebase allows local users to cause a ...squeeze
CVE-2007-6000KDE Konqueror 3.5.6 and earlier allows remote attackers to cause a ...squeeze
CVE-2008-4382Konqueror in KDE 3.5.9 allows remote attackers to cause a denial of ...squeeze
CVE-2008-4514The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to ...squeeze
CVE-2008-5698HTMLTokenizer::scriptHandler in Konqueror in KDE 3.5.9 and 3.5.10 ...squeeze
CVE-2008-5712The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to ...squeeze
CVE-2009-2537KDE Konqueror allows remote attackers to cause a denial of service ...squeeze
TEMP-0325369-6C1D5Ekdebase uses urandom as an entropy sourcesqueeze
TEMP-0515106-13A33Akonqueror: potential exploits via application launcherssqueeze
TEMP-0532514-9137E0predictable random number generator used in web browserssqueeze
kdebase-workspaceCVE-2011-5054kcheckpass passes a user-supplied argument to the pam_start function, ...squeeze
kdegraphicsCVE-2006-6297Stack consumption vulnerability in the KFILE JPEG (kfile_jpeg) plugin ...squeeze
kdelibsCVE-2007-1308ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE ...squeeze
CVE-2007-1565Konqueror 3.5.5 allows remote attackers to cause a denial of service ...squeeze
CVE-2007-2164Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial ...squeeze
CVE-2009-1692WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, ...squeeze
CVE-2009-1718WebKit in Apple Safari before 4.0 allows user-assisted remote ...squeeze
CVE-2009-1724Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...squeeze
CVE-2009-3015QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and ...squeeze
CVE-2009-3272Stack consumption vulnerability in WebKit.dll in WebKit in Apple ...squeeze
TEMP-0560108-565B70browser-based css info disclosuresqueeze
TEMP-0568486-B6FCB6browser javascript document.write denial-of-servicesqueeze
kdepimCVE-2006-7139Kmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, ...sid, squeeze, wheezy
CVE-2007-1265KMail 1.9.5 and earlier does not properly use the --status-fd argument ...sid, squeeze, wheezy
kofficeCVE-2007-0104The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 ...sid, squeeze, wheezy
kompozerCVE-2009-1305The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird ...sid, squeeze
CVE-2009-1309Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not ...sid, squeeze
CVE-2009-1312Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block ...sid, squeeze
CVE-2009-3371Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 ...sid, squeeze
krb5CVE-2004-0971The krb5-send-pr script in the kerberos5 (krb5) package in Trustix ...sid, squeeze, wheezy
lbreakout2TEMP-0608980-E8B8DFCrash with long HOME environment variablesid, squeeze, wheezy
lftpCVE-2007-2348mirror --script in lftp before 3.5.9 does not properly quote shell ...sid, squeeze, wheezy
libgd2CVE-2007-3472Integer overflow in gdImageCreateTrueColor function in the GD Graphics ...sid, squeeze, wheezy
CVE-2007-3473The gdImageCreateXbm function in the GD Graphics Library (libgd) ...sid, squeeze, wheezy
CVE-2007-3475The GD Graphics Library (libgd) before 2.0.35 allows user-assisted ...sid, squeeze, wheezy
CVE-2007-3478Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in ...sid, squeeze, wheezy
libgnumail-javaCVE-2005-1105Directory traversal vulnerability in the MimeBodyPart.getFileName ...sid, squeeze, wheezy
libpam-opieCVE-2001-1483One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows ...squeeze
libphp-adodbCVE-2006-4976The Date Library in John Lim ADOdb Library for PHP allows remote ...sid, squeeze, wheezy
CVE-2011-3699John Lim ADOdb Library for PHP 5.11 allows remote attackers to obtain ...sid, squeeze, wheezy
libsndfileCVE-2009-4835The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, ...sid, squeeze, wheezy
libstruts1.2-javaCVE-2012-1007Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts ...sid, squeeze, wheezy
libwmfCVE-2007-3476Array index error in gd_gif_in.c in the GD Graphics Library (libgd) ...sid, squeeze, wheezy
CVE-2007-3477The (a) imagearc and (b) imagefilledarc functions in GD Graphics ...sid, squeeze, wheezy
CVE-2007-3996Multiple integer overflows in libgd in PHP before 5.2.4 allow remote ...sid, squeeze, wheezy
CVE-2009-3546The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before ...sid, squeeze, wheezy
TEMP-0601525-BEBB65libgd2: gdImageColorTransparent can write outside buffersid, squeeze, wheezy
liloCVE-2008-3895LILO 22.6.1 and earlier stores pre-boot authentication passwords in ...sid, squeeze, wheezy
linux-2.6CVE-2004-0230TCP, when using a large Window Size, makes it easier for remote ...sid, squeeze, wheezy
CVE-2005-3660Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service ...sid, squeeze, wheezy
CVE-2006-5701Double free vulnerability in squashfs module in the Linux kernel ...sid, squeeze, wheezy
CVE-2006-6128The ReiserFS functionality in Linux kernel 2.6.18, and possibly other ...sid, squeeze, wheezy
CVE-2007-3719The process scheduler in the Linux kernel 2.6.16 gives preference to ...sid, squeeze, wheezy
CVE-2008-4609The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, ...sid, squeeze, wheezy
CVE-2009-3888The do_mmap_pgoff function in mm/nommu.c in the Linux kernel before ...sid, squeeze, wheezy
CVE-2010-4563The Linux kernel, when using IPv6, allows remote attackers to ...sid, squeeze, wheezy
CVE-2011-1019squeeze
CVE-2011-1585sid, wheezy
CVE-2011-4112squeeze
CVE-2011-4915sid, squeeze, wheezy
CVE-2011-4917sid, squeeze, wheezy
m2cryptoCVE-2009-0127** DISPUTED ** M2Crypto does not properly check the return value from ...sid, squeeze, wheezy
m4CVE-2008-1687The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before ...sid, squeeze, wheezy
CVE-2008-1688Unspecified vulnerability in GNU m4 before 1.4.11 might allow ...sid, squeeze, wheezy
magpierssCVE-2006-4735Kellan Elliott-McCrea MagpieRSS allows remote attackers to obtain ...sid, squeeze, wheezy
maildirsyncCVE-2008-5150sample.sh in maildirsync 1.1 allows local users to append data to ...sid, squeeze, wheezy
mailmanCVE-2006-2191** DISPUTED ** ...sid, squeeze, wheezy
mailscannerCVE-2010-3293mailscanner virus updates DoSsqueeze
matanzaCVE-2009-3560The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, ...sid, squeeze, wheezy
CVE-2009-3720The updatePosition function in lib/xmltok_impl.c in libexpat in Expat ...sid, squeeze, wheezy
mediawikiCVE-2007-0894MediaWiki before 1.9.2 allows remote attackers to obtain sensitive ...sid, squeeze, wheezy
CVE-2008-5688MediaWiki 1.8.1, and other versions before 1.13.3, when the ...sid, squeeze, wheezy
mh-bookCVE-2008-5152inmail-show in mh-book 200605 allows local users to overwrite ...sid, squeeze, wheezy
midoriCVE-2010-3900Midori before 0.2.5, when WebKitGTK+ before 1.1.14 or LibSoup before ...squeeze
mini-httpdCVE-2009-4490mini_httpd 1.19 writes data to a log file without sanitizing ...sid, squeeze, wheezy
moinCVE-2007-0902Unspecified vulnerability in the "Show debugging information" feature ...sid, squeeze, wheezy
moodleCVE-2006-4976The Date Library in John Lim ADOdb Library for PHP allows remote ...sid, squeeze, wheezy
CVE-2008-0123Cross-site scripting (XSS) vulnerability in install.php for Moodle ...sid, squeeze, wheezy
CVE-2008-3327Moodle 1.6.5, when display_errors is enabled, allows remote attackers ...sid, squeeze, wheezy
muttCVE-2007-1268Mutt 1.5.13 and earlier does not properly use the --status-fd argument ...sid, squeeze, wheezy
nagios3CVE-2008-5027The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor ...sid, squeeze, wheezy
net-toolsCVE-2002-1976ifconfig, when used on the Linux kernel 2.2 and later, does not report ...sid, squeeze, wheezy
nginxCVE-2009-4487nginx 0.7.64 writes data to a log file without sanitizing ...sid, squeeze, wheezy
ntopTEMP-0335996-97467Dntop format string vulnerabilitysid, wheezy
nvidia-cg-toolkitCVE-2008-5144nvidia-cg-toolkit-installer in nvidia-cg-toolkit 2.0.0015 allows local ...sid, squeeze, wheezy
ocsinventory-serverCVE-2010-1733Multiple SQL injection vulnerabilities in OCS Inventory NG before ...sid, squeeze, wheezy
CVE-2011-4024Cross-site scripting (XSS) vulnerability in ocsinventory in OCS ...squeeze
openconnectCVE-2010-3902OpenConnect before 2.26 places the webvpn cookie value in the ...squeeze
openjdk-6CVE-2007-0012Sun JRE 5.0 before update 14 allows remote attackers to cause a denial ...sid, squeeze, wheezy
CVE-2007-5019Buffer overflow in the Sun Java Web Start ActiveX control in Java ...sid, squeeze, wheezy
openldapCVE-2011-4079Off-by-one error in the UTF8StringNormalize function in OpenLDAP ...squeeze
openoffice.orgCVE-2005-4636OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, ...sid, squeeze, wheezy
CVE-2007-4251OpenOffice.org (OOo) 2.2 does not properly handle files with multiple ...sid, squeeze, wheezy
opensshCVE-2007-2243OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is ...sid, squeeze, wheezy
CVE-2007-2768OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, ...sid, squeeze, wheezy
CVE-2008-3234sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH ...sid, squeeze, wheezy
opensslCVE-2010-0742The Cryptographic Message Syntax (CMS) implementation in ...squeeze
CVE-2010-0928OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx ...sid, squeeze, wheezy
CVE-2011-4577OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is ...squeeze
openvpnCVE-2006-2229OpenVPN 2.0.7 and earlier, when configured to use the --management ...sid, squeeze, wheezy
os-proberCVE-2008-5135** DISPUTED ** ...sid, squeeze, wheezy
oscCVE-2012-1095sid, squeeze, wheezy
otrs2CVE-2010-4758installer.pl in Open Ticket Request System (OTRS) before 3.0.3 has an ...squeeze
CVE-2010-4759Open Ticket Request System (OTRS) before 3.0.0-beta7 does not properly ...squeeze
CVE-2010-4760Open Ticket Request System (OTRS) before 3.0.0-beta6 adds ...squeeze
CVE-2010-4761The customer-interface ticket-print dialog in Open Ticket Request ...squeeze
CVE-2010-4762Cross-site scripting (XSS) vulnerability in the rich-text-editor ...squeeze
CVE-2010-4763The ACL-customer-status Ticket Type setting in Open Ticket Request ...squeeze
CVE-2010-4764Open Ticket Request System (OTRS) before 2.4.10, and 3.x before 3.0.3, ...squeeze
pamCVE-2010-3316The run_coprocess function in pam_xauth.c in the pam_xauth module in ...squeeze
patchCVE-2010-4651Directory traversal vulnerability in util.c in GNU patch 2.6.1 and ...sid, squeeze, wheezy
paxtestCVE-2010-3373squeeze
perlCVE-2010-4777sid, squeeze, wheezy
CVE-2011-0761Perl 5.10.x allows context-dependent attackers to cause a denial of ...squeeze
CVE-2011-2728sid, squeeze, wheezy
CVE-2011-4116sid, squeeze, wheezy
php-apcCVE-2010-3294Cross-site scripting (XSS) vulnerability in apc.php in the Alternative ...sid, squeeze, wheezy
php-gettextTEMP-0000000-07A77Dphp-gettext XSSsid, squeeze, wheezy
php-htmlpurifierTEMP-0000000-196897htmlpurifier varioussqueeze
php5CVE-2006-0931Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other ...sid, squeeze, wheezy
CVE-2006-4023The ip2long function in PHP 5.1.4 and earlier may incorrectly validate ...sid, squeeze, wheezy
CVE-2006-6383PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and ...sid, squeeze, wheezy
CVE-2006-7205The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 ...sid, squeeze, wheezy
CVE-2007-0448The fopen function in PHP 5.2.0 does not properly handle invalid URI ...sid, squeeze, wheezy
CVE-2007-1413Buffer overflow in the snmpget function in the snmp extension in PHP ...sid, squeeze, wheezy
CVE-2007-1581The resource system in PHP 5.0.0 through 5.2.1 allows ...sid, squeeze, wheezy
CVE-2007-1582The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ...sid, squeeze, wheezy
CVE-2007-1710The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows ...sid, squeeze, wheezy
CVE-2007-1835PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session ...sid, squeeze, wheezy
CVE-2007-1883PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows ...sid, squeeze, wheezy
CVE-2007-1890Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and ...sid, squeeze, wheezy
CVE-2007-3205The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Subhosin, ...sid, squeeze, wheezy
CVE-2007-3294Multiple buffer overflows in libtidy, as used in the Tidy extension ...sid, squeeze, wheezy
CVE-2007-4255Buffer overflow in the mSQL extension in PHP 5.2.3 allows ...sid, squeeze, wheezy
CVE-2007-4596The perl extension in PHP does not follow safe_mode restrictions, ...sid, squeeze, wheezy
CVE-2007-4889The MySQL extension in PHP 5.2.4 and earlier allows remote attackers ...sid, squeeze, wheezy
CVE-2007-5424The disable_functions feature in PHP 4 and 5 allows attackers to ...sid, squeeze, wheezy
CVE-2008-2666Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier ...sid, squeeze, wheezy
CVE-2008-4107The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce ...sid, squeeze, wheezy
CVE-2008-5625PHP 5 before 5.2.7 does not enforce the error_log safe_mode ...sid, squeeze, wheezy
CVE-2008-7002PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir ...sid, squeeze, wheezy
CVE-2009-3559** DISPUTED ** ...sid, squeeze, wheezy
CVE-2009-4418The unserialize function in PHP 5.3.0 and earlier allows ...sid, squeeze, wheezy
CVE-2010-1861The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 ...sid, squeeze, wheezy
CVE-2010-1862The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through ...sid, squeeze, wheezy
CVE-2010-1868The (1) sqlite_single_query and (2) sqlite_array_query functions in ...sid, squeeze, wheezy
CVE-2010-1914The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows ...sid, squeeze, wheezy
CVE-2010-1915The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through ...sid, squeeze, wheezy
CVE-2010-2097The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode ...sid, squeeze, wheezy
CVE-2010-2100The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) ...sid, squeeze, wheezy
CVE-2010-2101The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) ...sid, squeeze, wheezy
CVE-2010-2190The (1) trim, (2) ltrim, (3) rtrim, and (4) substr_replace functions ...sid, squeeze, wheezy
CVE-2010-3062mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through ...sid, squeeze, wheezy
CVE-2010-3063The php_mysqlnd_read_error_from_line function in the Mysqlnd extension ...sid, squeeze, wheezy
CVE-2010-3064Stack-based buffer overflow in the php_mysqlnd_auth_write function in ...sid, squeeze, wheezy
CVE-2010-4697Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 ...squeeze
CVE-2010-4699The iconv_mime_decode_headers function in the Iconv extension in PHP ...squeeze
CVE-2011-0420The grapheme_extract function in the Internationalization extension ...sid, wheezy
CVE-2011-0753Race condition in the PCNTL extension in PHP before 5.3.4, when a ...squeeze
CVE-2011-0755Integer overflow in the mt_rand function in PHP before 5.3.4 might ...squeeze
CVE-2011-1092Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows ...sid, squeeze, wheezy
CVE-2011-1148Use-after-free vulnerability in the substr_replace function in PHP ...sid, squeeze, wheezy
CVE-2011-1464Buffer overflow in the strval function in PHP before 5.3.6, when the ...squeeze
CVE-2011-1467Unspecified vulnerability in the NumberFormatter::setSymbol (aka ...squeeze
CVE-2011-1468Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 ...squeeze
CVE-2011-1469Unspecified vulnerability in the Streams component in PHP before 5.3.6 ...squeeze
CVE-2011-1470The Zip extension in PHP before 5.3.6 allows context-dependent ...squeeze
CVE-2011-1657The (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions ...sid, squeeze, wheezy
CVE-2011-3182PHP before 5.3.7 does not properly check the return values of the ...squeeze
CVE-2012-1171safemode bypass after RSHUTDOWNsid, squeeze, wheezy
CVE-2012-2336sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when ...squeeze, wheezy
TEMP-0000000-A7D1F4PHP 5.2.9 curl safe_mode & open_basedir bypasssid, squeeze, wheezy
phpmyadminCVE-2005-3622phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain ...sid, squeeze, wheezy
CVE-2005-4349** DISPUTED ** ...sid, squeeze, wheezy
CVE-2006-6373PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive ...sid, squeeze, wheezy
CVE-2007-4306Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...sid, squeeze, wheezy
CVE-2011-0986phpMyAdmin 2.11.x before 2.11.11.2, and 3.3.x before 3.3.9.1, does not ...squeeze
CVE-2011-3646phpmyadmin.css.php in phpMyAdmin 3.4.x before 3.4.6 allows remote ...squeeze
CVE-2011-4064Cross-site scripting (XSS) vulnerability in the setup interface in ...squeeze
CVE-2012-1902show_config_errors.php in phpMyAdmin 3.4.x before 3.4.10.2, when a ...squeeze
phppgadminCVE-2006-4976The Date Library in John Lim ADOdb Library for PHP allows remote ...sid, squeeze, wheezy
phpsysinfoCVE-2006-3360Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 ...sid, squeeze, wheezy
pidginCVE-2008-2956** DISPUTED ** ...sid, squeeze, wheezy
CVE-2011-3184The msn_httpconn_parse_data function in httpconn.c in the MSN protocol ...squeeze
CVE-2012-1257sid, squeeze, wheezy
pilot-qofCVE-2008-4997** DISPUTED ** ...squeeze
popplerCVE-2010-0206xpdf: Invalid pointer dereference by processing JBIG2 PDF stream objectssid, squeeze, wheezy
CVE-2010-0207xpdf: XRef table parsing infinite loopsid, squeeze, wheezy
postfixCVE-2008-4977** DISPUTED ** ...sid, squeeze, wheezy
pppCVE-2008-5366The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local ...sid, squeeze, wheezy
CVE-2008-5367ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to ...sid, squeeze, wheezy
printfilters-ppdCVE-2008-5034** DISPUTED ** ...sid, squeeze, wheezy
pure-ftpdCVE-2011-0418The glob implementation in Pure-FTPd before 1.0.32, and in libc in ...squeeze
puttyCVE-2011-4607http://seclists.org/oss-sec/2011/q4/500squeeze
python-defaultsCVE-2008-4108Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) ...sid, squeeze, wheezy
python-djangoCVE-2007-5828** DISPUTED ** ...sid, squeeze, wheezy
python2.5CVE-2007-4559Directory traversal vulnerability in the (1) extract and (2) ...squeeze
CVE-2011-4940python: potential XSS in SimpleHTTPServer's list_directory()squeeze, sid, squeeze, wheezy
python2.6CVE-2012-1150sid, squeeze, wheezy
TEMP-0615118-2DDE11python2.6: distutils world-readable passwordsid, squeeze, wheezy
python2.7CVE-2010-3492The asyncore module in Python before 3.2 does not properly handle ...sid, wheezy
CVE-2012-1150sid, wheezy
TEMP-0615118-2DDE11python2.6: distutils world-readable passwordsid, wheezy
python3.1CVE-2010-3492The asyncore module in Python before 3.2 does not properly handle ...squeeze, sid, wheezy
python3.2CVE-2012-1150sid, wheezy
qmailCVE-2011-1431The STARTTLS implementation in qmail-smtpd.c in qmail-smtpd in the ...sid, squeeze, wheezy
qt4-x11CVE-2008-4724Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome ...sid, squeeze, wheezy
CVE-2009-3015QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and ...sid, squeeze, wheezy
CVE-2009-3272Stack consumption vulnerability in WebKit.dll in WebKit in Apple ...sid, squeeze, wheezy
CVE-2010-1729WebKit.dll in WebKit, as used in Safari.exe 4.531.9.1 in Apple Safari, ...sid, squeeze, wheezy
TEMP-0560108-565B70browser-based css info disclosuresid, squeeze, wheezy
TEMP-0568486-B6FCB6browser javascript document.write denial-of-servicesid, squeeze, wheezy
railsCVE-2010-3299ruby on rails: padding oracle attacksid, squeeze, wheezy
CVE-2011-3187The to_s method in ...sid, squeeze, wheezy
request-tracker3.8CVE-2011-1007Best Practical Solutions RT before 3.8.9 does not perform certain ...squeeze
rhythmboxCVE-2008-7185GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of ...sid, squeeze, wheezy
rpmCVE-2010-2198lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the ...sid, squeeze, wheezy
CVE-2010-2199lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the ...sid, squeeze, wheezy
sambaCVE-2010-1635The chain_reply function in process.c in smbd in Samba before 3.4.8 ...sid, squeeze, wheezy
CVE-2010-1642The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in ...sid, squeeze, wheezy
serendipityCVE-2007-1326SQL injection vulnerability in index.php in Serendipity 1.1.1 allows ...sid, squeeze
shadowCVE-2007-5686initscripts in rPath Linux 1 sets insecure permissions for the ...sid, squeeze, wheezy
simgearCVE-2009-3560The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, ...sid, squeeze, wheezy
CVE-2009-3720The updatePosition function in lib/xmltok_impl.c in libexpat in Expat ...sid, squeeze, wheezy
slimTEMP-0537604-F35BD7insecure tmp file vulnerability in slimsid, squeeze, wheezy
smartyCVE-2007-2326Multiple PHP remote file inclusion vulnerabilities in HYIP Manager Pro ...squeeze, wheezy
TEMP-0000000-2C7EFDincorrect handling of {$smarty.template} and {$smarty.current_dir}squeeze, wheezy, sid, squeeze, wheezy
smsclientCVE-2008-5155mail2sms.sh in smsclient 2.0.8z allows local users to overwrite ...sid, squeeze, wheezy
TEMP-0498901-F99C05unsafe use of tempfile in ssmclientsid, squeeze, wheezy
spipTEMP-0646758-12F1BDspip path disclosuresqueeze
sql-ledgerCVE-2007-0667The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and ...sid, squeeze, wheezy
CVE-2007-1329Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before ...sid, squeeze, wheezy
CVE-2007-1923(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control ...sid, squeeze, wheezy
CVE-2007-5372Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through ...sid, squeeze, wheezy
CVE-2008-4077The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) ...sid, squeeze, wheezy
CVE-2008-4078SQL injection vulnerability in the AR/AP transaction report in (1) ...sid, squeeze, wheezy
CVE-2009-3580Cross-site request forgery (CSRF) vulnerability in am.pl in SQL-Ledger ...sid, squeeze, wheezy
CVE-2009-3581Multiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger ...sid, squeeze, wheezy
CVE-2009-3582Multiple SQL injection vulnerabilities in the delete subroutine in ...sid, squeeze, wheezy
CVE-2009-3583Directory traversal vulnerability in the Preferences menu item in ...sid, squeeze, wheezy
CVE-2009-3584SQL-Ledger 2.8.24 does not set the secure flag for the session cookie ...sid, squeeze, wheezy
CVE-2009-4402The default configuration of SQL-Ledger 2.8.24 allows remote attackers ...sid, squeeze, wheezy
squidCVE-2009-0801Squid, when transparent interception mode is enabled, uses the HTTP ...sid, squeeze, wheezy, sid, squeeze, wheezy
ssmtpCVE-2004-0423The log_event function in ssmtp 2.50.6 and earlier allows local users ...sid, squeeze, wheezy
CVE-2008-7258** DISPUTED ** ...sid, squeeze, wheezy
suckless-toolsCVE-2012-1620slock screen unlockingsid, squeeze, wheezy
sudoCVE-2005-1119Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary ...sid, squeeze, wheezy
sun-java6CVE-2007-0012Sun JRE 5.0 before update 14 allows remote attackers to cause a denial ...squeeze
CVE-2007-5019Buffer overflow in the Sun Java Web Start ActiveX control in Java ...squeeze
sylpheedCVE-2007-1267Sylpheed 2.2.7 and earlier does not properly use the --status-fd ...sid, squeeze, wheezy
sysklogdCVE-2006-1624The default configuration of syslogd in the Linux sysklogd package ...sid, squeeze, wheezy
TEMP-0281448-00272AFormat string bug in sysklogd's syslog_tst sourcessid, squeeze, wheezy
systemtapCVE-2011-1769SystemTap 1.4 and earlier, when unprivileged (aka stapusr) mode is ...squeeze
sysvinitTEMP-0517018-A83CE6sysvinit: no-root option in expert installer exposes locally exploitable security flawsid, squeeze, wheezy
tarCVE-2005-2541Tar 1.15.1 does not properly warn the user when extracting setuid or ...sid, squeeze, wheezy
TEMP-0290435-0B57B5tar's rmt command may have undesired side effectssid, squeeze, wheezy
thttpdCVE-2009-4491thttpd 2.25b0 writes data to a log file without sanitizing ...squeeze
thunarTEMP-0517020-915121thunar: potential exploits via application launcherssid, squeeze, wheezy
tiffCVE-2008-1586ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod ...sid, squeeze, wheezy
CVE-2010-2595The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ...sid, squeeze, wheezy
CVE-2010-2596The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and ...sid, squeeze, wheezy
CVE-2010-2597The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 ...sid, squeeze, wheezy
CVE-2010-2598LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as ...sid, squeeze, wheezy
CVE-2010-2630The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly ...sid, squeeze, wheezy
CVE-2010-2631LibTIFF 3.9.0 ignores tags in certain situations during the first ...sid, squeeze, wheezy
tinymuxCVE-2007-1959Unspecified vulnerability in the process_cmdent function in ...sid, squeeze, wheezy
tomcat6CVE-2010-4312The default configuration of Apache Tomcat 6.x does not include the ...sid, squeeze, wheezy
torCVE-2006-6893Tor allows remote attackers to discover the IP address of a hidden ...sid, squeeze, wheezy
CVE-2007-1103Tor does not verify a node's uptime and bandwidth advertisements, ...sid, squeeze, wheezy
CVE-2009-0654Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote ...sid, squeeze, wheezy
varnishCVE-2009-4488** DISPUTED ** Varnish 2.0.6 writes data to a log file without ...sid, squeeze, wheezy
vdrCVE-2010-3387** DISPUTED ** ...squeeze
vimCVE-2008-4677autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions ...sid, squeeze, wheezy
vinoCVE-2011-1164sid, squeeze, wheezy
CVE-2011-1165sid, squeeze, wheezy
vlcCVE-2012-2396VideoLAN VLC media player 2.0.1 allows remote attackers to cause a ...sid, squeeze, wheezy
vteCVE-2005-0023gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to ...sid, squeeze, wheezy
w3mTEMP-0532514-9137E0predictable random number generator used in web browserssid, squeeze, wheezy
webkitCVE-2008-7246Google Chrome 0.2.149.29 and earlier allows remote attackers to cause ...sid, squeeze, wheezy
CVE-2009-1514Google Chrome 1.0.154.53 allows remote attackers to cause a denial of ...sid, squeeze, wheezy
CVE-2009-2578Google Chrome 2.x through 2.0.172 allows remote attackers to cause a ...sid, squeeze, wheezy
CVE-2009-2953Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote ...sid, squeeze, wheezy
CVE-2009-2955Google Chrome 1.0.154.48 and earlier allows remote attackers to cause ...sid, squeeze, wheezy
CVE-2009-3011Google Chrome 1.0.154.48 and earlier, 2.0.172.28, 2.0.172.37, and ...sid, squeeze, wheezy
CVE-2009-3015QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and ...sid, squeeze, wheezy
CVE-2009-3268Google Chrome 1.0.154.48 and earlier allows remote attackers to cause ...sid, squeeze, wheezy
CVE-2009-3272Stack consumption vulnerability in WebKit.dll in WebKit in Apple ...sid, squeeze, wheezy
CVE-2010-1131JavaScriptCore.dll, as used in Apple Safari 4.0.5 on Windows XP SP3, ...sid, squeeze, wheezy
CVE-2010-1180Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...sid, squeeze, wheezy
CVE-2010-1181Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...sid, squeeze, wheezy
CVE-2010-1384Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and ...sid, squeeze, wheezy
CVE-2010-1729WebKit.dll in WebKit, as used in Safari.exe 4.531.9.1 in Apple Safari, ...sid, squeeze, wheezy
CVE-2010-1992Google Chrome 1.0.154.48 executes a mail application in situations ...sid, squeeze, wheezy
CVE-2010-2120Google Chrome 1.0.154.48 allows remote attackers to cause a denial of ...sid, squeeze, wheezy
CVE-2010-4482Unspecified vulnerability in Google Chrome before 8.0.552.215 allows ...sid, squeeze, wheezy
CVE-2010-4485Google Chrome before 8.0.552.215 does not properly restrict the ...sid, squeeze, wheezy
CVE-2011-1194Multiple unspecified vulnerabilities in Google Chrome before ...sid, squeeze, wheezy
CVE-2011-1304Unspecified vulnerability in Google Chrome before 11.0.696.57 allows ...sid, squeeze, wheezy
CVE-2011-4691Google Chrome 15.0.874.121 and earlier does not prevent capture of ...sid, squeeze, wheezy
CVE-2011-4692WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 ...sid, squeeze, wheezy
TEMP-0560108-565B70browser-based css info disclosuresid, squeeze, wheezy
TEMP-0568486-B6FCB6browser javascript document.write denial-of-servicesid, squeeze, wheezy
wgetCVE-2006-6719The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) ...sid, squeeze, wheezy
wicdCVE-2012-0813wicd cleartext passwordssqueeze
wiresharkCVE-2011-1142Stack consumption vulnerability in the dissect_ber_choice function in ...squeeze
CVE-2011-1143epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark ...squeeze
CVE-2011-2597The Lucent/Ascend file parser in Wireshark 1.2.x before 1.2.18, 1.4.x ...squeeze
CVE-2011-2698Off-by-one error in the elem_cell_id_aux function in ...squeeze
CVE-2011-3266The proto_tree_add_item function in Wireshark 1.6.0 through 1.6.1 and ...squeeze
CVE-2011-4101The dissect_infiniband_common function in ...squeeze
CVE-2012-1593epan/dissectors/packet-ansi_a.c in the ANSI A dissector in Wireshark ...squeeze
CVE-2012-1594epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in ...squeeze
CVE-2012-1596The mp2t_process_fragmented_payload function in ...squeeze
wordpressCVE-2006-0733** DISPUTED ** Cross-site scripting (XSS) vulnerability in WordPress ...sid, squeeze, wheezy
CVE-2008-0191WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive ...sid, squeeze, wheezy
CVE-2012-0937** DISPUTED ** wp-admin/setup-config.php in the installation component ...sid, squeeze, wheezy
TEMP-0500295-A176F7possible script injection via /etc/wordpress/wp-config.phpsid, squeeze, wheezy
xerces-c2CVE-2008-4482The XML parser in Xerces-C++ before 3.0.0 allows context-dependent ...sid, squeeze, wheezy
xfigCVE-2009-4228Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and ...sid, squeeze, wheezy
xine-libCVE-2008-5247The real_parse_audio_specific_data function in demux_real.c in ...sid, squeeze, wheezy
xloadimageCVE-2006-4484Buffer overflow in the LWZReadByte_ function in ...sid, squeeze, wheezy
xpdfCVE-2010-0206xpdf: Invalid pointer dereference by processing JBIG2 PDF stream objectssid, squeeze, wheezy
CVE-2010-0207xpdf: XRef table parsing infinite loopsid, squeeze, wheezy
TEMP-0000000-2EA6C5NULL dereferences, similar to Adobe's CVE-2009-0658sid, squeeze, wheezy
xtermCVE-2006-4447X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, ...sid, squeeze, wheezy
xviewCVE-2005-4796Unspecified vulnerability in the XView library (libxview.so) in ...sid, squeeze, wheezy
yawsCVE-2009-4495Yaws 1.85 writes data to a log file without sanitizing non-printable ...sid, squeeze, wheezy
yuiCVE-2007-2385The Yahoo! UI framework exchanges data using JavaScript Object ...sid, squeeze, wheezy
CVE-2010-4710Cross-site scripting (XSS) vulnerability in the addItem method in the ...sid, squeeze, wheezy
zabbixCVE-2011-3264Zabbix before 1.8.6 allows remote attackers to obtain sensitive ...squeeze
Search for package or bug name: Reporting problems

Home - Testing Security Team - Debian Security - Source (SVN)