Vulnerabilities (CVE)

Filtered by vendor Debian Subscribe
Filtered by product Debian Linux
Total 9159 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2004-1091 6 Debian, Gentoo, Midnight Commander and 3 more 8 Debian Linux, Linux, Midnight Commander and 5 more 2025-04-03 5.0 MEDIUM N/A
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference.
CVE-2002-0401 2 Debian, Ethereal 2 Debian Linux, Ethereal 2025-04-03 7.5 HIGH 7.5 HIGH
SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via malformed packets that cause Ethereal to dereference a NULL pointer.
CVE-2005-2555 2 Debian, Linux 2 Debian Linux, Linux Kernel 2025-04-03 4.6 MEDIUM N/A
Linux kernel 2.6.x does not properly restrict socket policy access to users with the CAP_NET_ADMIN capability, which could allow local users to conduct unauthorized activities via (1) ipv4/ip_sockglue.c and (2) ipv6/ipv6_sockglue.c.
CVE-1999-0405 4 Debian, Freebsd, Redhat and 1 more 4 Debian Linux, Freebsd, Linux and 1 more 2025-04-03 7.2 HIGH N/A
A buffer overflow in lsof allows local users to obtain root privilege.
CVE-2003-0440 2 Debian, Semi 2 Debian Linux, Semi 2025-04-03 4.6 MEDIUM N/A
The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and possibly other versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2001-0834 4 Conectiva, Debian, Htdig and 1 more 4 Linux, Debian Linux, Htdig and 1 more 2025-04-03 6.4 MEDIUM N/A
htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file.
CVE-1999-0986 3 Debian, Linux, Redhat 3 Debian Linux, Linux Kernel, Linux 2025-04-03 5.0 MEDIUM N/A
The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option.
CVE-1999-0373 1 Debian 1 Debian Linux 2025-04-03 7.2 HIGH N/A
Buffer overflow in the "Super" utility in Debian GNU/Linux, and other operating systems, allows local users to execute commands as root.
CVE-2002-0839 2 Apache, Debian 2 Http Server, Debian Linux 2025-04-03 7.2 HIGH N/A
The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
CVE-2006-4093 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2025-04-03 4.9 MEDIUM N/A
Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on PowerPC PPC970 systems allows local users to cause a denial of service (crash) related to the "HID0 attention enable on PPC970 at boot time."
CVE-2000-0867 5 Debian, Mandrakesoft, Redhat and 2 more 5 Debian Linux, Mandrake Linux, Linux and 2 more 2025-04-03 7.2 HIGH N/A
Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages.
CVE-2004-0642 3 Debian, Mit, Redhat 5 Debian Linux, Kerberos 5, Enterprise Linux Desktop and 2 more 2025-04-03 7.5 HIGH N/A
Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code.
CVE-2004-1093 6 Debian, Gentoo, Midnight Commander and 3 more 8 Debian Linux, Linux, Midnight Commander and 5 more 2025-04-03 5.0 MEDIUM N/A
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory."
CVE-2002-2185 6 Debian, Mandrakesoft, Microsoft and 3 more 11 Debian Linux, Mandrake Linux, Windows 98 and 8 more 2025-04-03 4.9 MEDIUM N/A
The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from the network.
CVE-2001-0069 1 Debian 1 Debian Linux 2025-04-03 2.1 LOW N/A
dialog before 0.9a-20000118-3bis in Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack.
CVE-2003-0648 2 Debian, Fte 2 Debian Linux, Fte Text Editor 2025-04-03 10.0 HIGH N/A
Multiple buffer overflows in vfte, based on FTE, before 0.50, allow local users to execute arbitrary code.
CVE-2004-1092 6 Debian, Gentoo, Midnight Commander and 3 more 8 Debian Linux, Linux, Midnight Commander and 5 more 2025-04-03 5.0 MEDIUM N/A
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory.
CVE-2006-1724 2 Debian, Mozilla 5 Debian Linux, Firefox, Mozilla Suite and 2 more 2025-04-03 7.5 HIGH N/A
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to DHTML.
CVE-2004-0488 3 Apache, Debian, Redhat 4 Http Server, Debian Linux, Enterprise Linux Server and 1 more 2025-04-03 7.5 HIGH N/A
Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
CVE-2005-2700 3 Apache, Canonical, Debian 3 Http Server, Ubuntu Linux, Debian Linux 2025-04-03 10.0 HIGH N/A
ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.