Filtered by vendor Debian
Subscribe
Search
Total
6968 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5135 | 1 Debian | 1 Os-prober | 2008-11-18 | 6.2 MEDIUM | N/A |
| ** DISPUTED ** os-prober in os-prober 1.17 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/mounted-map or (2) /tmp/raided-map temporary file. NOTE: the vendor disputes this issue, stating "the insecure code path should only ever run inside a d-i environment, which has no non-root users." | |||||
| CVE-2008-4407 | 1 Debian | 1 Xsabre | 2008-11-15 | 2.1 LOW | N/A |
| XRunSabre in sabre (aka xsabre) 0.2.4b relies on the ability to create /tmp/sabre.log, which allows local users to cause a denial of service (application unavailability) by creating a /tmp/sabre.log file that cannot be overwritten. | |||||
| CVE-2007-6418 | 1 Debian | 1 Debian Linux | 2008-11-15 | 2.1 LOW | N/A |
| The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the MySQL dspam database password in a command line argument, which might allow local users to read the password by listing the process and its arguments. | |||||
| CVE-2007-5193 | 2 Debian, Twiki | 2 Debian Linux, Twiki | 2008-11-15 | 5.0 MEDIUM | N/A |
| The default configuration for twiki 4.1.2 on Debian GNU/Linux, and possibly other operating systems, specifies the work area directory (cfg{RCS}{WorkAreaDir}) under the web document root, which might allow remote attackers to obtain sensitive information when .htaccess restrictions are not applied. | |||||
| CVE-2005-0392 | 1 Debian | 1 Ppxp | 2008-11-15 | 7.2 HIGH | N/A |
| ppxp does not drop root privileges before opening log files, which allows local users to execute arbitrary commands. | |||||
| CVE-2007-6610 | 1 Debian | 1 Unp | 2008-11-15 | 10.0 HIGH | N/A |
| unp 1.0.12, and other versions before 1.0.14, does not properly escape file names, which might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument. NOTE: this might only be a vulnerability when unp is invoked by a third party product. | |||||
| CVE-2008-4440 | 1 Debian | 1 Feta | 2008-11-11 | 7.2 HIGH | N/A |
| The to-upgrade plugin in feta 1.4.16 allows local users to overwrite arbitrary files via a symlink on the (1) /tmp/feta.install.$USER and (2) /tmp/feta.avail.$USER temporary files. | |||||
| CVE-2003-0308 | 2 Debian, Sendmail | 2 Debian Linux, Sendmail | 2008-11-11 | 7.2 HIGH | N/A |
| The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely create temporary files, which could allow local users to gain additional privileges via (1) expn, (2) checksendmail, or (3) doublebounce.pl. | |||||
| CVE-2008-4996 | 1 Debian | 1 Initramfs-tools | 2008-11-10 | 6.9 MEDIUM | N/A |
| ** DISPUTED ** init in initramfs-tools 0.92f allows local users to overwrite arbitrary files via a symlink attack on the /tmp/initramfs.debug temporary file. NOTE: the vendor disputes this vulnerability, stating that "init is [used in] a single-user context; there's no possibility that this is exploitable." | |||||
| CVE-2008-4099 | 1 Debian | 2 Linux, Python-dns | 2008-09-19 | 6.4 MEDIUM | N/A |
| PyDNS (aka python-dns) before 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. | |||||
| CVE-2008-4126 | 1 Debian | 2 Linux, Python-dns | 2008-09-19 | 6.4 MEDIUM | N/A |
| PyDNS (aka python-dns) before 2.3.1-5 in Debian GNU/Linux does not use random source ports for DNS requests and does not use random transaction IDs for DNS retries, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4099. | |||||
| CVE-2002-1395 | 1 Debian | 1 Internet Message | 2008-09-10 | 2.1 LOW | N/A |
| Internet Message (IM) 141-18 and earlier uses predictable file and directory names, which allows local users to (1) obtain unauthorized directory permissions via a temporary directory used by impwagent, and (2) overwrite and create arbitrary files via immknmz. | |||||
| CVE-2002-0875 | 2 Debian, Sgi | 3 Debian Linux, Fam, Irix | 2008-09-10 | 2.1 LOW | N/A |
| Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows unprivileged users to obtain the names of files whose access is restricted to the root group. | |||||
| CVE-2001-1331 | 2 Debian, Progeny | 2 Debian Linux, Debian | 2008-09-10 | 1.2 LOW | N/A |
| mandb in the man-db package before 2.3.16-3 allows local users to overwrite arbitrary files via the command line options (1) -u or (2) -c, which do not drop privileges and follow symlinks. | |||||
| CVE-2000-0606 | 3 Debian, Mandrakesoft, Redhat | 3 Debian Linux, Mandrake Linux, Linux | 2008-09-10 | 7.2 HIGH | N/A |
| Buffer overflow in kon program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via a long -StartupMessage parameter. | |||||
| CVE-2000-0607 | 3 Debian, Mandrakesoft, Redhat | 3 Debian Linux, Mandrake Linux, Linux | 2008-09-10 | 7.2 HIGH | N/A |
| Buffer overflow in fld program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via an input file containing long CHARSET_REGISTRY or CHARSET_ENCODING settings. | |||||
| CVE-2000-0366 | 1 Debian | 1 Debian Linux | 2008-09-10 | 2.1 LOW | N/A |
| dump in Debian GNU/Linux 2.1 does not properly restore symlinks, which allows a local user to modify the ownership of arbitrary files. | |||||
| CVE-2000-0289 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Linux | 2008-09-10 | 5.0 MEDIUM | N/A |
| IP masquerading in Linux 2.2.x allows remote attackers to route UDP packets through the internal interface by modifying the external source IP address and port number to match those of an established connection. | |||||
| CVE-2000-0145 | 1 Debian | 1 Debian Linux | 2008-09-10 | 7.5 HIGH | N/A |
| The libguile.so library file used by gnucash in Debian GNU/Linux is installed with world-writable permissions. | |||||
| CVE-2000-0229 | 4 Alessandro Rubini, Debian, Redhat and 1 more | 4 Gpm, Debian Linux, Linux and 1 more | 2008-09-10 | 7.2 HIGH | N/A |
| gpm-root in the gpm package does not properly drop privileges, which allows local users to gain privileges by starting a utility from gpm-root. | |||||
| CVE-2000-0107 | 1 Debian | 1 Debian Linux | 2008-09-10 | 7.2 HIGH | N/A |
| Linux apcd program allows local attackers to modify arbitrary files via a symlink attack. | |||||
| CVE-1999-0832 | 2 Debian, Redhat | 2 Debian Linux, Linux | 2008-09-09 | 10.0 HIGH | N/A |
| Buffer overflow in NFS server on Linux allows attackers to execute commands via a long pathname. | |||||
| CVE-1999-0986 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Linux | 2008-09-09 | 5.0 MEDIUM | N/A |
| The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option. | |||||
| CVE-1999-0978 | 1 Debian | 1 Debian Linux | 2008-09-09 | 7.5 HIGH | N/A |
| htdig allows remote attackers to execute commands via filenames with shell metacharacters. | |||||
| CVE-1999-0939 | 1 Debian | 1 Debian Linux | 2008-09-09 | 5.0 MEDIUM | N/A |
| Denial of service in Debian IRC Epic/epic4 client via a long string. | |||||
| CVE-1999-0914 | 1 Debian | 1 Debian Linux | 2008-09-09 | 7.2 HIGH | N/A |
| Buffer overflow in the FTP client in the Debian GNU/Linux netstd package. | |||||
| CVE-1999-0872 | 4 Caldera, Debian, Paul Vixie and 1 more | 4 Openlinux, Debian Linux, Vixie Cron and 1 more | 2008-09-09 | 7.2 HIGH | N/A |
| Buffer overflow in Vixie cron allows local users to gain root access via a long MAILTO environment variable in a crontab file. | |||||
| CVE-1999-0831 | 4 Cobalt, Debian, Sun and 1 more | 6 Qube, Debian Linux, Cobalt Raq and 3 more | 2008-09-09 | 5.0 MEDIUM | N/A |
| Denial of service in Linux syslogd via a large number of connections. | |||||
| CVE-1999-0769 | 4 Caldera, Debian, Paul Vixie and 1 more | 4 Openlinux, Debian Linux, Vixie Cron and 1 more | 2008-09-09 | 7.2 HIGH | N/A |
| Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable. | |||||
| CVE-1999-0742 | 1 Debian | 1 Debian Linux | 2008-09-09 | 5.0 MEDIUM | N/A |
| The Debian mailman package uses weak authentication, which allows attackers to gain privileges. | |||||
| CVE-1999-0804 | 4 Debian, Linux, Redhat and 1 more | 4 Debian Linux, Linux Kernel, Linux and 1 more | 2008-09-09 | 5.0 MEDIUM | N/A |
| Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, and IP header lengths. | |||||
| CVE-1999-0373 | 1 Debian | 1 Debian Linux | 2008-09-09 | 7.2 HIGH | N/A |
| Buffer overflow in the "Super" utility in Debian GNU/Linux, and other operating systems, allows local users to execute commands as root. | |||||
| CVE-1999-0341 | 2 Debian, Slackware | 2 Debian Linux, Slackware Linux | 2008-09-09 | 7.2 HIGH | N/A |
| Buffer overflow in the Linux mail program "deliver" allows local users to gain root access. | |||||
| CVE-1999-0405 | 4 Debian, Freebsd, Redhat and 1 more | 4 Debian Linux, Freebsd, Linux and 1 more | 2008-09-09 | 7.2 HIGH | N/A |
| A buffer overflow in lsof allows local users to obtain root privilege. | |||||
| CVE-1999-0374 | 1 Debian | 1 Debian Linux | 2008-09-09 | 2.1 LOW | N/A |
| Debian GNU/Linux cfengine package is susceptible to a symlink attack. | |||||
| CVE-1999-0434 | 5 Caldera, Debian, Netbsd and 2 more | 5 Openlinux, Debian Linux, Netbsd and 2 more | 2008-09-09 | 7.5 HIGH | N/A |
| XFree86 xfs command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service. | |||||
| CVE-1999-0457 | 1 Debian | 1 Debian Linux | 2008-09-09 | 7.2 HIGH | N/A |
| Linux ftpwatch program allows local users to gain root privileges. | |||||
| CVE-1999-0381 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2008-09-09 | 7.2 HIGH | N/A |
| super 3.11.6 and other versions have a buffer overflow in the syslog utility which allows a local user to gain root access. | |||||
| CVE-1999-0368 | 7 Caldera, Debian, Proftpd Project and 4 more | 8 Openlinux, Debian Linux, Proftpd and 5 more | 2008-09-09 | 10.0 HIGH | N/A |
| Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto. | |||||
| CVE-1999-0389 | 1 Debian | 1 Debian Linux | 2008-09-09 | 7.2 HIGH | N/A |
| Buffer overflow in the bootp server in the Debian Linux netstd package. | |||||
| CVE-1999-0048 | 3 Debian, Ibm, Nec | 5 Netkit, Aix, Asl Ux 4800 and 2 more | 2008-09-09 | 10.0 HIGH | N/A |
| Talkd, when given corrupt DNS information, can be used to execute arbitrary commands with root privileges. | |||||
| CVE-2008-0931 | 2 Debian, Xwine | 2 Debian Linux, Xwine | 2008-09-05 | 6.3 MEDIUM | N/A |
| w_export.c in XWine 1.0.1 on Debian GNU/Linux sets insecure permissions (0666) for /etc/wine/config, which might allow local users to execute arbitrary commands or cause a denial of service by modifying the file. | |||||
| CVE-2008-0930 | 2 Debian, Freshmeat | 2 Debian Linux, Xwine | 2008-09-05 | 7.2 HIGH | N/A |
| w_editeur.c in XWine 1.0.1 for Debian GNU/Linux allows local users to overwrite or print arbitrary files via a symlink attack on the temporaire temporary file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-0302 | 1 Debian | 1 Apt-listchanges | 2008-09-05 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in apt-listchanges.py in apt-listchanges before 2.82 allows local users to execute arbitrary code via a malicious apt-listchanges program in the current working directory. | |||||
| CVE-2008-0162 | 2 Debian, Sam Lantinga | 2 Debian Linux, Splitvt | 2008-09-05 | 7.2 HIGH | N/A |
| misc.c in splitvt 1.6.6 and earlier does not drop group privileges before executing xprop, which allows local users to gain privileges. | |||||
| CVE-2007-6415 | 1 Debian | 1 Debian Linux | 2008-09-05 | 8.5 HIGH | N/A |
| scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute arbitrary code by invoking scp, as implemented by OpenSSH, with the -F and -o options. | |||||
| CVE-2007-2833 | 3 Debian, Gnu, Mandrakesoft | 4 Debian Linux, Emacs, Mandrake Linux and 1 more | 2008-09-05 | 7.8 HIGH | N/A |
| Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation. | |||||
| CVE-2006-1772 | 1 Debian | 1 Debian Linux | 2008-09-05 | 7.2 HIGH | N/A |
| debconf in Debian GNU/Linux, when configuring mnogosearch in the mnogosearch-common 3.2.31-1 package, uses the world-readable config.dat file instead of the restricted passwords.dat for storing the cleartext database administrator password in the mnogosearch-common/database_admin_pass record, which allows local users to view the password. | |||||
| CVE-2005-4728 | 1 Debian | 1 Amaya | 2008-09-05 | 4.6 MEDIUM | N/A |
| Untrusted search path vulnerability (RPATH) in amaya 9.2.1 on Debian GNU/Linux allows local users to gain privileges via a malicious Mesa library in the /home/anand directory. | |||||
| CVE-2005-2214 | 1 Debian | 1 Apt-setup | 2008-09-05 | 4.6 MEDIUM | N/A |
| apt-setup in Debian GNU/Linux installs the apt.conf file with insecure permissions, which allows local users to obtain sensitive information such as passwords. | |||||