Filtered by vendor Debian
Subscribe
Total
10144 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0793 | 1 Debian | 1 Bsdmainutils | 2025-04-03 | 7.2 HIGH | N/A |
|
The calendar program in bsdmainutils 6.0 through 6.0.14 does not drop root privileges when executed with the -a flag, which allows attackers to execute arbitrary commands via a calendar event file.
|
|||||
| CVE-2001-0456 | 1 Debian | 1 Debian Linux | 2025-04-03 | 7.5 HIGH | N/A |
|
postinst installation script for Proftpd in Debian 2.2 does not properly change the "run as uid/gid root" configuration when the user enables anonymous access, which causes the server to run at a higher privilege than intended.
|
|||||
| CVE-1999-1572 | 5 Debian, Freebsd, Mandrakesoft and 2 more | 6 Debian Linux, Freebsd, Mandrake Linux and 3 more | 2025-04-03 | 2.1 LOW | N/A |
|
cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.
|
|||||
| CVE-2001-0138 | 4 Debian, Immunix, Mandrakesoft and 1 more | 5 Debian Linux, Immunix, Mandrake Linux and 2 more | 2025-04-03 | 1.2 LOW | N/A |
|
privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack.
|
|||||
| CVE-2004-1000 | 1 Debian | 1 Lintian | 2025-04-03 | 2.1 LOW | N/A |
|
lintian 1.23 and earlier removes the working directory even if it was not created by lintian, which may allow local users to delete arbitrary files or directories via a symlink attack.
|
|||||
| CVE-2004-0458 | 2 Debian, Nicolas Boullis | 2 Debian Linux, Mah-jong | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
|
mah-jong before 1.6.2 allows remote attackers to cause a denial of service (server crash) via a missing argument, which triggers a null pointer dereference.
|
|||||
| CVE-2005-3625 | 18 Conectiva, Debian, Easy Software Products and 15 more | 33 Linux, Debian Linux, Cups and 30 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."
|
|||||
| CVE-1999-1276 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-04-03 | 7.2 HIGH | N/A |
|
fte-console in the fte package before 0.46b-4.1 does not drop root privileges, which allows local users to gain root access via the virtual console device.
|
|||||
| CVE-2002-2185 | 6 Debian, Mandrakesoft, Microsoft and 3 more | 11 Debian Linux, Mandrake Linux, Windows 98 and 8 more | 2025-04-03 | 4.9 MEDIUM | N/A |
|
The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from the network.
|
|||||
| CVE-2005-0159 | 1 Debian | 2 Debian Linux, Toolchain-source | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The tpkg-* scripts in the toolchain-source 3.0.4 package on Debian GNU/Linux 3.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files.
|
|||||
| CVE-2000-0107 | 1 Debian | 1 Debian Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
Linux apcd program allows local attackers to modify arbitrary files via a symlink attack.
|
|||||
| CVE-1999-1411 | 1 Debian | 1 Debian Linux | 2025-04-03 | 7.5 HIGH | N/A |
|
The installation of the fsp package 2.71-10 in Debian GNU/Linux 2.0 adds the anonymous FTP user without notifying the administrator, which could automatically enable anonymous FTP on some servers such as wu-ftp.
|
|||||
| CVE-2005-3274 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-04-03 | 1.2 LOW | 4.7 MEDIUM |
|
Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 before 2.4.32-pre2, when running on SMP systems, allows local users to cause a denial of service (null dereference) by causing a connection timer to expire while the connection table is being flushed before the appropriate lock is acquired.
|
|||||
| CVE-2003-0098 | 2 Apcupsd, Debian | 2 Apcupsd, Debian Linux | 2025-04-03 | 10.0 HIGH | N/A |
|
Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10.5, allows remote attackers to gain root privileges, possibly via format strings in a request to a slave server.
|
|||||
| CVE-2003-0367 | 2 Debian, Gnu | 2 Debian Linux, Gzip | 2025-04-03 | 2.1 LOW | N/A |
|
znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.
|
|||||
| CVE-1999-0678 | 2 Apache, Debian | 2 Http Server, Debian Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
|
|||||
| CVE-1999-0038 | 7 Bsdi, Data General, Debian and 4 more | 8 Bsd Os, Dg Ux, Debian Linux and 5 more | 2025-04-03 | 7.2 HIGH | 8.4 HIGH |
|
Buffer overflow in xlock program allows local users to execute commands as root.
|
|||||
| CVE-2002-0184 | 2 Debian, Sudo Project | 2 Debian Linux, Sudo | 2025-04-03 | 7.2 HIGH | 7.8 HIGH |
|
Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded.
|
|||||
| CVE-2004-0915 | 2 Debian, Viewcvs | 2 Debian Linux, Viewcvs | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple unknown vulnerabilities in viewcvs before 0.9.2, when exporting a repository as a tar archive, does not properly implement the hide_cvsroot and forbidden settings, which could allow remote attackers to gain sensitive information.
|
|||||
| CVE-2006-1564 | 1 Debian | 1 Debian Linux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
|
|||||
| CVE-2000-1135 | 1 Debian | 1 Debian Linux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
fshd (fsh daemon) in Debian GNU/Linux allows local users to overwrite files of other users via a symlink attack.
|
|||||
| CVE-2004-1005 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.
|
|||||
| CVE-2004-0770 | 2 Debian, Dgen | 2 Debian Linux, Emulator | 2025-04-03 | 2.1 LOW | N/A |
|
romload.c in DGen Emulator 1.23 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files during decompression of (1) gzip or (2) bzip ROM files.
|
|||||
| CVE-1999-1048 | 2 Debian, Redhat | 2 Debian Linux, Linux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local attackers to gain privileges by creating an extremely large directory name, which is inserted into the password prompt via the \w option in the PS1 environmental variable when another user changes into that directory.
|
|||||
| CVE-2001-0441 | 3 Debian, Mandrakesoft, Redhat | 4 Debian Linux, Mandrake Linux, Mandrake Linux Corporate Server and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header.
|
|||||
| CVE-2001-0738 | 2 Debian, Immunix | 2 Debian Linux, Immunix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
LogLine function in klogd in sysklogd 1.3 in various Linux distributions allows an attacker to cause a denial of service (hang) by causing null bytes to be placed in log messages.
|
|||||
| CVE-2001-0195 | 1 Debian | 1 Debian Linux | 2025-04-03 | 2.1 LOW | 7.8 HIGH |
|
sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking.
|
|||||
| CVE-2004-1004 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.
|
|||||
| CVE-2004-0564 | 2 Debian, Roaring Penguin | 2 Debian Linux, Pppoe | 2025-04-03 | 2.1 LOW | N/A |
|
Roaring Penguin pppoe (rp-ppoe), if installed or configured to run setuid root contrary to its design, allows local users to overwrite arbitrary files. NOTE: the developer has publicly disputed the claim that this is a vulnerability because pppoe "is NOT designed to run setuid-root." Therefore this identifier applies *only* to those configurations and installations under which pppoe is run setuid root despite the developer's warnings.
|
|||||
| CVE-2001-0279 | 2 Debian, Mandrakesoft | 3 Debian Linux, Mandrake Linux, Mandrake Linux Corporate Server | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in sudo earlier than 1.6.3p6 allows local users to gain root privileges.
|
|||||
| CVE-1999-0341 | 2 Debian, Slackware | 2 Debian Linux, Slackware Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in the Linux mail program "deliver" allows local users to gain root access.
|
|||||
| CVE-2005-3302 | 2 Blender, Debian | 2 Blender, Debian Linux | 2025-04-03 | 7.5 HIGH | 7.3 HIGH |
|
Eval injection vulnerability in bvh_import.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call.
|
|||||
| CVE-2003-0440 | 2 Debian, Semi | 2 Debian Linux, Semi | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and possibly other versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
|
|||||
| CVE-2001-0235 | 1 Debian | 1 Debian Linux | 2025-04-03 | 2.1 LOW | N/A |
|
Vulnerability in crontab allows local users to read crontab files of other users by replacing the temporary file that is being edited while crontab is running.
|
|||||
| CVE-2004-0964 | 2 Debian, Zinf | 2 Debian Linux, Zinf | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for Linux, allows remote attackers or local users to execute arbitrary code via certain values in a .pls file.
|
|||||
| CVE-2005-1513 | 3 Canonical, Debian, Qmail Project | 3 Ubuntu Linux, Debian Linux, Qmail | 2025-04-03 | 5.0 MEDIUM | 9.8 CRITICAL |
|
Integer overflow in the stralloc_readyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large SMTP request.
|
|||||
| CVE-2003-0308 | 2 Debian, Sendmail | 2 Debian Linux, Sendmail | 2025-04-03 | 7.2 HIGH | N/A |
|
The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely create temporary files, which could allow local users to gain additional privileges via (1) expn, (2) checksendmail, or (3) doublebounce.pl.
|
|||||
| CVE-2005-3624 | 18 Conectiva, Debian, Easy Software Products and 15 more | 33 Linux, Debian Linux, Cups and 30 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
|
|||||
| CVE-2005-0624 | 1 Debian | 1 Reportbug | 2025-04-03 | 2.1 LOW | N/A |
|
reportbug before 2.62 creates the .reportbugrc configuration file with world-readable permissions, which allows local users to obtain email smarthost passwords.
|
|||||
| CVE-2005-1260 | 4 Apple, Bzip, Canonical and 1 more | 4 Mac Os X, Bzip2, Ubuntu Linux and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").
|
|||||