Filtered by vendor Debian
Subscribe
Total
10144 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-2902 | 2 Debian, Glyphandcog | 2 Debian Linux, Xpdf | 2024-11-21 | 6.4 MEDIUM | 5.3 MEDIUM |
|
zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-12+squeeze1 as packaged in Debian squeeze deletes temporary files insecurely, which allows remote attackers to delete arbitrary files via a crafted .pdf.gz file name.
|
|||||
| CVE-2011-2897 | 3 Debian, Gnome, Redhat | 3 Debian Linux, Gdk-pixbuf, Enterprise Linux | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw
|
|||||
| CVE-2011-2767 | 4 Apache, Canonical, Debian and 1 more | 7 Mod Perl, Ubuntu Linux, Debian Linux and 4 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.
|
|||||
| CVE-2011-2726 | 4 Debian, Drupal, Fedoraproject and 1 more | 4 Debian Linux, Drupal, Fedora and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent node is denied access, non-privileged users can still download the file attached to the comment if they know or guess its direct URL.
|
|||||
| CVE-2011-2523 | 2 Debian, Vsftpd Project | 2 Debian Linux, Vsftpd | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
|
|||||
| CVE-2011-2515 | 3 Debian, Packagekit Project, Redhat | 3 Debian Linux, Packagekit, Enterprise Linux Server | 2024-11-21 | 4.6 MEDIUM | 5.3 MEDIUM |
|
PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code.
|
|||||
| CVE-2011-2207 | 3 Debian, Gnupg, Redhat | 3 Debian Linux, Gnupg, Enterprise Linux | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate.
|
|||||
| CVE-2011-2187 | 2 Debian, Xscreensaver Project | 2 Debian Linux, Xscreensaver | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication.
|
|||||
| CVE-2011-1939 | 3 Debian, Php, Zend | 3 Debian Linux, Php, Zend Framework | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6.
|
|||||
| CVE-2011-1934 | 2 Debian, Lilo Project | 2 Debian Linux, Lilo | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
lilo-uuid-diskid causes lilo.conf to be world-readable in lilo 23.1.
|
|||||
| CVE-2011-1930 | 2 Debian, Klibc Project | 2 Debian Linux, Klibc | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP options.
|
|||||
| CVE-2011-1588 | 3 Debian, Opensuse, Xfce | 3 Debian Linux, Opensuse, Thunar | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Thunar before 1.3.1 could crash when copy and pasting a file name with % format characters due to a format string error.
|
|||||
| CVE-2011-1490 | 3 Debian, Opensuse, Rsyslog | 3 Debian Linux, Opensuse, Rsyslog | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset
|
|||||
| CVE-2011-1489 | 3 Debian, Opensuse, Rsyslog | 3 Debian Linux, Opensuse, Rsyslog | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset.
|
|||||
| CVE-2011-1488 | 3 Debian, Opensuse, Rsyslog | 3 Debian Linux, Opensuse, Rsyslog | 2024-11-21 | 1.9 LOW | 5.5 MEDIUM |
|
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when $RepeatedMsgReduction was enabled. A local attacker could use this flaw to cause a denial of the rsyslogd daemon service by crashing the service via a sequence of repeated log messages sent within short periods of time.
|
|||||
| CVE-2011-1408 | 2 Debian, Ikiwiki | 2 Debian Linux, Ikiwiki | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
|
ikiwiki before 3.20110608 allows remote attackers to hijack root's tty and run symlink attacks.
|
|||||
| CVE-2011-1145 | 4 Debian, Opensuse, Redhat and 1 more | 4 Debian Linux, Opensuse, Enterprise Linux and 1 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string.
|
|||||
| CVE-2011-1136 | 2 Debian, Tesseract Project | 2 Debian Linux, Tesseract | 2024-11-21 | 6.3 MEDIUM | 4.7 MEDIUM |
|
In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's file.
|
|||||
| CVE-2011-1070 | 2 Debian, V86d Project | 2 Debian Linux, V86d | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
v86d before 0.1.10 do not verify if received netlink messages are sent by the kernel. This could allow unprivileged users to manipulate the video mode and potentially other consequences.
|
|||||
| CVE-2011-1028 | 2 Debian, Smarty | 2 Debian Linux, Smarty | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.
|
|||||
| CVE-2011-0703 | 2 Debian, Gksu-polkit Project | 2 Debian Linux, Gksu-polkit | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an administrator X11 session.
|
|||||
| CVE-2011-0544 | 2 Debian, Phpbb | 2 Debian Linux, Phpbb | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag.
|
|||||
| CVE-2011-0529 | 2 Debian, Weborf Project | 2 Debian Linux, Weborf | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Weborf before 0.12.5 is affected by a Denial of Service (DOS) due to malformed fields in HTTP.
|
|||||
| CVE-2010-5108 | 2 Debian, Edgewall | 2 Debian Linux, Trac | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions.
|
|||||
| CVE-2010-4817 | 2 Debian, Pithos Project | 2 Debian Linux, Pithos | 2024-11-21 | 3.6 LOW | 5.5 MEDIUM |
|
pithos before 0.3.5 allows overwrite of arbitrary files via symlinks.
|
|||||
| CVE-2010-4664 | 3 Consolekit Project, Debian, Redhat | 3 Consolekit, Debian Linux, Enterprise Linux | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. This flaw allows an authenticated system user to escalate their privileges by initiating a remote VNC session.
|
|||||
| CVE-2010-4661 | 5 Debian, Fedoraproject, Opensuse and 2 more | 5 Debian Linux, Fedora, Opensuse and 2 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules.
|
|||||
| CVE-2010-4657 | 3 Debian, Php, Redhat | 3 Debian Linux, Php, Enterprise Linux | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output.
|
|||||
| CVE-2010-4654 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack.
|
|||||
| CVE-2010-4653 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts.
|
|||||
| CVE-2010-4533 | 2 Debian, Offlineimap | 2 Debian Linux, Offlineimap | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple security deficiencies.
|
|||||
| CVE-2010-4532 | 2 Debian, Offlineimap | 2 Debian Linux, Offlineimap | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
offlineimap before 6.3.2 does not check for SSL server certificate validation when "ssl = yes" option is specified which can allow man-in-the-middle attacks.
|
|||||
| CVE-2010-3844 | 2 Debian, Ettercap-project | 2 Debian Linux, Ettercap | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An unchecked sscanf() call in ettercap before 0.7.5 allows an insecure temporary settings file to overflow a static-sized buffer on the stack.
|
|||||
| CVE-2010-3674 | 2 Debian, Typo3 | 2 Debian Linux, Typo3 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
TYPO3 before 4.4.1 allows XSS in the frontend search box.
|
|||||
| CVE-2010-3440 | 2 Babiloo Project, Debian | 2 Babiloo, Debian Linux | 2024-11-21 | 3.3 LOW | 5.5 MEDIUM |
|
babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and unpacking dictionary files, allowing a local attacker to overwrite arbitrary files.
|
|||||
| CVE-2010-3439 | 3 Cor-entertainment, Debian, Fedoraproject | 3 Alien-arena, Debian Linux, Fedora | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command.
|
|||||
| CVE-2010-3438 | 3 Debian, Fedoraproject, Libpoe-component-irc-perl Project | 3 Debian Linux, Fedora, Libpoe-component-irc-perl | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\rQUIT" to the 'privmsg' handler, which would cause the client to disconnect from the server.
|
|||||
| CVE-2010-3373 | 2 Debian, Grsecurity | 2 Debian Linux, Paxtest | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
paxtest handles temporary files insecurely
|
|||||
| CVE-2010-3359 | 2 Debian, Gargoyle Project | 2 Debian Linux, Gargoyle | 2024-11-21 | 4.4 MEDIUM | 4.8 MEDIUM |
|
If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. This can allow a local user to trick another user into running gargoyle in a directory with a cracked libgarglk.so and gain access to the user's account.
|
|||||
| CVE-2010-3299 | 2 Debian, Rubyonrails | 2 Debian Linux, Rails | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks.
|
|||||