Debian Linux@8.0 Security Vulnerabilities and Issues — Page 70 of Debian Linux@8.0 CVE List

PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code.

5.3CVSS5.4AI score0.00165EPSS

CVE•added 2019/11/27 6:15 p.m.•41 views

CVE-2012-2248

An issue was discovered in dhclient 4.3.1-6 due to an embedded path variable.

9.3CVSS7.9AI score0.0244EPSS

CVE•added 2017/12/14 4:29 p.m.•41 views

CVE-2017-17514

boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER en...

8.8CVSS8.4AI score0.0056EPSS

CVE•added 2019/11/07 9:15 p.m.•40 views

CVE-2010-2450

The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable b...

7.5CVSS7.4AI score0.00163EPSS

CVE•added 2019/11/14 2:15 a.m.•40 views

CVE-2011-1588

Thunar before 1.3.1 could crash when copy and pasting a file name with % format characters due to a format string error.

7.8CVSS7.5AI score0.0032EPSS

CVE•added 2019/11/12 3:15 p.m.•40 views

CVE-2011-3618

atop: symlink attack possible due to insecure tempfile handling

7.8CVSS7.5AI score0.00107EPSS

CVE•added 2019/11/13 4:15 p.m.•40 views

CVE-2012-4384

letodms has multiple XSS issues: Reflected XSS in Login Page, Stored XSS in Document Owner/User name, Stored XSS in Calendar

6.1CVSS5.9AI score0.0045EPSS

CVE•added 2019/11/14 1:15 a.m.•39 views

CVE-2011-1136

In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's file.

6.3CVSS4.8AI score0.00256EPSS

CVE•added 2019/11/27 7:15 p.m.•39 views

CVE-2011-2207

dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate.

5.3CVSS5.3AI score0.01445EPSS

CVE•added 2018/06/20 6:29 p.m.•39 views

CVE-2018-12601

There is a heap-based buffer overflow in ReadImage in input-tga.ci in sam2p 0.49.4 that leads to a denial of service or possibly unspecified other impact.

9.8CVSS9.7AI score0.00569EPSS

CVE•added 2019/10/29 7:15 p.m.•38 views

CVE-2010-3373

paxtest handles temporary files insecurely

5.5CVSS5.5AI score0.00141EPSS

CVE•added 2019/11/13 7:15 p.m.•38 views

CVE-2010-4533

offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple security deficiencies.

9.8CVSS9.4AI score0.00276EPSS

CVE•added 2019/11/13 11:15 p.m.•38 views

CVE-2010-5108

Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions.

7.5CVSS7.4AI score0.00311EPSS

CVE•added 2017/12/14 4:29 p.m.•38 views

CVE-2017-17527

delphi_gui/WWWBrowserRunnerDM.pas in PasDoc 0.14 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer has indicated that the code ...

8.8CVSS8.5AI score0.00545EPSS

CVE•added 2019/11/07 6:15 p.m.•37 views

CVE-2012-0051

Tahoe-LAFS 1.9.0 fails to ensure integrity which allows remote attackers to corrupt mutable files or directories upon retrieval.

7.4CVSS7.4AI score0.01355EPSS

CVE•added 2019/11/25 6:15 p.m.•37 views

CVE-2012-6639

An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data.

9CVSS8.6AI score0.01199EPSS

CVE•added 2019/11/07 9:15 p.m.•37 views

CVE-2013-1425

ldap-git-backup before 1.0.4 exposes password hashes due to incorrect directory permissions.

5.5CVSS5.5AI score0.00097EPSS

CVE•added 2019/11/13 10:15 p.m.•36 views

CVE-2010-4817

pithos before 0.3.5 allows overwrite of arbitrary files via symlinks.

5.5CVSS5.6AI score0.00249EPSS

CVE•added 2019/11/14 1:15 a.m.•36 views

CVE-2011-1070

v86d before 0.1.10 do not verify if received netlink messages are sent by the kernel. This could allow unprivileged users to manipulate the video mode and potentially other consequences.

7.8CVSS7.5AI score0.00132EPSS

CVE•added 2019/11/15 3:15 p.m.•36 views

CVE-2013-4584

Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. ssl_outgoing_ciphers not being applied to STARTTLS connections

5.9CVSS5.7AI score0.00579EPSS

CVE•added 2019/10/29 7:15 p.m.•34 views

CVE-2011-4931

gpw generates shorter passwords than required

7.5CVSS7.5AI score0.00363EPSS

CVE•added 2019/11/13 5:15 p.m.•34 views

CVE-2012-4385

letodms 3.3.6 has CSRF via change password

6.5CVSS6.6AI score0.00226EPSS

CVE•added 2019/11/07 11:15 p.m.•33 views

CVE-2013-1809

Gambas before 3.4.0 allows remote attackers to move or manipulate directory contents or perform symlink attacks due to the creation of insecure temporary directories.

7.5CVSS7.5AI score0.01701EPSS

CVE•added 2017/03/06 2:59 a.m.•30 views

CVE-2017-6498

An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus leading to DoS.

5.5CVSS5.4AI score0.00276EPSS

Total number of security vulnerabilities3480