CVE Daily
← All tags

Tag: Debian

All CVEs associated with "Debian". Page 3/4 • 370 CVEs.

Subscribe CVEs: RSS for “Debian”  ·  RSS (High+Critical only)

About “Debian”

A curated feed of “Debian”-related CVEs appears below. We currently track 370 CVEs for this tag (all time). In the last 365 days, 95 were published. Average CVSS is 6.5 (all time; 6.8 over 365d), and 45% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-476 - NULL Pointer Dereference, CWE-125 - Out-of-bounds Read.

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2014-05-14
Critical

CVE-2014-2405

Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-0462.

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2014-0462

Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-2405.

CVSS: 10.0 CWE: N/A View on NVD
2014-05-12
Low

CVE-2013-4577

A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the f…

CVSS: 2.1 CWE: CWE-264 View on NVD
2014-05-05
Medium

CVE-2014-0469

Stack-based buffer overflow in a certain Debian patch for xbuffy before 3.3.bl.3.dfsg-9 allows remote attackers to execute arbitrary code via the subject of an email, possibly related to indent subje…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2014-02-05
Medium

CVE-2011-4613

The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restricti…

CVSS: 4.6 CWE: CWE-264 View on NVD
2014-01-28
Low

CVE-2014-1638

(1) debian/postrm and (2) debian/localepurge.config in localepurge before 0.7.3.2 use tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new fil…

CVSS: 3.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2013-12-07
Medium

CVE-2013-6409

Debian adequate before 0.8.1, when run by root with the --user option, allows local users to hijack the tty and possibly gain privileges via the TIOCSTI ioctl.

CVSS: 6.2 CWE: CWE-264 View on NVD
2013-09-30
Low

CVE-2013-1444

A certain Debian patch for txt2man 1.5.5, as used in txt2man 1.5.5-2, 1.5.5-4, and others, allows local users to overwrite arbitrary files via a symlink attack on /tmp/2222.

CVSS: 3.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2013-09-12
Low

CVE-2013-5724

Phpbb3 before 3.0.11-4 for Debian GNU/Linux uses world-writable permissions for cache files, which allows local users to modify the file contents via standard filesystem write operations.

CVSS: 2.1 CWE: CWE-264 View on NVD
2013-08-24
Medium

CVE-2013-1662

vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allows host OS users to gain host OS privileges via a crafted lsb_release binary in…

CVSS: 6.9 CWE: CWE-264 View on NVD
2013-08-19
Low

CVE-2013-2162

Race condition in the post-installation script (mysql-server-5.5.postinst) for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions befo…

CVSS: 1.9 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2013-03-27
Low

CVE-2013-0260

Unspecified vulnerability in the Drush Debian Packaging module for Drupal allows local users to obtain database credentials via unknown vectors.

CVSS: 2.1 CWE: N/A View on NVD
2013-03-21
Low

CVE-2013-1427

The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP con…

CVSS: 1.9 CWE: CWE-310 View on NVD
2013-03-06
Medium

CVE-2013-1048

The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not proper…

CVSS: 4.6 CWE: CWE-264 View on NVD
2013-01-11
Medium

CVE-2012-2251

rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) "-e" or (2) "--" command line option.

CVSS: 4.4 CWE: CWE-20 - Improper Input Validation View on NVD
2012-11-20
High

CVE-2012-5519

CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local use…

CVSS: 7.2 CWE: CWE-264 View on NVD
2012-08-31
Low

CVE-2011-5146

Bokken before 1.6 and 1.5-x before 1.5-3 for Debian allows local users to overwrite arbitrary files via a symlink attack on /tmp/graph.dot.

CVSS: 2.6 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2012-08-07
Medium

CVE-2012-2317

The Debian php_crypt_revamped.patch patch for PHP 5.3.x, as used in the php5 package before 5.3.3-7+squeeze4 in Debian GNU/Linux squeeze, the php5 package before 5.3.2-1ubuntu4.17 in Ubuntu 10.04 LTS…

CVSS: 4.3 CWE: CWE-310 View on NVD
2012-07-12
Critical

CVE-2012-2653

arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerab…

CVSS: 10.0 CWE: N/A View on NVD
2012-04-22
Medium

CVE-2012-0216

The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides exa…

CVSS: 4.4 CWE: N/A View on NVD
2011-12-15
Low

CVE-2011-4339

ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux (RHEL) 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for…

CVSS: 3.6 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2011-03-30
Medium

CVE-2011-1548

The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard…

CVSS: 6.3 CWE: CWE-264 View on NVD
2011-03-29
Medium

CVE-2011-0441

The Debian GNU/Linux /etc/cron.d/php5 cron job for PHP 5.3.5 allows local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/.

CVSS: 6.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2011-03-25
Medium

CVE-2011-1400

The default configuration of the shell_escape_commands directive in conf/texmf.d/95NonPath.cnf in the tex-common package before 2.08.1 in Debian GNU/Linux squeeze, Ubuntu 10.10 and 10.04 LTS, and pos…

CVSS: 6.8 CWE: CWE-16 View on NVD
2011-02-23
Medium

CVE-2011-0725

Absolute path traversal vulnerability in the org.debian.apt.UpdateCachePartially method in worker.py in Aptdaemon 0.40 in Ubuntu 10.10 and 11.04 allows local users to read arbitrary files via a full…

CVSS: 4.9 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-01-20
Medium

CVE-2010-4338

ocrodjvu 0.4.6-1 on Debian GNU/Linux allows local users to modify arbitrary files via a symlink attack on temporary files that are generated when Cuneiform is invoked as the OCR engine.

CVSS: 6.2 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2011-01-14
Medium

CVE-2010-4695

A certain Fedora patch for gif2png.c in gif2png 2.5.1 and 2.5.2, as distributed in gif2png-2.5.1-1200.fc12 on Fedora 12 and gif2png_2.5.2-1 on Debian GNU/Linux, truncates a GIF pathname specified on…

CVSS: 5.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2010-09-14
Medium

CVE-2010-2953

Untrusted search path vulnerability in a certain Debian GNU/Linux patch for the couchdb script in CouchDB 0.8.0 allows local users to gain privileges via a crafted shared library in the current worki…

CVSS: 6.9 CWE: N/A View on NVD
2010-03-15
Medium

CVE-2010-0396

Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive.

CVSS: 5.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2010-02-10
Medium

CVE-2010-0394

PyGIT.py in the Trac Git plugin (trac-git) before 0.0.20080710-3+lenny1 and before 0.0.20090320-1 on Debian GNU/Linux, when enabled in Trac, allows remote attackers to execute arbitrary commands via…

CVSS: 6.8 CWE: CWE-20 - Improper Input Validation View on NVD
2009-09-21
Medium

CVE-2009-2939

The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink a…

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2009-09-17
Critical

CVE-2009-3232

pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an "empty selection" for system authentication modules in certain rare configurations, which ca…

CVSS: 9.3 CWE: CWE-287 - Improper Authentication View on NVD
2009-09-04
Critical

CVE-2009-2946

Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source…

CVSS: 9.3 CWE: N/A View on NVD
2009-05-22
Medium

CVE-2009-1381

The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.19-1 on Debian GNU/Linux, and possibly other operating systems and versions, allows remote attackers to execute arbi…

CVSS: 6.8 CWE: N/A View on NVD
2009-05-06
Medium

CVE-2009-1573

xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listin…

CVSS: 4.6 CWE: CWE-264 View on NVD
2009-01-02
Critical

CVE-2006-7236

The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified…

CVSS: 9.3 CWE: CWE-16 View on NVD
2008-12-29
High

CVE-2008-4539

Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console fo…

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2008-12-09
High

CVE-2008-5394

/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file r…

CVSS: 7.2 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2008-12-08
Medium

CVE-2008-5367

ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the /tmp/resolv.conf.tmp temporary file.

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2008-5366

The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/probe-finished or (2) /tmp/ppp-errors temporary file.

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2008-11-18
Medium

CVE-2008-5142

sendbug in freebsd-sendpr 3.113+5.3 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on a /tmp/pr.##### temporary file.

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2008-10-20
Medium

CVE-2008-3831

The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel 2.6.24 on Debian GNU/Linux and (2) sys/dev/pci/drm/i915_drv.c in OpenBSD does not restrict the DRM_I915_HWS_ADDR ioctl to the Di…

CVSS: 4.7 CWE: CWE-399 View on NVD
2008-10-15
High

CVE-2008-4553

qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files and directories.

CVSS: 7.2 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2008-10-03
High

CVE-2008-4406

A certain Debian patch to the run scripts for sabre (aka xsabre) 0.2.4b allows local users to delete or overwrite arbitrary files via a symlink attack on unspecified .tmp files.

CVSS: 7.2 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2008-09-18
Medium

CVE-2008-4126

PyDNS (aka python-dns) before 2.3.1-5 in Debian GNU/Linux does not use random source ports for DNS requests and does not use random transaction IDs for DNS retries, which makes it easier for remote a…

CVSS: 6.4 CWE: CWE-16 View on NVD
Medium

CVE-2008-4099

PyDNS (aka python-dns) before 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a di…

CVSS: 6.4 CWE: CWE-16 View on NVD
Medium

CVE-2008-4109

A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal ha…

CVSS: 5.0 CWE: CWE-264 View on NVD
2008-07-18
Medium

CVE-2008-3234

sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, follo…

CVSS: 6.5 CWE: CWE-264 View on NVD
2008-05-13
High

CVE-2008-0166

OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to cond…

CVSS: 7.5 CWE: CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) View on NVD
2008-04-16
High

CVE-2008-1771

Integer overflow in the ws_getpostvars function in Firefly Media Server (formerly mt-daapd) 0.2.4.1 (0.9~r1696-1.2 on Debian) allows remote attackers to cause a denial of service (crash) and possibly…

CVSS: 7.5 CWE: CWE-189 View on NVD
2008-03-04
High

CVE-2008-0930

w_editeur.c in XWine 1.0.1 for Debian GNU/Linux allows local users to overwrite or print arbitrary files via a symlink attack on the temporaire temporary file. NOTE: some of these details are obtain…

CVSS: 7.2 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2008-0931

w_export.c in XWine 1.0.1 on Debian GNU/Linux sets insecure permissions (0666) for /etc/wine/config, which might allow local users to execute arbitrary commands or cause a denial of service by modify…

CVSS: 6.3 CWE: CWE-264 View on NVD
2007-12-18
Low

CVE-2007-6418

The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the MySQL dspam database password in a command line argument, which might allow local users to read the password by listing the process a…

CVSS: 2.1 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2007-12-04
High

CVE-2007-6211

Send ICMP Nasty Garbage (sing) on Debian GNU/Linux allows local users to append to arbitrary files and gain privileges via the -L (output log file) option. NOTE: this issue is only a vulnerability i…

CVSS: 7.2 CWE: CWE-264 View on NVD
2007-11-05
Medium

CVE-2007-5828

Cross-site request forgery (CSRF) vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary users via a request to admin/auth/user/1/password/. NOTE: t…

CVSS: 6.8 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
2007-10-16
Medium

CVE-2007-5469

OpenSER 1.2.2 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbi…

CVSS: 5.0 CWE: CWE-264 View on NVD
2007-10-04
Medium

CVE-2007-5193

The default configuration for twiki 4.1.2 on Debian GNU/Linux, and possibly other operating systems, specifies the work area directory (cfg{RCS}{WorkAreaDir}) under the web document root, which might…

CVSS: 5.0 CWE: N/A View on NVD
2007-09-10
High

CVE-2007-3912

checkrestart in debian-goodies before 0.34 allows local users to gain privileges via shell metacharacters in the name of the executable file for a running process.

CVSS: 7.2 CWE: CWE-20 - Improper Input Validation View on NVD
2007-08-27
Low

CVE-2007-2797

xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in Debian GNU/Linux, sets the wrong group ownership of tty devices, which allows local users to write data to other users' terminals.

CVSS: 2.1 CWE: N/A View on NVD
2007-06-27
Medium

CVE-2007-1663

Memory leak in the image message functionality in ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2007-1664

ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service (NULL pointer dereference) via a vector related to the token OCR functionality.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2007-1665

Memory leak in the token OCR functionality in ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service.

CVSS: 5.0 CWE: N/A View on NVD
2007-05-08
Medium

CVE-2007-2524

Cross-site scripting (XSS) vulnerability in index.pl in Open Ticket Request System (OTRS) 2.0.x allows remote attackers to inject arbitrary web script or HTML via the Subaction parameter in an AgentT…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2007-03-03
Medium

CVE-2006-7098

The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local use…

CVSS: 6.6 CWE: CWE-264 View on NVD
2007-03-02
High

CVE-2006-7094

ftpd, as used by Gentoo and Debian Linux, sets the gid to the effective uid instead of the effective group id before executing /bin/ls, which allows remote authenticated users to list arbitrary direc…

CVSS: 8.5 CWE: N/A View on NVD
2006-10-31
High

CVE-2006-4248

thttpd on Debian GNU/Linux, and possibly other distributions, allows local users to create or touch arbitrary files via a symlink attack on the start_thttpd temporary file.

CVSS: 7.2 CWE: N/A View on NVD
2006-08-07
Low

CVE-2006-3123

Multiple integer overflows in the (1) dodecrypt and (2) doencrypt functions in cfs_fh.c in cfsd in Matt Blaze Cryptographic File System (CFS) 1.4.1 before Debian GNU/Linux package 1.4.1-17 allow loca…

CVSS: 2.1 CWE: N/A View on NVD
2006-05-23
Low

CVE-2006-2542

xmcdconfig in xmcd for Debian GNU/Linux 2.6-17.1 creates /var/lib/cddb and /var/lib/xmcd/discog with world writable permissions, which allows local users to cause a denial of service (disk consumptio…

CVSS: 2.1 CWE: N/A View on NVD
2006-05-18
Medium

CVE-2006-2443

The Debian package of knowledgetree 2.0.7 creates environment.php with world-readable permissions, which allows local users to obtain sensitive information such as the username and password for the K…

CVSS: 4.6 CWE: N/A View on NVD
2006-04-19
Low

CVE-2006-1844

The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords,…

CVSS: 2.1 CWE: N/A View on NVD
2006-04-13
High

CVE-2006-1772

debconf in Debian GNU/Linux, when configuring mnogosearch in the mnogosearch-common 3.2.31-1 package, uses the world-readable config.dat file instead of the restricted passwords.dat for storing the c…

CVSS: 7.2 CWE: N/A View on NVD
2006-03-31
Medium

CVE-2006-1564

Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so…

CVSS: 4.6 CWE: N/A View on NVD
Medium

CVE-2006-1565

Untrusted search path vulnerability in libgpib-perl 3.2.06-2 in Debian GNU/Linux includes an RPATH value under the /tmp/buildd directory for the LinuxGpib.so module, which might allow local users to…

CVSS: 4.6 CWE: N/A View on NVD
Medium

CVE-2006-1566

Untrusted search path vulnerability in libtunepimp-perl 0.4.2-1 in Debian GNU/Linux includes an RPATH value under the /tmp/buildd directory for the tunepimp.so module, which might allow local users t…

CVSS: 4.6 CWE: N/A View on NVD
2006-03-24
Low

CVE-2006-1376

The installation of Debian GNU/Linux 3.1r1 from the network install CD creates /var/log/debian-installer/cdebconf with world writable permissions, which allows local users to cause a denial of servic…

CVSS: 2.1 CWE: N/A View on NVD
2006-03-23
Low

CVE-2006-0050

snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary log file.

CVSS: 1.2 CWE: N/A View on NVD
2006-03-20
Medium

CVE-2006-1319

chpst in runit 1.3.3-1 for Debian GNU/Linux, when compiled on little endian i386 machines against dietlibc, does not properly handle when multiple groups are specified in the -u option, which causes…

CVSS: 6.2 CWE: N/A View on NVD
High

CVE-2006-1320

util.c in rssh 2.3.0 in Debian GNU/Linux does not use braces to make a block, which causes a check for CVS to always succeed and allows rsync and rdist to bypass intended access restrictions in rssh.…

CVSS: 7.5 CWE: N/A View on NVD
2006-03-15
High

CVE-2006-1244

Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and use…

CVSS: 7.6 CWE: N/A View on NVD
2005-12-31
Medium

CVE-2005-4347

The Linux 2.4 kernel patch in kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux does not correctly set the "chroot barrier" with util-vserver, which allows attackers to acce…

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2005-4418

util-vserver before 0.30.208-1 with kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux sets a default policy that trusts unknown capabilities, which could allow local users t…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2005-4693

Gaim-Encryption 2.38-1 on Debian Linux allows remote attackers to cause a denial of service (crash) via a crafted message from an ICQ buddy, possibly involving the GE_received_key function in keys.c.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-4728

Untrusted search path vulnerability (RPATH) in amaya 9.2.1 on Debian GNU/Linux allows local users to gain privileges via a malicious Mesa library in the /home/anand directory.

CVSS: 4.6 CWE: N/A View on NVD
2005-10-20
Low

CVE-2005-3268

yiff server (yiff-server) 2.14.2 on Debian GNU/Linux runs as root and does not properly verify ownership of files that it opens, which allows local users to read arbitrary files.

CVSS: 2.1 CWE: N/A View on NVD
2005-10-18
Critical

CVE-2005-3254

The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect minimum value of 100 for a UID to determine whether it can perform a seteuid operation, which could allow attackers to execute cod…

CVSS: 10.0 CWE: N/A View on NVD
Medium

CVE-2005-3255

The (1) cgiwrap and (2) php-cgiwrap packages before 3.9 in Debian GNU/Linux provide access to debugging CGIs under the web document root, which allows remote attackers to obtain sensitive information…

CVSS: 5.0 CWE: N/A View on NVD
2005-08-05
High

CVE-2005-1854

Unknown vulnerability in apt-cacher in Debian 3.1, related to "missing input sanitising," allows remote attackers to execute arbitrary commands on the caching server.

CVSS: 7.5 CWE: N/A View on NVD
2005-07-11
Medium

CVE-2005-2214

apt-setup in Debian GNU/Linux installs the apt.conf file with insecure permissions, which allows local users to obtain sensitive information such as passwords.

CVSS: 4.6 CWE: N/A View on NVD
2005-04-27
High

CVE-2004-1342

CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch, allows remote attackers to bypass authentication via the pserver access method.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2005-0159

The tpkg-* scripts in the toolchain-source 3.0.4 package on Debian GNU/Linux 3.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files.

CVSS: 4.6 CWE: N/A View on NVD
2005-01-26
Low

CVE-2004-1340

Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the pam_radius_auth.conf set to be world-readable, which allows local users to obtain sensitive information.

CVSS: 2.1 CWE: N/A View on NVD
2004-12-31
High

CVE-2004-0984

Unknown vulnerability in the dotlock implementation in mailutils before 1:0.5-4 on Debian GNU/Linux allows attackers to gain privileges.

CVSS: 7.2 CWE: N/A View on NVD
Medium

CVE-2004-1343

CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of…

CVSS: 5.0 CWE: N/A View on NVD
Low

CVE-2004-2569

ipmenu 0.0.3 before Debian GNU/Linux ipmenu_0.0.3-5 allows local users to overwrite arbitrary files via a symlink attack on the ipmenu.log temporary file.

CVSS: 2.1 CWE: N/A View on NVD
2004-12-23
Low

CVE-2004-0563

The tspc.conf configuration file in freenet6 before 0.9.6 and before 1.0 on Debian Linux has world readable permissions, which could allow local users to gain sensitive information, such as a usernam…

CVSS: 2.1 CWE: N/A View on NVD
High

CVE-2004-0833

Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a Sendmail configuration script with a fixed username and password, which could allow remote attackers to use Sendmail a…

CVSS: 7.5 CWE: N/A View on NVD
2004-11-03
Medium

CVE-2004-0911

telnetd for netkit 0.17 and earlier, and possibly other versions, on Debian GNU/Linux allows remote attackers to cause a denial of service (free of an invalid pointer), a different vulnerability than…

CVSS: 5.0 CWE: N/A View on NVD
2004-03-29
Medium

CVE-2003-0828

Buffer overflow in freesweep in Debian GNU/Linux 3.0 allows local users to gain "games" group privileges when processing environment variables.

CVSS: 4.6 CWE: N/A View on NVD
2003-05-27
High

CVE-2003-0262

leksbot 1.2.3 in Debian GNU/Linux installs the KATAXWR as setuid root, which allows local users to gain root privileges by exploiting unknown vulnerabilities related to the escalated privileges, whic…

CVSS: 7.2 CWE: N/A View on NVD
2003-05-15
High

CVE-2003-0308

The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely create temporary files, which could allow local users to gain additional privileges via (1) expn, (2) checksendmail, or (3) doubl…

CVSS: 7.2 CWE: N/A View on NVD
2002-11-04
Low

CVE-2002-1233

A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or mo…

CVSS: 2.6 CWE: N/A View on NVD
2002-10-04
Medium

CVE-2002-0912

in.uucpd UUCP server in Debian GNU/Linux 2.2, and possibly other operating systems, does not properly terminate long strings, which allows remote attackers to cause a denial of service, possibly due…

CVSS: 5.0 CWE: N/A View on NVD
2002-08-12
High

CVE-2002-0660

Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 1.2.1-1.1.woody.2 on Debian GNU/Linux 3.0, and other operating systems, may allow attackers to cause a denial of service and possibly execute ar…

CVSS: 7.5 CWE: N/A View on NVD
2001-12-31
High

CVE-2001-1561

Buffer overflow in Xvt 2.1 in Debian Linux 2.2 allows local users to execute arbitrary code via long (1) -name and (2) -T arguments.

CVSS: 7.2 CWE: N/A View on NVD
2001-10-18
High

CVE-2001-0755

Buffer overflow in ftp daemon (ftpd) 6.2 in Debian GNU/Linux allows attackers to cause a denial of service and possibly execute arbitrary code via a long SITE command.

CVSS: 7.5 CWE: N/A View on NVD
2001-09-20
High

CVE-2001-0690

Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail…

CVSS: 7.5 CWE: N/A View on NVD
2001-06-27
High

CVE-2001-0456

postinst installation script for Proftpd in Debian 2.2 does not properly change the "run as uid/gid root" configuration when the user enables anonymous access, which causes the server to run at a hig…

CVSS: 7.5 CWE: N/A View on NVD
2001-03-26
High

CVE-2001-0195

sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking.

CVSS: 7.8 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
2001-02-12
Low

CVE-2001-0069

dialog before 0.9a-20000118-3bis in Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack.

CVSS: 2.1 CWE: N/A View on NVD
2001-01-09
Medium

CVE-2000-1135

fshd (fsh daemon) in Debian GNU/Linux allows local users to overwrite files of other users via a symlink attack.

CVSS: 4.6 CWE: N/A View on NVD
Medium

CVE-2000-1136

elvis-tiny before 1.4-10 in Debian GNU/Linux, and possibly other Linux operating systems, allows local users to overwrite files of other users via a symlink attack.

CVSS: 4.6 CWE: N/A View on NVD
2000-02-05
High

CVE-2000-0145

The libguile.so library file used by gnucash in Debian GNU/Linux is installed with world-writable permissions.

CVSS: 7.5 CWE: N/A View on NVD
2000-02-02
High

CVE-2000-0112

The default installation of Debian GNU/Linux uses an insecure Master Boot Record (MBR) which allows a local user to boot from a floppy disk during the installation.

CVSS: 7.2 CWE: N/A View on NVD
1999-12-30
Low

CVE-2000-0076

nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover.

CVSS: 2.1 CWE: N/A View on NVD
1999-12-02
Low

CVE-2000-0366

dump in Debian GNU/Linux 2.1 does not properly restore symlinks, which allows a local user to modify the ownership of arbitrary files.

CVSS: 2.1 CWE: N/A View on NVD
1999-08-26
Medium

CVE-1999-0939

Denial of service in Debian IRC Epic/epic4 client via a long string.

CVSS: 5.0 CWE: N/A View on NVD
1999-08-19
Low

CVE-1999-0732

The logging facility of the Debian smtp-refuser package allows local users to delete arbitrary files using symbolic links.

CVSS: 2.1 CWE: N/A View on NVD
1999-06-22
Medium

CVE-1999-0742

The Debian mailman package uses weak authentication, which allows attackers to gain privileges.

CVSS: 5.0 CWE: N/A View on NVD
1999-06-12
Critical

CVE-1999-0730

The zsoelim program in the Debian man-db package allows local users to overwrite files via a symlink attack.

CVSS: 10.0 CWE: N/A View on NVD
1999-06-08
Low

CVE-1999-1496

Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to determine the existence of arbitrary files by attempting to execute the target filename as a program, which generates a different er…

CVSS: 2.1 CWE: N/A View on NVD