VYPR

Vendor CVEs

Debian

All CVEs

3,303 total · sorted by risk
  • CVE-2004-1145Dec 15, 2004
    risk 0.00cvss epss 0.04

    Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read…

  • CVE-2004-0451Dec 6, 2004
    risk 0.00cvss epss 0.04

    Multiple format string vulnerabilities in the (1) logquit, (2) logerr, or (3) loginfo functions in Software Upgrade Protocol (SUP) allows remote attackers to execute arbitrary code via format string specifiers in messages that are logged by syslog.

  • CVE-2004-0455Dec 6, 2004
    risk 0.00cvss epss 0.01

    Buffer overflow in cgi.c in www-sql before 0.5.7 allows local users to execute arbitrary code via a web page that is processed by www-sql.

  • CVE-2004-0456Dec 6, 2004
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly other versions allows remote web sites to execute arbitrary code via a long HTTP Location header.

  • CVE-2004-0837Nov 3, 2004
    risk 0.00cvss epss 0.05

    MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs.

  • CVE-2004-0911Nov 3, 2004
    risk 0.00cvss epss 0.03

    telnetd for netkit 0.17 and earlier, and possibly other versions, on Debian GNU/Linux allows remote attackers to cause a denial of service (free of an invalid pointer), a different vulnerability than CVE-2001-0554.

  • CVE-2004-0793Oct 20, 2004
    risk 0.00cvss epss 0.01

    The calendar program in bsdmainutils 6.0 through 6.0.14 does not drop root privileges when executed with the -a flag, which allows attackers to execute arbitrary commands via a calendar event file.

  • CVE-2004-0408Sep 28, 2004
    risk 0.00cvss epss 0.03

    Buffer overflow in the child_service function in the ident2 ident daemon allows remote attackers to execute arbitrary code.

  • CVE-2004-0643Sep 28, 2004
    risk 0.00cvss epss 0.01

    Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code.

  • CVE-2004-0583Aug 6, 2004
    risk 0.00cvss epss 0.02

    The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords.

  • CVE-2004-0522Aug 6, 2004
    risk 0.00cvss epss 0.03

    Gallery 1.4.3 and earlier allows remote attackers to bypass authentication and obtain Gallery administrator privileges.

  • CVE-2004-0579Aug 6, 2004
    risk 0.00cvss epss 0.00

    Format string vulnerability in super before 3.23 allows local users to execute arbitrary code as root.

  • CVE-2004-0640Aug 6, 2004
    risk 0.00cvss epss 0.04

    Format string vulnerability in the SSL_set_verify function in telnetd.c for SSLtelnet daemon (SSLtelnetd) 0.13 allows remote attackers to execute arbitrary code.

  • CVE-2004-0404Jul 7, 2004
    risk 0.00cvss epss 0.00

    logcheck before 1.1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary directory in /var/tmp.

  • CVE-2004-0398Jul 7, 2004
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the client.

  • CVE-2004-0488Jul 7, 2004
    risk 0.00cvss epss 0.38

    Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.

  • CVE-2003-0648May 4, 2004
    risk 0.00cvss epss 0.05

    Multiple buffer overflows in vfte, based on FTE, before 0.50, allow local users to execute arbitrary code.

  • CVE-2003-0618May 4, 2004
    risk 0.00cvss epss 0.00

    Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local user to obtain sensitive information about files for which the user does not have appropriate permissions.

  • CVE-2003-0202Apr 15, 2004
    risk 0.00cvss epss 0.00

    The (1) halstead and (2) gather_stats scripts in metrics 1.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files.

  • CVE-2004-0160Mar 29, 2004
    risk 0.00cvss epss 0.00

    Synaesthesia 2.2 and earlier allows local users to execute arbitrary code via a symlink attack on the configuration file.

  • CVE-2003-0828Mar 29, 2004
    risk 0.00cvss epss 0.00

    Buffer overflow in freesweep in Debian GNU/Linux 3.0 allows local users to gain "games" group privileges when processing environment variables.

  • CVE-2004-1180Feb 16, 2004
    risk 0.00cvss epss 0.02

    Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on little endian architectures, allows remote attackers to cause a denial of service (application crash).

  • CVE-2003-1022Jan 20, 2004
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in fsp before 2.81.b18 allows remote users to access files outside the FSP root directory.

  • CVE-2004-0011Jan 20, 2004
    risk 0.00cvss epss 0.04

    Buffer overflow in fsp before 2.81.b18 allows remote users to execute arbitrary code.

  • CVE-2004-1000Jan 10, 2004
    risk 0.00cvss epss 0.00

    lintian 1.23 and earlier removes the working directory even if it was not created by lintian, which may allow local users to delete arbitrary files or directories via a symlink attack.

  • CVE-2003-0615Aug 27, 2003
    risk 0.00cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter.

  • CVE-2003-0538Aug 18, 2003
    risk 0.00cvss epss 0.01

    The mailcap file for mozart 1.2.5 and earlier causes Oz applications to be passed to the Oz interpreter, which allows remote attackers to execute arbitrary Oz programs in a MIME-aware client program.

  • CVE-2003-0440Aug 18, 2003
    risk 0.00cvss epss 0.00

    The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and possibly other versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

  • CVE-2003-0367Jul 2, 2003
    risk 0.00cvss epss 0.00

    znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.

  • CVE-2003-0382Jul 2, 2003
    risk 0.00cvss epss 0.00

    Buffer overflow in Eterm 0.9.2 allows local users to gain privileges via a long ETERMPATH environment variable.

  • CVE-2003-0360Jun 9, 2003
    risk 0.00cvss epss 0.02

    Multiple buffer overflows in gPS before 1.0.0 allow attackers to cause a denial of service and possibly execute arbitrary code.

  • CVE-2003-0361Jun 9, 2003
    risk 0.00cvss epss 0.02

    gPS before 1.1.0 does not properly follow the rgpsp connection source acceptation policy as specified in the rgpsp.conf file, which could allow unauthorized remote attackers to connect to rgpsp.

  • CVE-2003-0362Jun 9, 2003
    risk 0.00cvss epss 0.01

    Buffer overflow in gPS before 0.10.2 may allow local users to cause a denial of service (SIGSEGV) in rgpsp via long command lines.

  • CVE-2003-0308May 15, 2003
    risk 0.00cvss epss 0.00

    The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely create temporary files, which could allow local users to gain additional privileges via (1) expn, (2) checksendmail, or (3) doublebounce.pl.

  • CVE-2003-0214May 12, 2003
    risk 0.00cvss epss 0.00

    run-mailcap in mime-support 3.22 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.

  • CVE-2003-0120Mar 7, 2003
    risk 0.00cvss epss 0.00

    adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows local users to overwrite arbitrary files via a symlink attack on a default temporary directory with a predictable name.

  • CVE-2003-0098Mar 3, 2003
    risk 0.00cvss epss 0.05

    Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10.5, allows remote attackers to gain root privileges, possibly via format strings in a request to a slave server.

  • CVE-2002-1395Jan 17, 2003
    risk 0.00cvss epss 0.00

    Internet Message (IM) 141-18 and earlier uses predictable file and directory names, which allows local users to (1) obtain unauthorized directory permissions via a temporary directory used by impwagent, and (2) overwrite and create arbitrary files via immknmz.

  • CVE-2002-2185Dec 31, 2002
    risk 0.00cvss epss 0.02

    The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively…

  • CVE-2002-1232Nov 4, 2002
    risk 0.00cvss epss 0.03

    Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist.

  • CVE-2002-0839Oct 11, 2002
    risk 0.00cvss epss 0.01

    The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be…

  • CVE-2002-0910Oct 4, 2002
    risk 0.00cvss epss 0.03

    Buffer overflows in netstd 3.07-17 package allows remote DNS servers to execute arbitrary code via a long FQDN reply, as observed in the utilities (1) linux-ftpd, (2) pcnfsd, (3) tftp, (4) traceroute, or (5) from/to.

  • CVE-2002-0912Oct 4, 2002
    risk 0.00cvss epss 0.03

    in.uucpd UUCP server in Debian GNU/Linux 2.2, and possibly other operating systems, does not properly terminate long strings, which allows remote attackers to cause a denial of service, possibly due to a buffer overflow.

  • CVE-2002-0062Mar 8, 2002
    risk 0.00cvss epss 0.00

    Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling."

  • CVE-2002-0044Jan 31, 2002
    risk 0.00cvss epss 0.00

    GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitrary files of the Enscript user via a symlink attack on temporary files.

  • CVE-2001-0886Dec 21, 2001
    risk 0.00cvss epss 0.01

    Buffer overflow in glob function of glibc allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a glob pattern that ends in a brace "{" character.

  • CVE-2001-0834Dec 6, 2001
    risk 0.00cvss epss 0.03

    htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read…

  • CVE-2001-0738Oct 18, 2001
    risk 0.00cvss epss 0.03

    LogLine function in klogd in sysklogd 1.3 in various Linux distributions allows an attacker to cause a denial of service (hang) by causing null bytes to be placed in log messages.

  • CVE-2001-0755Oct 18, 2001
    risk 0.00cvss epss 0.02

    Buffer overflow in ftp daemon (ftpd) 6.2 in Debian GNU/Linux allows attackers to cause a denial of service and possibly execute arbitrary code via a long SITE command.

  • CVE-2001-0977Jul 16, 2001
    risk 0.00cvss epss 0.04

    slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field.