Computer vulnerabilities of Debian Woody

Dovecot: user access
An attacker can connect to the mail account of a user via Dovecot without knowing his password...
CERTA-2002-AVI-195, CVE-2008-1218, DSA-1516-1, FEDORA-2008-2464, FEDORA-2008-2475, SUSE-SR:2008:020, VIGILANCE-VUL-7666

Dovecot: file access with mail_extra_groups
When the mail_extra_groups directive of Dovecot is used, a local attacker can read or alter mail files of users...
BID-28092, CERTA-2002-AVI-195, CVE-2008-1199, DSA-1516-1, FEDORA-2008-2464, FEDORA-2008-2475, RHSA-2008:0297-02, SUSE-SR:2008:020, VIGILANCE-VUL-7665

Horde: file inclusion
An attack can use a malicious Horde theme in order to read the content of files located on the server...
BID-28153, CERTA-2002-AVI-195, CVE-2008-1284, DSA-1519-1, FEDORA-2008-2362, FEDORA-2008-2406, VIGILANCE-VUL-7648

PostgreSQL: several vulnerabilities
A local attacker can create a denial of service or elevate his privileges via PostgreSQL...
103197, 200559, c01420154, CERTA-2002-AVI-163, CERTA-2008-AVI-005, CVE-2007-4769, CVE-2007-4772, CVE-2007-6067, CVE-2007-6600, CVE-2007-6601, DSA-1460-1, DSA-1463-1, DSA-2019-131, FEDORA-2008-0478, FEDORA-2008-0552, HPSBTU02325, MDVSA-2008:004, openSUSE-SU-2016:0531-1, openSUSE-SU-2016:0578-1, RHSA-2008:0038-01, RHSA-2008:0039-01, RHSA-2008:0040-01, SSRT080006, SUSE-SA:2008:005, SUSE-SU-2016:0539-1, SUSE-SU-2016:0555-1, SUSE-SU-2016:0677-1, TLSA-2008-6, VIGILANCE-VUL-7475

Linux kernel: denial of service of CHRP
A local attacker can create a denial of service of CHRP under PowerPC...
BID-27555, CVE-2007-6694, DSA-1503-1, DSA-1504-1, DSA-1565-1, RHSA-2008:0055-01, RHSA-2008:0154-01, VIGILANCE-VUL-7641

Evolution: format string attack via an email
An attacker can send a malicious email, and wait for victim to select it in order to create a denial of service or to execute code...
BID-28102, CERTA-2002-AVI-195, CVE-2008-0072, DSA-1512-1, FEDORA-2008-2290, FEDORA-2008-2292, MDVSA-2008:063, RHSA-2008:0177-01, RHSA-2008:0178-01, SUSE-SA:2008:014, VIGILANCE-VUL-7637, VU#512491

phpMyAdmin: SQL injection
An attacker can use cookies to generate a SQL injection in phpMyAdmin...
BID-28068, CERTA-2002-AVI-203, CVE-2008-1149, DSA-1557-1, FEDORA-2008-2189, MDVSA-2008:131, PMASA-2008-1, SUSE-SR:2008:026, SUSE-SR:2009:003, VIGILANCE-VUL-7629

D-Bus: bypassing the policy
A D-Bus application can bypass the security policy of the daemon...
BID-28023, CERTA-2008-AVI-344, CVE-2008-0595, DSA-1599-1, FEDORA-2008-2043, FEDORA-2008-2070, MDVSA-2008:054, openSUSE-SU-2012:1418-1, RHSA-2008:0159-01, SUSE-SR:2008:006, VIGILANCE-VUL-7622

Ghostscript: buffer overflow via color
An attacker can create a malicious PostScript or PDF file and invite the victim to open it in order to execute code on his computer...
BID-28017, CERTA-2002-AVI-195, CERTA-2008-AVI-113, CVE-2008-0411, DSA-1510-1, FEDORA-2008-1998, FEDORA-2008-2084, MDVSA-2008:055, RHSA-2008:0155-01, SSA:2008-062-01, SUSE-SA:2008:010, VIGILANCE-VUL-7621

Thunderbird: several vulnerabilities
Several vulnerabilities were announced in Thunderbird, the worst one leading to code execution...
239546, 6689244, 6701932, BID-24293, BID-27406, BID-27683, BID-28012, BID-29303, CERTA-2002-AVI-189, CERTA-2008-AVI-062, CERTA-2008-AVI-101, CERTA-2008-AVI-105, CVE-2007-3090-ERROR, CVE-2008-0304, CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0416, CVE-2008-0418, CVE-2008-0420, CVE-2008-0591, DSA-1485-1, DSA-1621-1, FEDORA-2008-1435, FEDORA-2008-1459, FEDORA-2008-1535, FEDORA-2008-1669, FEDORA-2008-2060, FEDORA-2008-2118, MDVSA-2008:062, MFSA 2008-01, MFSA 2008-03, MFSA 2008-05, MFSA 2008-07, MFSA 2008-08, MFSA 2008-12, MFSA 2008-13, RHSA-2008:0105-01, SSA:2008-061-01, TLSA-2008-12, VIGILANCE-VUL-7560, VU#309608, VU#661651

Our database contains other pages. You can request a free trial to read them.

Display information about Debian Woody:

https://www.debian.org/