Lucene search

K
DebianDebian Linux

9110 matches found

CVE
CVE
added 2000/07/19 4:0 a.m.41 views

CVE-2000-0607

Buffer overflow in fld program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via an input file containing long CHARSET_REGISTRY or CHARSET_ENCODING settings.

7.2CVSS7.3AI score0.00111EPSS
CVE
CVE
added 2001/09/18 4:0 a.m.41 views

CVE-2001-0430

Vulnerability in exuberant-ctags before 3.2.4-0.1 insecurely creates temporary files.

3.6CVSS6.5AI score0.00261EPSS
CVE
CVE
added 2019/11/06 3:15 a.m.41 views

CVE-2006-4245

archivemail 0.6.2 uses temporary files insecurely leading to a possible race condition.

8.1CVSS7.9AI score0.00335EPSS
CVE
CVE
added 2019/11/27 9:15 p.m.41 views

CVE-2011-2515

PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code.

5.3CVSS5.4AI score0.00165EPSS
CVE
CVE
added 2019/11/27 6:15 p.m.41 views

CVE-2012-2248

An issue was discovered in dhclient 4.3.1-6 due to an embedded path variable.

9.3CVSS7.9AI score0.0244EPSS
CVE
CVE
added 2017/12/14 4:29 p.m.41 views

CVE-2017-17514

boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER en...

8.8CVSS8.4AI score0.0056EPSS
CVE
CVE
added 2022/01/01 9:15 p.m.41 views

CVE-2021-45972

The giftrans function in giftrans 1.12.2 contains a stack-based buffer overflow because a value inside the input file determines the amount of data to write. This allows an attacker to overwrite up to 250 bytes outside of the allocated buffer with arbitrary data.

7.1CVSS7AI score0.00258EPSS
CVE
CVE
added 2023/08/11 2:15 p.m.41 views

CVE-2023-39947

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, even after the fix at commit 3492270, malformed PID_PROPERTY_LIST parameters cause heap overflow at a different program counter. Th...

8.2CVSS7.8AI score0.00081EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.40 views

CVE-2000-0584

Buffer overflow in Canna input system allows remote attackers to execute arbitrary commands via an SR_INIT command with a long user name or group name.

10CVSS7.9AI score0.05328EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.40 views

CVE-2002-0401

SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via malformed packets that cause Ethereal to dereference a NULL pointer.

7.5CVSS7.9AI score0.05817EPSS
CVE
CVE
added 2006/03/31 11:6 a.m.40 views

CVE-2006-1564

Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that...

4.6CVSS6.5AI score0.00074EPSS
CVE
CVE
added 2006/03/31 11:6 a.m.40 views

CVE-2006-1565

Untrusted search path vulnerability in libgpib-perl 3.2.06-2 in Debian GNU/Linux includes an RPATH value under the /tmp/buildd directory for the LinuxGpib.so module, which might allow local users to gain privileges by installing malicious libraries in that directory.

4.6CVSS6.6AI score0.00117EPSS
CVE
CVE
added 2019/11/07 9:15 p.m.40 views

CVE-2010-2450

The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable b...

7.5CVSS7.4AI score0.00163EPSS
CVE
CVE
added 2019/11/14 2:15 a.m.40 views

CVE-2011-1588

Thunar before 1.3.1 could crash when copy and pasting a file name with % format characters due to a format string error.

7.8CVSS7.5AI score0.0032EPSS
CVE
CVE
added 2019/11/12 3:15 p.m.40 views

CVE-2011-3618

atop: symlink attack possible due to insecure tempfile handling

7.8CVSS7.5AI score0.00107EPSS
CVE
CVE
added 2019/11/13 4:15 p.m.40 views

CVE-2012-4384

letodms has multiple XSS issues: Reflected XSS in Login Page, Stored XSS in Document Owner/User name, Stored XSS in Calendar

6.1CVSS5.9AI score0.0045EPSS
CVE
CVE
added 2018/04/20 8:29 p.m.40 views

CVE-2014-10073

The create_response function in server/server.c in Psensor before 1.1.4 allows Directory Traversal because it lacks a check for whether a file is under the webserver directory.

7.5CVSS7.4AI score0.00353EPSS
CVE
CVE
added 2018/02/26 3:29 p.m.40 views

CVE-2018-7487

There is a heap-based buffer overflow in the LoadPCX function of in_pcx.cpp in sam2p 0.49.4. A Crafted input will lead to a denial of service or possibly unspecified other impact.

7.8CVSS8.9AI score0.00198EPSS
CVE
CVE
added 2018/02/28 6:29 a.m.40 views

CVE-2018-7551

There is an invalid free in MiniPS::delete0 in minips.cpp that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.

9.8CVSS9.5AI score0.00597EPSS
CVE
CVE
added 2018/02/28 6:29 a.m.40 views

CVE-2018-7554

There is an invalid free in ReadImage in input-bmp.ci that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.

9.8CVSS9.5AI score0.00597EPSS
CVE
CVE
added 2023/08/11 2:15 p.m.40 views

CVE-2023-39534

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0, 2.9.2, and 2.6.5, a malformed GAP submessage can trigger assertion failure, crashing FastDDS. Version 2.10.0, 2.9.2, and 2.6.5 contain a patch for this issue...

7.5CVSS7.4AI score0.00068EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.39 views

CVE-1999-0341

Buffer overflow in the Linux mail program "deliver" allows local users to gain root access.

7.2CVSS7.6AI score0.00063EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.39 views

CVE-2001-0069

dialog before 0.9a-20000118-3bis in Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack.

2.1CVSS6.7AI score0.00109EPSS
CVE
CVE
added 2001/10/18 4:0 a.m.39 views

CVE-2001-0755

Buffer overflow in ftp daemon (ftpd) 6.2 in Debian GNU/Linux allows attackers to cause a denial of service and possibly execute arbitrary code via a long SITE command.

7.5CVSS8.2AI score0.00873EPSS
CVE
CVE
added 2002/05/03 4:0 a.m.39 views

CVE-2001-1331

mandb in the man-db package before 2.3.16-3 allows local users to overwrite arbitrary files via the command line options (1) -u or (2) -c, which do not drop privileges and follow symlinks.

1.2CVSS6.5AI score0.00066EPSS
CVE
CVE
added 2003/08/18 4:0 a.m.39 views

CVE-2003-0440

The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and possibly other versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

4.6CVSS6.1AI score0.00061EPSS
CVE
CVE
added 2019/11/14 1:15 a.m.39 views

CVE-2011-1136

In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's file.

6.3CVSS4.8AI score0.00256EPSS
CVE
CVE
added 2019/11/27 7:15 p.m.39 views

CVE-2011-2207

dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate.

5.3CVSS5.3AI score0.01445EPSS
CVE
CVE
added 2018/06/20 6:29 p.m.39 views

CVE-2018-12601

There is a heap-based buffer overflow in ReadImage in input-tga.ci in sam2p 0.49.4 that leads to a denial of service or possibly unspecified other impact.

9.8CVSS9.7AI score0.00569EPSS
CVE
CVE
added 2018/02/28 6:29 a.m.39 views

CVE-2018-7552

There is an invalid free in Mapping::DoubleHash::clear in mapping.cpp that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.

9.8CVSS9.5AI score0.00597EPSS
CVE
CVE
added 2023/02/09 10:15 p.m.39 views

CVE-2023-0770

Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.

7.8CVSS7.7AI score0.00034EPSS
CVE
CVE
added 2023/08/11 2:15 p.m.39 views

CVE-2023-39946

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, heap can be overflowed by providing a PID_PROPERTY_LIST parameter that contains a CDR string with length larger than the size of ac...

8.2CVSS7.6AI score0.00066EPSS
CVE
CVE
added 2001/09/12 4:0 a.m.38 views

CVE-1999-1390

suidexec in suidmanager 0.18 on Debian 2.0 allows local users to gain root privileges by specifying a malicious program on the command line.

7.2CVSS7.4AI score0.00148EPSS
CVE
CVE
added 2002/06/25 4:0 a.m.38 views

CVE-2002-0044

GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitrary files of the Enscript user via a symlink attack on temporary files.

3.6CVSS6.3AI score0.00141EPSS
CVE
CVE
added 2019/10/29 7:15 p.m.38 views

CVE-2010-3373

paxtest handles temporary files insecurely

5.5CVSS5.5AI score0.00141EPSS
CVE
CVE
added 2019/11/13 7:15 p.m.38 views

CVE-2010-4533

offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple security deficiencies.

9.8CVSS9.4AI score0.00276EPSS
CVE
CVE
added 2019/11/13 11:15 p.m.38 views

CVE-2010-5108

Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions.

7.5CVSS7.4AI score0.00311EPSS
CVE
CVE
added 2017/12/14 4:29 p.m.38 views

CVE-2017-17527

delphi_gui/WWWBrowserRunnerDM.pas in PasDoc 0.14 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer has indicated that the code ...

8.8CVSS8.5AI score0.00545EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.37 views

CVE-2001-0738

LogLine function in klogd in sysklogd 1.3 in various Linux distributions allows an attacker to cause a denial of service (hang) by causing null bytes to be placed in log messages.

5CVSS6.4AI score0.0082EPSS
CVE
CVE
added 2019/11/07 6:15 p.m.37 views

CVE-2012-0051

Tahoe-LAFS 1.9.0 fails to ensure integrity which allows remote attackers to corrupt mutable files or directories upon retrieval.

7.4CVSS7.4AI score0.01355EPSS
CVE
CVE
added 2019/11/25 6:15 p.m.37 views

CVE-2012-6639

An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data.

9CVSS8.6AI score0.01199EPSS
CVE
CVE
added 2019/11/07 9:15 p.m.37 views

CVE-2013-1425

ldap-git-backup before 1.0.4 exposes password hashes due to incorrect directory permissions.

5.5CVSS5.5AI score0.00097EPSS
CVE
CVE
added 2018/03/09 7:29 p.m.37 views

CVE-2018-7998

In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vips_region_generate function in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. This occurs because of a race conditi...

7.5CVSS7.2AI score0.00338EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.36 views

CVE-1999-1411

The installation of the fsp package 2.71-10 in Debian GNU/Linux 2.0 adds the anonymous FTP user without notifying the administrator, which could automatically enable anonymous FTP on some servers such as wu-ftp.

7.5CVSS7.3AI score0.00859EPSS
CVE
CVE
added 2006/03/31 11:6 a.m.36 views

CVE-2006-1566

Untrusted search path vulnerability in libtunepimp-perl 0.4.2-1 in Debian GNU/Linux includes an RPATH value under the /tmp/buildd directory for the tunepimp.so module, which might allow local users to gain privileges by installing malicious libraries in that directory.

4.6CVSS6.6AI score0.00117EPSS
CVE
CVE
added 2019/11/13 10:15 p.m.36 views

CVE-2010-4817

pithos before 0.3.5 allows overwrite of arbitrary files via symlinks.

5.5CVSS5.6AI score0.00249EPSS
CVE
CVE
added 2019/11/14 1:15 a.m.36 views

CVE-2011-1070

v86d before 0.1.10 do not verify if received netlink messages are sent by the kernel. This could allow unprivileged users to manipulate the video mode and potentially other consequences.

7.8CVSS7.5AI score0.00132EPSS
CVE
CVE
added 2017/04/13 2:59 p.m.36 views

CVE-2012-6697

InspIRCd before 2.0.7 allows remote attackers to cause a denial of service (infinite loop).

7.5CVSS8.1AI score0.01098EPSS
CVE
CVE
added 2019/11/15 3:15 p.m.36 views

CVE-2013-4584

Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. ssl_outgoing_ciphers not being applied to STARTTLS connections

5.9CVSS5.7AI score0.00579EPSS
CVE
CVE
added 2018/03/08 6:29 p.m.36 views

CVE-2018-7869

There is a memory leak triggered in the function dcinit of util/decompile.c in libming 0.4.8, which will lead to a denial of service attack.

7.5CVSS7.3AI score0.00635EPSS
Total number of security vulnerabilities9110