Lucene search
+L
DebianLintian

6 matches found

CVE
CVE
added 2005/01/19 5:0 a.m.81 views

CVE-2004-1000

The CVE-2004-1000 entry concerns the lintian Debian package checker. Affected software: lintian, versions up to 1.23 and earlier. Root cause: lintian removes the working directory even if it wasn’t created by lintian, enabling a symlink attack that could delete an unrelated or arbitrary file or d...

2.1CVSS6.2AI score0.0035EPSS
CVE
CVE
added 2010/02/02 4:25 p.m.78 views

CVE-2009-4014

CVE-2009-4014 affects Lintian: multiple format-string vulnerabilities in check scripts and the Lintian::Schedule module across Lintian 1.23.x (through 1.23.28), 1.24.x (through 1.24.2.1), and 2.x before 2.3.2. The Debian advisory and related NASL/OpenVAS entries confirm this class of issue. Impac...

7.5CVSS9.4AI score0.03059EPSS
CVE
CVE
added 2010/02/02 4:25 p.m.72 views

CVE-2009-4013

Multiple directory traversal vulnerabilities affect lintian across 1.23.x (up to 1.23.28), 1.24.x (up to 1.24.2.1), and 2.x before 2.3.2. The root cause involves unsanitized control field names/values and control files of patch systems, enabling remote attackers to overwrite arbitrary files or di...

9.8CVSS9.3AI score0.05683EPSS
CVE
CVE
added 2019/11/07 9:42 p.m.66 views

CVE-2013-1429

Summary of CVE-2013-1429 : The vulnerability affects Lintian prior to 2.5.12, wherein crafted symlinks can allow an attacker to gather information about the host system. This is a local issue (per CVSSv3: LOCAL) with a base score of 6.3 and a partial confidentiality impact (per CVSSv2: 4.3; per C...

6.3CVSS6.2AI score0.01297EPSS
CVE
CVE
added 2010/02/02 4:25 p.m.59 views

CVE-2009-4015

Lintian (versions 1.23.x–1.23.28, 1.24.x–1.24.2.1, and 2.x before 2.3.2) is affected by an input handling vulnerability where filename arguments can include unsafely shell metacharacters. This allows remote attackers to execute arbitrary commands. The issue stems from improper escaping of command...

7.5CVSS9.6AI score0.03897EPSS
CVE
CVE
added 2017/05/08 6:10 a.m.59 views

CVE-2017-8829

CVE-2017-8829 is a deserialization vulnerability in lintian up to version 2.5.50.3. A remote attacker could trigger code execution by having a user or automated system run lintian on a package with a crafted YAML file. The issue is documented across multiple sources (Debian/CNVD, Ubuntu USN-3310-...

7.8CVSS7.6AI score0.01514EPSS