Lucene search
K

34 matches found

OSV
OSV
added 2019/05/02 6:29 a.m.7 views

UBUNTU-CVE-2019-11675

The groonga-httpd package 6.1.5-1 for Debian sets the /var/log/groonga ownership to the groonga account, which might let local users obtain root access because of unsafe interaction with logrotate. For example, an attacker can exploit a race condition to insert a symlink from /var/log/groonga/htt...

7CVSS7AI score0.00234EPSS
Exploits0References3
OSV
OSV
added 2019/05/02 6:29 a.m.2 views

DEBIAN-CVE-2019-11675

The groonga-httpd package 6.1.5-1 for Debian sets the /var/log/groonga ownership to the groonga account, which might let local users obtain root access because of unsafe interaction with logrotate. For example, an attacker can exploit a race condition to insert a symlink from /var/log/groonga/htt...

7CVSS6.5AI score0.00234EPSS
Exploits0References1
OSV
OSV
added 2019/05/02 6:29 a.m.7 views

CVE-2019-11675

The groonga-httpd package 6.1.5-1 for Debian sets the /var/log/groonga ownership to the groonga account, which might let local users obtain root access because of unsafe interaction with logrotate. For example, an attacker can exploit a race condition to insert a symlink from /var/log/groonga/htt...

7CVSS6.7AI score
Exploits0References1
OSV
OSV
added 2015/11/26 6:0 p.m.4 views

UBUNTU-CVE-2015-0860

Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which trigger...

7.5CVSS8.2AI score0.05035EPSS
Exploits0References3
Debian
Debian
added 2015/11/25 9:27 p.m.67 views

[SECURITY] [DSA 3405-1] smokeping security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3405-1 [email protected] https://www.debian.org/security/ Florian Weimer November 25, 2015 https://www.debian.org/security/faq -...

7.5CVSS6.8AI score0.02326EPSS
Exploits0
NVD
NVD
added 2013/03/27 9:55 p.m.20 views

CVE-2013-0260

Unspecified vulnerability in the Drush Debian Packaging module for Drupal allows local users to obtain database credentials via unknown vectors...

2.1CVSS6.1AI score0.00312EPSS
Exploits0References2
Prion
Prion
added 2013/03/27 9:55 p.m.10 views

Design/Logic Flaw

Unspecified vulnerability in the Drush Debian Packaging module for Drupal allows local users to obtain database credentials via unknown vectors...

2.1CVSS6.6AI score0.00312EPSS
Exploits0References2
CVE
CVE
added 2013/03/27 9:0 p.m.37 views

CVE-2013-0260

CVE-2013-0260 refers to an information-disclosure vulnerability in the Drush Debian Packaging module for Drupal. The connected Drupal advisory (SA-CONTRIB-2013-014) states the module does not sufficiently protect database credentials, and exploitation requires shell access to the server. Affected...

2.1CVSS6.3AI score0.00312EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2013/03/27 9:0 p.m.25 views

CVE-2013-0260

Unspecified vulnerability in the Drush Debian Packaging module for Drupal allows local users to obtain database credentials via unknown vectors...

6.1AI score0.00312EPSS
Exploits0References2
Drupal
Drupal
added 2013/01/30 12:0 a.m.22 views

SA-CONTRIB-2013-014 - Drush Debian Packaging - Information Disclosure - Unsupported

This package is a tool to build debian packages from a Drupal instance. The module doesn't sufficiently protect database credentials. This vulnerability is mitigated by the fact that an attacker must have shell access to the server. CVE identifiers issued CVE-2013-0260 Versions affected All...

2.1CVSS6.4AI score0.00312EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2006/01/15 12:0 a.m.22 views

Ubuntu 4.10 : debmake vulnerability (USN-49-1)

Javier Fernandez-Sanguino Pena noticed that the debstd script from debmake, a deprecated helper package for Debian packaging, created temporary directories in an insecure manner. This could allow a symlink attack to create or overwrite arbitrary files with the privileges of the user invoking the...

2.1CVSS5.6AI score0.00389EPSS
Exploits0References1
OSV
OSV
added 2004/12/22 12:0 a.m.18 views

DSA-615-1 debmake - insecure temporary file

Bulletin has no description...

2.1CVSS6.1AI score0.00389EPSS
Exploits0
Debian
Debian
added 2002/06/19 1:19 a.m.23 views

[SECURITY] [DSA-131-1] Apache chunk handling vulnerability

Package : apache Problem type : remote DoS / exploit Debian-specific: no CVE name : CAN-2002-0392 CERT advisory : VU944335 Mark Litchfield found a denial of service attack in the Apache web-server. While investigating the problem the Apache Software Foundation discovered that the code for handlin...

7.5CVSS6.4AI score0.95027EPSS
Exploits8
Debian
Debian
added 2000/08/12 12:30 a.m.2 views

[SECURITY] new version of zope released

Package: zope Vulnerability type: remote unprivileged access Debian-specific: no On versions of Zope prior to 2.2beta1 it was possible for a user with the ability to edit DTML can gain unauthorized access to extra roles during a request. Debian 2.1 slink did not include zope, and is not vulnerabl...

5.5AI score
Exploits0
Rows per page
Query Builder