DEBIAN-CVE-2020-5291

Bubblewrap bwrap before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the bwrap --userns2 option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root permissions. Note that...

Debian unstable and Debian squeeze Xpdf arbitrary file deletion vulnerability

Debian unstable and Debian squeeze are both free operating systems created by the Debian Project Collaboration with Linux or FreeBSD as the kernel. foo2zjs is one of the printer drivers. xpdf is an open-source PDF reader integrated into it. zxpdf is one of the command script. A security...

Code injection

zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-12+squeeze1 as packaged in Debian squeeze deletes temporary files insecurely, which allows remote attackers to delete arbitrary files via a crafted .pdf.gz file name...

CVE-2011-2902

zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-12+squeeze1 as packaged in Debian squeeze deletes temporary files insecurely, which allows remote attackers to delete arbitrary files via a crafted .pdf.gz file name...

CVE-2016-1255

The pgctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04...

DEBIAN-CVE-2016-1252

The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection...

foo2zjs Arbitrary File Overwrite Vulnerability

Ubuntu is a GNU/Linux operating system for desktop applications developed by Canonical and the Ubuntu Foundation. Debian unstable and Debian squeeze are both free operating systems created by the Debian Project Collaboration with Linux or FreeBSD as the kernel. foo2zjs is one of the printer...

[SECURITY] [DSA 3762-1] tiff security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3762-1 [email protected] https://www.debian.org/security/ Laszlo Boszormenyi GCS January 13, 2017 https://www.debian.org/security/faq -...

CVE-2016-1252

The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection...

CVE-2011-3699

John Lim ADOdb Library for PHP 5.11 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/test-active-record.php and certain other files...

CVE-2011-3730

Drupal 7.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/simpletest/tests/upgrade/drupal-6.upload.database.php and certain other files...

[SECURITY] [DSA-2019-1] New pango1.0 packages fix denial of service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2019-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano March 20, 2010 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 1305-1 (icedove)

The remote host is missing an update to icedove announced via advisory DSA 1305-1. OpenVAS Vulnerability Test $Id: deb13051.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1305-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 086-1 (ssh-nonfree, ssh-socks)

The remote host is missing an update to ssh-nonfree, ssh-socks announced via advisory DSA 086-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Frank McIngvale LuxMan 0.41 - Local Buffer Overflow

Frank McIngvale LuxMan 0.41 - Local Buffer Overflow !/usr/bin/perl -w luxman exploit ii luxman 0.41-19.1 Pac-Man clone svgalib based Tested with "security compat" set in /etc/vga/libvga.config on debian unstable 3.1 kfinisterre@jdam:$ ./luxmanex.pl LuxMan v0.41, Copyright c 1995 Frank McIngvale...

Frank McIngvale LuxMan 0.41 Local Buffer Overflow Exploit

No description provided by source. !/usr/bin/perl -w luxman exploit ii luxman 0.41-19.1 Pac-Man clone svgalib based Tested with "security compat" set in /etc/vga/libvga.config on debian unstable 3.1 kfinisterre@jdam:$ ./luxmanex.pl LuxMan v0.41, Copyright c 1995 Frank McIngvale LuxMan comes with...

[SECURITY] [DSA 656-1] New vdr packages fix insecure file access

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 656-1 [email protected] http://www.debian.org/security/ Martin Schulze January 25th, 2005 http://www.debian.org/security/faq -...

Debian DSA-434-1 : gaim - several vulnerabilities

Stefan Esser discovered several security related problems in Gaim, a multi-protocol instant messaging client. Not all of them are applicable for the version in Debian stable, but affected the version in the unstable distribution at least. The problems were grouped for the Common Vulnerabilities a...

Possible root compromose with bsdmainutils 6.0.x < 6.0.15 (Debian testing/unstable)

Possible root compromise with calendar bsdmainutils 6.0.x 6.0.15 -------------------------------------------------------------------- Introduction ------------ The calendar utility is a handy little tool that informs you about upcoming events. Each user can define his/her own calendar events. In...

[SECURITY] [DSA 517-1] New CVS packages fix buffer overflow

-------------------------------------------------------------------------- Debian Security Advisory DSA 517-1 [email protected] http://www.debian.org/security/ Martin Schulze June 10th, 2004 http://www.debian.org/security/faq -...