Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
DebianDebian Linux4.0

178 matches found

CVE
CVEadded 2000/01/04 5:0 a.m.59 views

CVE-1999-0730

The zsoelim program in the Debian man-db package allows local users to overwrite files via a symlink attack.

10CVSS6.6AI score0.01021EPSS
CVE
CVEadded 2000/01/04 5:0 a.m.59 views

CVE-1999-0732

The logging facility of the Debian smtp-refuser package allows local users to delete arbitrary files using symbolic links.

2.1CVSS6.8AI score0.00135EPSS
CVE
CVEadded 2000/01/18 5:0 a.m.59 views

CVE-1999-0743

Trn allows local users to overwrite other users' files via symlinks.

2.1CVSS6.7AI score0.00112EPSS
CVE
CVEadded 2006/12/20 1:28 a.m.59 views

CVE-2006-6500

Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by setting the CSS cursor to certain images that cause an i...

6.8CVSS7.7AI score0.36685EPSS
CVE
CVEadded 2007/01/19 2:28 a.m.59 views

CVE-2006-6942

Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the newname parameter to db_o...

6.8CVSS5.6AI score0.01846EPSS
CVE
CVEadded 2007/11/30 1:46 a.m.58 views

CVE-2007-6170

SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments.

6.5CVSS7.6AI score0.00369EPSS
CVE
CVEadded 2007/05/14 9:19 p.m.57 views

CVE-2007-2650

The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file.

4.3CVSS6.1AI score0.0398EPSS
CVE
CVEadded 2008/08/08 7:41 p.m.57 views

CVE-2008-3535

Off-by-one error in the iov_iter_advance function in mm/filemap.c in the Linux kernel before 2.6.27-rc2 allows local users to cause a denial of service (system crash) via a certain sequence of file I/O operations with readv and writev, as demonstrated by testcases/kernel/fs/ftest/ftest03 from the L...

4.9CVSS4.9AI score0.00047EPSS
CVE
CVEadded 2008/01/12 2:46 a.m.56 views

CVE-2007-6284

The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.

5CVSS5.9AI score0.05559EPSS
CVE
CVEadded 2008/09/11 1:13 a.m.56 views

CVE-2008-3913

Multiple memory leaks in freshclam/manager.c in ClamAV before 0.94 might allow attackers to cause a denial of service (memory consumption) via unspecified vectors related to "error handling logic".

5CVSS6AI score0.04359EPSS
CVE
CVEadded 2009/07/01 1:0 p.m.55 views

CVE-2009-2287

The kvm_arch_vcpu_ioctl_set_sregs function in the KVM in Linux kernel 2.6 before 2.6.30, when running on x86 systems, does not validate the page table root in a KVM_SET_SREGS call, which allows local users to cause a denial of service (crash or hang) via a crafted cr3 value, which triggers a NULL p...

4.9CVSS6.8AI score0.00064EPSS
CVE
CVEadded 2008/07/25 4:41 p.m.54 views

CVE-2008-3325

Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to modify profile settings and gain privileges as other users via a link or IMG tag to the user edit profile page.

6CVSS7.6AI score0.00397EPSS
CVE
CVEadded 2008/08/08 7:41 p.m.54 views

CVE-2008-3534

The shmem_delete_inode function in mm/shmem.c in the tmpfs implementation in the Linux kernel before 2.6.26.1 allows local users to cause a denial of service (system crash) via a certain sequence of file create, remove, and overwrite operations, as demonstrated by the insserv program, related to al...

4.9CVSS4.9AI score0.00046EPSS
CVE
CVEadded 2009/02/13 1:30 a.m.54 views

CVE-2008-6124

SQL injection vulnerability in the hotpot_delete_selected_attempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allows remote attackers to execute arbitrary SQL commands via a crafted selected attempt.

7.5CVSS8.3AI score0.0042EPSS
CVE
CVEadded 2000/03/22 5:0 a.m.53 views

CVE-2000-0145

The libguile.so library file used by gnucash in Debian GNU/Linux is installed with world-writable permissions.

7.5CVSS7AI score0.00382EPSS
CVE
CVEadded 2002/03/09 5:0 a.m.53 views

CVE-2001-0690

Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail headers.

7.5CVSS7.5AI score0.19934EPSS
CVE
CVEadded 2007/10/30 10:46 p.m.53 views

CVE-2007-5730

Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code via crafted data in the "net socket listen" option, aka QEMU "net socket" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "N...

7.2CVSS7.2AI score0.00139EPSS
CVE
CVEadded 2009/01/15 5:30 p.m.51 views

CVE-2008-5907

The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the '\0' ...

5CVSS8.3AI score0.0058EPSS
CVE
CVEadded 2009/01/22 11:30 p.m.51 views

CVE-2009-0255

The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.

7.5CVSS7.2AI score0.05112EPSS
CVE
CVEadded 2010/02/02 4:30 p.m.51 views

CVE-2009-4013

Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive information via vectors involving (1) control field names, (2) control field values, and (3) control ...

9.8CVSS9.3AI score0.00836EPSS
CVE
CVEadded 2007/06/21 8:30 p.m.50 views

CVE-2007-2833

Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation.

7.8CVSS6AI score0.01138EPSS
CVE
CVEadded 2008/01/04 2:46 a.m.50 views

CVE-2007-6599

Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list operat...

4.3CVSS6.3AI score0.01346EPSS
CVE
CVEadded 2009/02/13 1:30 a.m.49 views

CVE-2008-6125

Unspecified vulnerability in the user editing interface in Moodle 1.5.x, 1.6 before 1.6.6, and 1.7 before 1.7.3 allows remote authenticated users to gain privileges via unknown vectors.

6.5CVSS6.6AI score0.00391EPSS
CVE
CVEadded 2009/03/25 11:30 p.m.49 views

CVE-2009-0784

Race condition in the SystemTap stap tool 0.0.20080705 and 0.0.20090314 allows local users in the stapusr group to insert arbitrary SystemTap kernel modules and gain privileges via unknown vectors.

6.3CVSS6.2AI score0.00039EPSS
CVE
CVEadded 2008/01/25 12:0 a.m.48 views

CVE-2007-6415

scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute arbitrary code by invoking scp, as implemented by OpenSSH, with the -F and -o options.

8.5CVSS6.9AI score0.01197EPSS
CVE
CVEadded 2002/03/09 5:0 a.m.47 views

CVE-1999-1565

Man2html 2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

4.6CVSS6.8AI score0.00061EPSS
CVE
CVEadded 2002/03/09 5:0 a.m.45 views

CVE-1999-1330

The snprintf function in the db library 1.85.4 ignores the size parameter, which could allow attackers to exploit buffer overflows that would be prevented by a properly implemented snprintf.

4.6CVSS7AI score0.00097EPSS
CVE
CVEadded 2001/09/12 4:0 a.m.42 views

CVE-1999-1182

Buffer overflow in run-time linkers (1) ld.so or (2) ld-linux.so for Linux systems allows local users to gain privileges by calling a setuid program with a long program name (argv[0]) and forcing ld.so/ld-linux.so to report an error.

7.2CVSS7.7AI score0.00068EPSS
Total number of security vulnerabilities178