Vendor CVEs
Debian
All CVEs
3,303 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2001-0430 | 0.00 | — | 0.00 | Jul 2, 2001 | Vulnerability in exuberant-ctags before 3.2.4-0.1 insecurely creates temporary files. | |||
| CVE-2001-0457 | 0.00 | — | 0.02 | Jun 27, 2001 | man2html before 1.5-22 allows remote attackers to cause a denial of service (memory exhaustion). | |||
| CVE-2001-0441 | 0.00 | — | 0.03 | Jun 27, 2001 | Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header. | |||
| CVE-2001-0456 | 0.00 | — | 0.06 | Jun 27, 2001 | postinst installation script for Proftpd in Debian 2.2 does not properly change the "run as uid/gid root" configuration when the user enables anonymous access, which causes the server to run at a higher privilege than intended. | |||
| CVE-2001-0416 | 0.00 | — | 0.00 | Jun 27, 2001 | sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files with insecure permissions, which allows other users to read files that are being processed by sgml-tools. | |||
| CVE-2001-0458 | 0.00 | — | 0.02 | Jun 27, 2001 | Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and remote attackers to execute arbitrary commands. | |||
| CVE-2001-1331 | 0.00 | — | 0.00 | May 3, 2001 | mandb in the man-db package before 2.3.16-3 allows local users to overwrite arbitrary files via the command line options (1) -u or (2) -c, which do not drop privileges and follow symlinks. | |||
| CVE-2001-0235 | 0.00 | — | 0.00 | Mar 26, 2001 | Vulnerability in crontab allows local users to read crontab files of other users by replacing the temporary file that is being edited while crontab is running. | |||
| CVE-2000-0315 | 0.00 | — | 0.02 | Mar 12, 2001 | traceroute in NetBSD 1.3.3 and Linux systems allows local unprivileged users to modify the source address of the packets, which could be used in spoofing attacks. | |||
| CVE-2001-0131 | 0.00 | — | 0.02 | Mar 12, 2001 | htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack. | |||
| CVE-2001-0138 | 0.00 | — | 0.00 | Mar 12, 2001 | privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack. | |||
| CVE-2001-0125 | 0.00 | — | 0.00 | Mar 12, 2001 | exmh 2.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the exmhErrorMsg temporary file. | |||
| CVE-2000-0314 | 0.00 | — | 0.02 | Mar 12, 2001 | traceroute in NetBSD 1.3.3 and Linux systems allows local users to flood other systems by providing traceroute with a large waittime (-w) option, which is not parsed properly and sets the time delay for sending packets to zero. | |||
| CVE-2001-0128 | 0.00 | — | 0.00 | Mar 12, 2001 | Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges. | |||
| CVE-2001-0139 | 0.00 | — | 0.00 | Mar 12, 2001 | inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations. | |||
| CVE-2001-0069 | 0.00 | — | 0.00 | Feb 12, 2001 | dialog before 0.9a-20000118-3bis in Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack. | |||
| CVE-2000-1136 | 0.00 | — | 0.00 | Jan 9, 2001 | elvis-tiny before 1.4-10 in Debian GNU/Linux, and possibly other Linux operating systems, allows local users to overwrite files of other users via a symlink attack. | |||
| CVE-2000-1135 | 0.00 | — | 0.00 | Jan 9, 2001 | fshd (fsh daemon) in Debian GNU/Linux allows local users to overwrite files of other users via a symlink attack. | |||
| CVE-2000-0867 | 0.00 | — | 0.00 | Nov 14, 2000 | Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages. | |||
| CVE-2000-0606 | 0.00 | — | 0.01 | Jun 21, 2000 | Buffer overflow in kon program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via a long -StartupMessage parameter. | |||
| CVE-2000-0510 | 0.00 | — | 0.02 | Jun 21, 2000 | CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service via a malformed IPP request. | |||
| CVE-2000-0513 | 0.00 | — | 0.02 | Jun 21, 2000 | CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service by authenticating with a user name that does not exist or does not have a shadow password. | |||
| CVE-2000-0511 | 0.00 | — | 0.02 | Jun 21, 2000 | CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service via a CGI POST request. | |||
| CVE-2000-0512 | 0.00 | — | 0.02 | Jun 16, 2000 | CUPS (Common Unix Printing System) 1.04 and earlier does not properly delete request files, which allows a remote attacker to cause a denial of service. | |||
| CVE-2000-0289 | 0.00 | — | 0.03 | Mar 27, 2000 | IP masquerading in Linux 2.2.x allows remote attackers to route UDP packets through the internal interface by modifying the external source IP address and port number to match those of an established connection. | |||
| CVE-2000-0145 | 0.00 | — | 0.02 | Feb 5, 2000 | The libguile.so library file used by gnucash in Debian GNU/Linux is installed with world-writable permissions. | |||
| CVE-2000-0112 | 0.00 | — | 0.00 | Feb 2, 2000 | The default installation of Debian GNU/Linux uses an insecure Master Boot Record (MBR) which allows a local user to boot from a floppy disk during the installation. | |||
| CVE-1999-1330 | 0.00 | — | 0.00 | Dec 31, 1999 | The snprintf function in the db library 1.85.4 ignores the size parameter, which could allow attackers to exploit buffer overflows that would be prevented by a properly implemented snprintf. | |||
| CVE-2000-0076 | 0.00 | — | 0.00 | Dec 30, 1999 | nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover. | |||
| CVE-1999-0978 | 0.00 | — | 0.02 | Dec 9, 1999 | htdig allows remote attackers to execute commands via filenames with shell metacharacters. | |||
| CVE-2000-0366 | 0.00 | — | 0.00 | Dec 2, 1999 | dump in Debian GNU/Linux 2.1 does not properly restore symlinks, which allows a local user to modify the ownership of arbitrary files. | |||
| CVE-1999-0831 | 0.00 | — | 0.01 | Nov 19, 1999 | Denial of service in Linux syslogd via a large number of connections. | |||
| CVE-1999-0832 | 0.00 | — | 0.03 | Nov 9, 1999 | Buffer overflow in NFS server on Linux allows attackers to execute commands via a long pathname. | |||
| CVE-1999-0939 | 0.00 | — | 0.01 | Aug 26, 1999 | Denial of service in Debian IRC Epic/epic4 client via a long string. | |||
| CVE-1999-0872 | 0.00 | — | 0.00 | Aug 25, 1999 | Buffer overflow in Vixie cron allows local users to gain root access via a long MAILTO environment variable in a crontab file. | |||
| CVE-1999-1565 | 0.00 | — | 0.00 | Aug 20, 1999 | Man2html 2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | |||
| CVE-1999-0743 | 0.00 | — | 0.00 | Aug 20, 1999 | Trn allows local users to overwrite other users' files via symlinks. | |||
| CVE-1999-0732 | 0.00 | — | 0.00 | Aug 19, 1999 | The logging facility of the Debian smtp-refuser package allows local users to delete arbitrary files using symbolic links. | |||
| CVE-1999-0742 | 0.00 | — | 0.01 | Jun 22, 1999 | The Debian mailman package uses weak authentication, which allows attackers to gain privileges. | |||
| CVE-1999-1496 | 0.00 | — | 0.01 | Jun 8, 1999 | Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to determine the existence of arbitrary files by attempting to execute the target filename as a program, which generates a different error message when the file does not exist. | |||
| CVE-1999-0434 | 0.00 | — | 0.01 | Mar 30, 1999 | XFree86 xfs command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service. | |||
| CVE-2000-0367 | 0.00 | — | 0.00 | Feb 18, 1999 | Vulnerability in eterm 0.8.8 in Debian GNU/Linux allows an attacker to gain root privileges. | |||
| CVE-1999-0374 | 0.00 | — | 0.00 | Feb 16, 1999 | Debian GNU/Linux cfengine package is susceptible to a symlink attack. | |||
| CVE-1999-0373 | 0.00 | — | 0.00 | Feb 1, 1999 | Buffer overflow in the "Super" utility in Debian GNU/Linux, and other operating systems, allows local users to execute commands as root. | |||
| CVE-1999-0457 | 0.00 | — | 0.00 | Jan 17, 1999 | Linux ftpwatch program allows local users to gain root privileges. | |||
| CVE-1999-0389 | 0.00 | — | 0.00 | Jan 3, 1999 | Buffer overflow in the bootp server in the Debian Linux netstd package. | |||
| CVE-1999-1276 | 0.00 | — | 0.00 | Dec 7, 1998 | fte-console in the fte package before 0.46b-4.1 does not drop root privileges, which allows local users to gain root access via the virtual console device. | |||
| CVE-1999-1411 | 0.00 | — | 0.02 | Nov 26, 1998 | The installation of the fsp package 2.71-10 in Debian GNU/Linux 2.0 adds the anonymous FTP user without notifying the administrator, which could automatically enable anonymous FTP on some servers such as wu-ftp. | |||
| CVE-1999-1048 | 0.00 | — | 0.01 | Sep 5, 1998 | Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local attackers to gain privileges by creating an extremely large directory name, which is inserted into the password prompt via the \w option in the PS1 environmental variable when another user changes into that… | |||
| CVE-1999-0341 | 0.00 | — | 0.00 | Jan 1, 1998 | Buffer overflow in the Linux mail program "deliver" allows local users to gain root access. |
- CVE-2001-0430Jul 2, 2001risk 0.00cvss —epss 0.00
Vulnerability in exuberant-ctags before 3.2.4-0.1 insecurely creates temporary files.
- CVE-2001-0457Jun 27, 2001risk 0.00cvss —epss 0.02
man2html before 1.5-22 allows remote attackers to cause a denial of service (memory exhaustion).
- CVE-2001-0441Jun 27, 2001risk 0.00cvss —epss 0.03
Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header.
- CVE-2001-0456Jun 27, 2001risk 0.00cvss —epss 0.06
postinst installation script for Proftpd in Debian 2.2 does not properly change the "run as uid/gid root" configuration when the user enables anonymous access, which causes the server to run at a higher privilege than intended.
- CVE-2001-0416Jun 27, 2001risk 0.00cvss —epss 0.00
sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files with insecure permissions, which allows other users to read files that are being processed by sgml-tools.
- CVE-2001-0458Jun 27, 2001risk 0.00cvss —epss 0.02
Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and remote attackers to execute arbitrary commands.
- CVE-2001-1331May 3, 2001risk 0.00cvss —epss 0.00
mandb in the man-db package before 2.3.16-3 allows local users to overwrite arbitrary files via the command line options (1) -u or (2) -c, which do not drop privileges and follow symlinks.
- CVE-2001-0235Mar 26, 2001risk 0.00cvss —epss 0.00
Vulnerability in crontab allows local users to read crontab files of other users by replacing the temporary file that is being edited while crontab is running.
- CVE-2000-0315Mar 12, 2001risk 0.00cvss —epss 0.02
traceroute in NetBSD 1.3.3 and Linux systems allows local unprivileged users to modify the source address of the packets, which could be used in spoofing attacks.
- CVE-2001-0131Mar 12, 2001risk 0.00cvss —epss 0.02
htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
- CVE-2001-0138Mar 12, 2001risk 0.00cvss —epss 0.00
privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack.
- CVE-2001-0125Mar 12, 2001risk 0.00cvss —epss 0.00
exmh 2.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the exmhErrorMsg temporary file.
- CVE-2000-0314Mar 12, 2001risk 0.00cvss —epss 0.02
traceroute in NetBSD 1.3.3 and Linux systems allows local users to flood other systems by providing traceroute with a large waittime (-w) option, which is not parsed properly and sets the time delay for sending packets to zero.
- CVE-2001-0128Mar 12, 2001risk 0.00cvss —epss 0.00
Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges.
- CVE-2001-0139Mar 12, 2001risk 0.00cvss —epss 0.00
inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations.
- CVE-2001-0069Feb 12, 2001risk 0.00cvss —epss 0.00
dialog before 0.9a-20000118-3bis in Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack.
- CVE-2000-1136Jan 9, 2001risk 0.00cvss —epss 0.00
elvis-tiny before 1.4-10 in Debian GNU/Linux, and possibly other Linux operating systems, allows local users to overwrite files of other users via a symlink attack.
- CVE-2000-1135Jan 9, 2001risk 0.00cvss —epss 0.00
fshd (fsh daemon) in Debian GNU/Linux allows local users to overwrite files of other users via a symlink attack.
- CVE-2000-0867Nov 14, 2000risk 0.00cvss —epss 0.00
Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages.
- CVE-2000-0606Jun 21, 2000risk 0.00cvss —epss 0.01
Buffer overflow in kon program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via a long -StartupMessage parameter.
- CVE-2000-0510Jun 21, 2000risk 0.00cvss —epss 0.02
CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service via a malformed IPP request.
- CVE-2000-0513Jun 21, 2000risk 0.00cvss —epss 0.02
CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service by authenticating with a user name that does not exist or does not have a shadow password.
- CVE-2000-0511Jun 21, 2000risk 0.00cvss —epss 0.02
CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service via a CGI POST request.
- CVE-2000-0512Jun 16, 2000risk 0.00cvss —epss 0.02
CUPS (Common Unix Printing System) 1.04 and earlier does not properly delete request files, which allows a remote attacker to cause a denial of service.
- CVE-2000-0289Mar 27, 2000risk 0.00cvss —epss 0.03
IP masquerading in Linux 2.2.x allows remote attackers to route UDP packets through the internal interface by modifying the external source IP address and port number to match those of an established connection.
- CVE-2000-0145Feb 5, 2000risk 0.00cvss —epss 0.02
The libguile.so library file used by gnucash in Debian GNU/Linux is installed with world-writable permissions.
- CVE-2000-0112Feb 2, 2000risk 0.00cvss —epss 0.00
The default installation of Debian GNU/Linux uses an insecure Master Boot Record (MBR) which allows a local user to boot from a floppy disk during the installation.
- CVE-1999-1330Dec 31, 1999risk 0.00cvss —epss 0.00
The snprintf function in the db library 1.85.4 ignores the size parameter, which could allow attackers to exploit buffer overflows that would be prevented by a properly implemented snprintf.
- CVE-2000-0076Dec 30, 1999risk 0.00cvss —epss 0.00
nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover.
- CVE-1999-0978Dec 9, 1999risk 0.00cvss —epss 0.02
htdig allows remote attackers to execute commands via filenames with shell metacharacters.
- CVE-2000-0366Dec 2, 1999risk 0.00cvss —epss 0.00
dump in Debian GNU/Linux 2.1 does not properly restore symlinks, which allows a local user to modify the ownership of arbitrary files.
- CVE-1999-0831Nov 19, 1999risk 0.00cvss —epss 0.01
Denial of service in Linux syslogd via a large number of connections.
- CVE-1999-0832Nov 9, 1999risk 0.00cvss —epss 0.03
Buffer overflow in NFS server on Linux allows attackers to execute commands via a long pathname.
- CVE-1999-0939Aug 26, 1999risk 0.00cvss —epss 0.01
Denial of service in Debian IRC Epic/epic4 client via a long string.
- CVE-1999-0872Aug 25, 1999risk 0.00cvss —epss 0.00
Buffer overflow in Vixie cron allows local users to gain root access via a long MAILTO environment variable in a crontab file.
- CVE-1999-1565Aug 20, 1999risk 0.00cvss —epss 0.00
Man2html 2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
- CVE-1999-0743Aug 20, 1999risk 0.00cvss —epss 0.00
Trn allows local users to overwrite other users' files via symlinks.
- CVE-1999-0732Aug 19, 1999risk 0.00cvss —epss 0.00
The logging facility of the Debian smtp-refuser package allows local users to delete arbitrary files using symbolic links.
- CVE-1999-0742Jun 22, 1999risk 0.00cvss —epss 0.01
The Debian mailman package uses weak authentication, which allows attackers to gain privileges.
- CVE-1999-1496Jun 8, 1999risk 0.00cvss —epss 0.01
Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to determine the existence of arbitrary files by attempting to execute the target filename as a program, which generates a different error message when the file does not exist.
- CVE-1999-0434Mar 30, 1999risk 0.00cvss —epss 0.01
XFree86 xfs command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.
- CVE-2000-0367Feb 18, 1999risk 0.00cvss —epss 0.00
Vulnerability in eterm 0.8.8 in Debian GNU/Linux allows an attacker to gain root privileges.
- CVE-1999-0374Feb 16, 1999risk 0.00cvss —epss 0.00
Debian GNU/Linux cfengine package is susceptible to a symlink attack.
- CVE-1999-0373Feb 1, 1999risk 0.00cvss —epss 0.00
Buffer overflow in the "Super" utility in Debian GNU/Linux, and other operating systems, allows local users to execute commands as root.
- CVE-1999-0457Jan 17, 1999risk 0.00cvss —epss 0.00
Linux ftpwatch program allows local users to gain root privileges.
- CVE-1999-0389Jan 3, 1999risk 0.00cvss —epss 0.00
Buffer overflow in the bootp server in the Debian Linux netstd package.
- CVE-1999-1276Dec 7, 1998risk 0.00cvss —epss 0.00
fte-console in the fte package before 0.46b-4.1 does not drop root privileges, which allows local users to gain root access via the virtual console device.
- CVE-1999-1411Nov 26, 1998risk 0.00cvss —epss 0.02
The installation of the fsp package 2.71-10 in Debian GNU/Linux 2.0 adds the anonymous FTP user without notifying the administrator, which could automatically enable anonymous FTP on some servers such as wu-ftp.
- CVE-1999-1048Sep 5, 1998risk 0.00cvss —epss 0.01
Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local attackers to gain privileges by creating an extremely large directory name, which is inserted into the password prompt via the \w option in the PS1 environmental variable when another user changes into that…
- CVE-1999-0341Jan 1, 1998risk 0.00cvss —epss 0.00
Buffer overflow in the Linux mail program "deliver" allows local users to gain root access.
Page 66 of 67