VYPR

Vendor CVEs

Debian

All CVEs

3,303 total · sorted by risk
  • CVE-2005-0073May 2, 2005
    risk 0.00cvss epss 0.00

    Buffer overflow in queue.c in a support script for sympa 3.3.3, when running setuid, allows local users to execute arbitrary code.

  • CVE-2005-0387May 2, 2005
    risk 0.00cvss epss 0.00

    remstats 1.0.13 and earlier, when processing uptime data, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.

  • CVE-2005-0005May 2, 2005
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.

  • CVE-2005-0018May 2, 2005
    risk 0.00cvss epss 0.00

    The f2 shell script in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files.

  • CVE-2005-0077May 2, 2005
    risk 0.00cvss epss 0.00

    The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.

  • CVE-2005-0388May 2, 2005
    risk 0.00cvss epss 0.02

    Unknown vulnerability in the remoteping service in remstats 1.0.13 and earlier allows remote attackers to execute arbitrary commands "due to missing input sanitising."

  • CVE-2005-0076May 2, 2005
    risk 0.00cvss epss 0.00

    Multiple buffer overflows in the XView library 3.2 may allow local users to execute arbitrary code via setuid applications that use the library.

  • CVE-2005-0078May 2, 2005
    risk 0.00cvss epss 0.00

    The KDE screen saver in KDE before 3.0.5 does not properly check the return value from a certain function call, which allows attackers with physical access to cause a crash and access the desktop session.

  • CVE-2004-1342Apr 27, 2005
    risk 0.00cvss epss 0.02

    CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch, allows remote attackers to bypass authentication via the pserver access method.

  • CVE-2005-0206Apr 27, 2005
    risk 0.00cvss epss 0.03

    The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.

  • CVE-2005-0159Apr 27, 2005
    risk 0.00cvss epss 0.00

    The tpkg-* scripts in the toolchain-source 3.0.4 package on Debian GNU/Linux 3.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files.

  • CVE-2004-1341Apr 19, 2005
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in info2www before 1.2.2.9 allows remote attackers to inject arbitrary web script or HTML via the arguments to info2www.

  • CVE-2004-1004Apr 14, 2005
    risk 0.00cvss epss 0.02

    Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.

  • CVE-2004-1090Apr 14, 2005
    risk 0.00cvss epss 0.02

    Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "a corrupt section header."

  • CVE-2004-1005Apr 14, 2005
    risk 0.00cvss epss 0.02

    Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.

  • CVE-2004-1174Apr 14, 2005
    risk 0.00cvss epss 0.01

    direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles."

  • CVE-2004-1093Apr 14, 2005
    risk 0.00cvss epss 0.02

    Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory."

  • CVE-2005-0004Apr 14, 2005
    risk 0.00cvss epss 0.01

    The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.

  • CVE-2004-1176Apr 14, 2005
    risk 0.00cvss epss 0.03

    Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.

  • CVE-2004-1175Apr 14, 2005
    risk 0.00cvss epss 0.02

    fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters.

  • CVE-2004-1091Apr 14, 2005
    risk 0.00cvss epss 0.02

    Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference.

  • CVE-2004-1092Apr 14, 2005
    risk 0.00cvss epss 0.02

    Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory.

  • CVE-2004-1009Apr 14, 2005
    risk 0.00cvss epss 0.03

    Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.

  • CVE-2004-1001Mar 1, 2005
    risk 0.00cvss epss 0.00

    Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, and possibly other versions before 4.0.5, allows local users to conduct unauthorized activities when an error from a pam_chauthtok function call is not properly handled.

  • CVE-2004-0986Mar 1, 2005
    risk 0.00cvss epss 0.02

    Iptables before 1.2.11, under certain conditions, does not properly load the required modules at system startup, which causes the firewall rules to fail to load and protect the system from remote attackers.

  • CVE-2004-1051Mar 1, 2005
    risk 0.00cvss epss 0.01

    sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.

  • CVE-2004-1027Mar 1, 2005
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences.

  • CVE-2004-1052Mar 1, 2005
    risk 0.00cvss epss 0.04

    Buffer overflow in the getnickuserhost function in BNC 2.8.9, and possibly other versions, allows remote IRC servers to execute arbitrary code via an IRC server response that contains many (1) ! (exclamation) or (2) @ (at sign) characters.

  • CVE-2005-0625Feb 28, 2005
    risk 0.00cvss epss 0.00

    reportbug 3.2 includes settings from .reportbugrc in bug reports, which exposes sensitive information such as smtpuser and smtppasswd.

  • CVE-2005-0624Feb 28, 2005
    risk 0.00cvss epss 0.00

    reportbug before 2.62 creates the .reportbugrc configuration file with world-readable permissions, which allows local users to obtain email smarthost passwords.

  • CVE-2005-0107Feb 25, 2005
    risk 0.00cvss epss 0.02

    bsmtpd 2.3 and earlier does not properly sanitize e-mail addresses, which allows remote attackers to execute arbitrary commands.

  • CVE-2004-0981Feb 9, 2005
    risk 0.00cvss epss 0.06

    Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain image file.

  • CVE-2004-0980Feb 9, 2005
    risk 0.00cvss epss 0.04

    Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 through 3.0.11b8, when running in daemon mode with certain service types in use, allows remote servers to execute arbitrary code.

  • CVE-2004-0889Jan 27, 2005
    risk 0.00cvss epss 0.06

    Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.

  • CVE-2004-1340Jan 26, 2005
    risk 0.00cvss epss 0.00

    Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the pam_radius_auth.conf set to be world-readable, which allows local users to obtain sensitive information.

  • CVE-2004-0915Jan 10, 2005
    risk 0.00cvss epss 0.01

    Multiple unknown vulnerabilities in viewcvs before 0.9.2, when exporting a repository as a tar archive, does not properly implement the hide_cvsroot and forbidden settings, which could allow remote attackers to gain sensitive information.

  • CVE-2004-1014Jan 10, 2005
    risk 0.00cvss epss 0.02

    statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated.

  • CVE-2004-1076Jan 10, 2005
    risk 0.00cvss epss 0.01

    Multiple buffer overflows in the RtConfigLoad function in rt-config.c for Atari800 before 1.3.4 allow local users to execute arbitrary code via large values in the configuration file.

  • CVE-2004-0994Jan 10, 2005
    risk 0.00cvss epss 0.05

    Multiple integer overflows in xzgv 0.8 and earlier allow remote attackers to execute arbitrary code via images with large width and height values, which trigger a heap-based buffer overflow, as demonstrated in the read_prf_file function in readprf.c. NOTE: CVE-2004-0994 and…

  • CVE-2004-0770Jan 10, 2005
    risk 0.00cvss epss 0.00

    romload.c in DGen Emulator 1.23 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files during decompression of (1) gzip or (2) bzip ROM files.

  • CVE-2004-2569Dec 31, 2004
    risk 0.00cvss epss 0.00

    ipmenu 0.0.3 before Debian GNU/Linux ipmenu_0.0.3-5 allows local users to overwrite arbitrary files via a symlink attack on the ipmenu.log temporary file.

  • CVE-2004-1343Dec 31, 2004
    risk 0.00cvss epss 0.02

    CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of service (server crash).

  • CVE-2004-1387Dec 31, 2004
    risk 0.00cvss epss 0.01

    The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.

  • CVE-2004-1179Dec 31, 2004
    risk 0.00cvss epss 0.00

    The debstd script in debmake 3.6.x before 3.6.10 and 3.7.x before 3.7.7 allows local users to overwrite arbitrary files via a symlink attack on temporary directories.

  • CVE-2004-0984Dec 31, 2004
    risk 0.00cvss epss 0.00

    Unknown vulnerability in the dotlock implementation in mailutils before 1:0.5-4 on Debian GNU/Linux allows attackers to gain privileges.

  • CVE-2004-0564Dec 23, 2004
    risk 0.00cvss epss 0.00

    Roaring Penguin pppoe (rp-ppoe), if installed or configured to run setuid root contrary to its design, allows local users to overwrite arbitrary files. NOTE: the developer has publicly disputed the claim that this is a vulnerability because pppoe "is NOT designed to run…

  • CVE-2004-1336Dec 23, 2004
    risk 0.00cvss epss 0.00

    The xdvizilla script in tetex-bin 2.0.2 creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack.

  • CVE-2004-0833Dec 23, 2004
    risk 0.00cvss epss 0.03

    Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a Sendmail configuration script with a fixed username and password, which could allow remote attackers to use Sendmail as an open mail relay and send spam messages.

  • CVE-2004-1142Dec 15, 2004
    risk 0.00cvss epss 0.02

    Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed SMB packet.

  • CVE-2004-1139Dec 15, 2004
    risk 0.00cvss epss 0.02

    Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 allows remote attackers to cause a denial of service (application crash).

Page 64 of 67