Filtered by vendor Debian
Subscribe
Total
9316 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0366 | 1 Debian | 1 Debian Linux | 2025-04-03 | 2.1 LOW | N/A |
| dump in Debian GNU/Linux 2.1 does not properly restore symlinks, which allows a local user to modify the ownership of arbitrary files. | |||||
| CVE-2005-1527 | 3 Awstats, Canonical, Debian | 3 Awstats, Ubuntu Linux, Debian Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
| Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call. | |||||
| CVE-2004-1051 | 5 Debian, Mandrakesoft, Todd Miller and 2 more | 7 Debian Linux, Mandrake Linux, Mandrake Linux Corporate Server and 4 more | 2025-04-03 | 7.2 HIGH | N/A |
| sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname. | |||||
| CVE-2004-0888 | 11 Debian, Easy Software Products, Gentoo and 8 more | 16 Debian Linux, Cups, Linux and 13 more | 2025-04-03 | 10.0 HIGH | N/A |
| Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889. | |||||
| CVE-2003-0361 | 1 Debian | 1 Debian Linux | 2025-04-03 | 7.5 HIGH | N/A |
| gPS before 1.1.0 does not properly follow the rgpsp connection source acceptation policy as specified in the rgpsp.conf file, which could allow unauthorized remote attackers to connect to rgpsp. | |||||
| CVE-2006-3747 | 3 Apache, Canonical, Debian | 3 Http Server, Ubuntu Linux, Debian Linux | 2025-04-03 | 7.6 HIGH | N/A |
| Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules. | |||||
| CVE-2004-1027 | 3 Arjsoftware, Debian, Gentoo | 3 Unarj, Debian Linux, Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences. | |||||
| CVE-2005-0005 | 6 Debian, Gentoo, Graphicsmagick and 3 more | 6 Debian Linux, Linux, Graphicsmagick and 3 more | 2025-04-03 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers. | |||||
| CVE-2003-0308 | 2 Debian, Sendmail | 2 Debian Linux, Sendmail | 2025-04-03 | 7.2 HIGH | N/A |
| The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely create temporary files, which could allow local users to gain additional privileges via (1) expn, (2) checksendmail, or (3) doublebounce.pl. | |||||
| CVE-2005-4536 | 1 Debian | 1 Libmail-audit-perl | 2025-04-03 | 2.1 LOW | N/A |
| Mail::Audit module in libmail-audit-perl 2.1-5, when logging is enabled without a default log file specified, uses predictable log filenames, which allows local users to overwrite arbitrary files via a symlink attack on the [PID]-audit.log temporary file. | |||||
| CVE-2005-1268 | 3 Apache, Debian, Redhat | 5 Http Server, Debian Linux, Enterprise Linux Desktop and 2 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte. | |||||
| CVE-2004-0458 | 2 Debian, Nicolas Boullis | 2 Debian Linux, Mah-jong | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
| mah-jong before 1.6.2 allows remote attackers to cause a denial of service (server crash) via a missing argument, which triggers a null pointer dereference. | |||||
| CVE-2004-0398 | 2 Debian, Webdav | 3 Debian Linux, Cadaver, Neon | 2025-04-03 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the client. | |||||
| CVE-2004-0836 | 2 Debian, Oracle | 2 Debian Linux, Mysql | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length). | |||||
| CVE-2006-1376 | 1 Debian | 1 Debian Linux | 2025-04-03 | 2.1 LOW | N/A |
| The installation of Debian GNU/Linux 3.1r1 from the network install CD creates /var/log/debian-installer/cdebconf with world writable permissions, which allows local users to cause a denial of service (disk consumption). | |||||
| CVE-2002-1395 | 1 Debian | 1 Internet Message | 2025-04-03 | 2.1 LOW | N/A |
| Internet Message (IM) 141-18 and earlier uses predictable file and directory names, which allows local users to (1) obtain unauthorized directory permissions via a temporary directory used by impwagent, and (2) overwrite and create arbitrary files via immknmz. | |||||
| CVE-2005-3302 | 2 Blender, Debian | 2 Blender, Debian Linux | 2025-04-03 | 7.5 HIGH | 7.3 HIGH |
| Eval injection vulnerability in bvh_import.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call. | |||||
| CVE-2005-3626 | 18 Conectiva, Debian, Easy Software Products and 15 more | 33 Linux, Debian Linux, Cups and 30 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. | |||||
| CVE-2001-0925 | 2 Apache, Debian | 2 Http Server, Debian Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
| The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex. | |||||
| CVE-2005-1260 | 4 Apple, Bzip, Canonical and 1 more | 4 Mac Os X, Bzip2, Ubuntu Linux and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb"). | |||||