Filtered by vendor Debian
Subscribe
Total
8961 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0244 | 2 Debian, Poptop | 2 Debian Linux, Pptp Server | 2011-03-08 | 5.0 MEDIUM | N/A |
| pptpgre.c in PoPToP Point to Point Tunneling Server (pptpd) before 1.3.4 allows remote attackers to cause a denial of service (PPTP connection tear-down) via (1) GRE packets with out-of-order sequence numbers or (2) certain GRE packets that are processed using a wrong pointer and improperly dequeued. | |||||
| CVE-2002-1581 | 2 Debian, Mailreader.com | 2 Debian Linux, Mailreader.com | 2011-03-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in nph-mr.cgi in Mailreader.com 2.3.20 through 2.3.31 allows remote attackers to view arbitrary files via .. (dot dot) sequences and a null byte (%00) in the configLanguage parameter. | |||||
| CVE-2010-3369 | 1 Debian | 1 Mono-debugger | 2010-12-14 | 6.9 MEDIUM | N/A |
| The (1) mdb and (2) mdb-symbolreader scripts in mono-debugger 2.4.3, and other versions before 2.8.1, place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | |||||
| CVE-2008-4975 | 1 Debian | 1 Newsgate | 2009-09-15 | 6.9 MEDIUM | N/A |
| mkmailpost in newsgate 1.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mmp##### temporary file. | |||||
| CVE-2009-2946 | 2 Debian, Devscripts Devel Team | 2 Linux, Devscripts | 2009-09-08 | 9.3 HIGH | N/A |
| Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages. | |||||
| CVE-2009-0930 | 1 Debian | 1 Horde Imp | 2009-04-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 4.2.2 and 4.3.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) smime.php, (2) pgp.php, and (3) message.php. | |||||
| CVE-2009-0931 | 1 Debian | 2 Horde, Horde Groupware | 2009-03-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the tag cloud search script (horde/services/portal/cloud_search.php) in Horde before 3.2.4 and 3.3.3, and Horde Groupware before 1.1.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-4407 | 1 Debian | 1 Xsabre | 2008-11-15 | 2.1 LOW | N/A |
| XRunSabre in sabre (aka xsabre) 0.2.4b relies on the ability to create /tmp/sabre.log, which allows local users to cause a denial of service (application unavailability) by creating a /tmp/sabre.log file that cannot be overwritten. | |||||
| CVE-2007-6418 | 1 Debian | 1 Debian Linux | 2008-11-15 | 2.1 LOW | N/A |
| The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the MySQL dspam database password in a command line argument, which might allow local users to read the password by listing the process and its arguments. | |||||
| CVE-2007-5193 | 2 Debian, Twiki | 2 Debian Linux, Twiki | 2008-11-15 | 5.0 MEDIUM | N/A |
| The default configuration for twiki 4.1.2 on Debian GNU/Linux, and possibly other operating systems, specifies the work area directory (cfg{RCS}{WorkAreaDir}) under the web document root, which might allow remote attackers to obtain sensitive information when .htaccess restrictions are not applied. | |||||
| CVE-2005-0392 | 1 Debian | 1 Ppxp | 2008-11-15 | 7.2 HIGH | N/A |
| ppxp does not drop root privileges before opening log files, which allows local users to execute arbitrary commands. | |||||
| CVE-2007-6610 | 1 Debian | 1 Unp | 2008-11-15 | 10.0 HIGH | N/A |
| unp 1.0.12, and other versions before 1.0.14, does not properly escape file names, which might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument. NOTE: this might only be a vulnerability when unp is invoked by a third party product. | |||||
| CVE-2008-4440 | 1 Debian | 1 Feta | 2008-11-11 | 7.2 HIGH | N/A |
| The to-upgrade plugin in feta 1.4.16 allows local users to overwrite arbitrary files via a symlink on the (1) /tmp/feta.install.$USER and (2) /tmp/feta.avail.$USER temporary files. | |||||
| CVE-2003-0308 | 2 Debian, Sendmail | 2 Debian Linux, Sendmail | 2008-11-11 | 7.2 HIGH | N/A |
| The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely create temporary files, which could allow local users to gain additional privileges via (1) expn, (2) checksendmail, or (3) doublebounce.pl. | |||||
| CVE-2008-4126 | 1 Debian | 2 Linux, Python-dns | 2008-09-19 | 6.4 MEDIUM | N/A |
| PyDNS (aka python-dns) before 2.3.1-5 in Debian GNU/Linux does not use random source ports for DNS requests and does not use random transaction IDs for DNS retries, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4099. | |||||
| CVE-2008-4099 | 1 Debian | 2 Linux, Python-dns | 2008-09-19 | 6.4 MEDIUM | N/A |
| PyDNS (aka python-dns) before 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. | |||||
| CVE-2002-1395 | 1 Debian | 1 Internet Message | 2008-09-10 | 2.1 LOW | N/A |
| Internet Message (IM) 141-18 and earlier uses predictable file and directory names, which allows local users to (1) obtain unauthorized directory permissions via a temporary directory used by impwagent, and (2) overwrite and create arbitrary files via immknmz. | |||||
| CVE-2002-0875 | 2 Debian, Sgi | 3 Debian Linux, Fam, Irix | 2008-09-10 | 2.1 LOW | N/A |
| Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows unprivileged users to obtain the names of files whose access is restricted to the root group. | |||||
| CVE-2001-1331 | 2 Debian, Progeny | 2 Debian Linux, Debian | 2008-09-10 | 1.2 LOW | N/A |
| mandb in the man-db package before 2.3.16-3 allows local users to overwrite arbitrary files via the command line options (1) -u or (2) -c, which do not drop privileges and follow symlinks. | |||||
| CVE-2000-0366 | 1 Debian | 1 Debian Linux | 2008-09-10 | 2.1 LOW | N/A |
| dump in Debian GNU/Linux 2.1 does not properly restore symlinks, which allows a local user to modify the ownership of arbitrary files. | |||||