34 matches found
UBUNTU-CVE-2019-11675
The groonga-httpd package 6.1.5-1 for Debian sets the /var/log/groonga ownership to the groonga account, which might let local users obtain root access because of unsafe interaction with logrotate. For example, an attacker can exploit a race condition to insert a symlink from /var/log/groonga/htt...
DEBIAN-CVE-2019-11675
The groonga-httpd package 6.1.5-1 for Debian sets the /var/log/groonga ownership to the groonga account, which might let local users obtain root access because of unsafe interaction with logrotate. For example, an attacker can exploit a race condition to insert a symlink from /var/log/groonga/htt...
CVE-2019-11675
The groonga-httpd package 6.1.5-1 for Debian sets the /var/log/groonga ownership to the groonga account, which might let local users obtain root access because of unsafe interaction with logrotate. For example, an attacker can exploit a race condition to insert a symlink from /var/log/groonga/htt...
UBUNTU-CVE-2015-0860
Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which trigger...
[SECURITY] [DSA 3405-1] smokeping security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3405-1 [email protected] https://www.debian.org/security/ Florian Weimer November 25, 2015 https://www.debian.org/security/faq -...
CVE-2013-0260
Unspecified vulnerability in the Drush Debian Packaging module for Drupal allows local users to obtain database credentials via unknown vectors...
Design/Logic Flaw
Unspecified vulnerability in the Drush Debian Packaging module for Drupal allows local users to obtain database credentials via unknown vectors...
CVE-2013-0260
CVE-2013-0260 refers to an information-disclosure vulnerability in the Drush Debian Packaging module for Drupal. The connected Drupal advisory (SA-CONTRIB-2013-014) states the module does not sufficiently protect database credentials, and exploitation requires shell access to the server. Affected...
CVE-2013-0260
Unspecified vulnerability in the Drush Debian Packaging module for Drupal allows local users to obtain database credentials via unknown vectors...
SA-CONTRIB-2013-014 - Drush Debian Packaging - Information Disclosure - Unsupported
This package is a tool to build debian packages from a Drupal instance. The module doesn't sufficiently protect database credentials. This vulnerability is mitigated by the fact that an attacker must have shell access to the server. CVE identifiers issued CVE-2013-0260 Versions affected All...
Ubuntu 4.10 : debmake vulnerability (USN-49-1)
Javier Fernandez-Sanguino Pena noticed that the debstd script from debmake, a deprecated helper package for Debian packaging, created temporary directories in an insecure manner. This could allow a symlink attack to create or overwrite arbitrary files with the privileges of the user invoking the...
DSA-615-1 debmake - insecure temporary file
Bulletin has no description...
[SECURITY] [DSA-131-1] Apache chunk handling vulnerability
Package : apache Problem type : remote DoS / exploit Debian-specific: no CVE name : CAN-2002-0392 CERT advisory : VU944335 Mark Litchfield found a denial of service attack in the Apache web-server. While investigating the problem the Apache Software Foundation discovered that the code for handlin...
[SECURITY] new version of zope released
Package: zope Vulnerability type: remote unprivileged access Debian-specific: no On versions of Zope prior to 2.2beta1 it was possible for a user with the ability to edit DTML can gain unauthorized access to extra roles during a request. Debian 2.1 slink did not include zope, and is not vulnerabl...