Filtered by vendor Debian
Subscribe
Total
8236 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-11729 | 2 Davical, Debian | 2 Andrew\'s Web Libraries, Debian Linux | 2020-08-18 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. Long-term session cookies, uses to provide long-term session continuity, are not generated securely, enabling a brute-force attack that may be successful. | |||||
| CVE-2011-1028 | 2 Debian, Smarty | 2 Debian Linux, Smarty | 2020-08-18 | 7.5 HIGH | 9.8 CRITICAL |
| The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file. | |||||
| CVE-2011-1489 | 3 Debian, Opensuse, Rsyslog | 3 Debian Linux, Opensuse, Rsyslog | 2020-08-18 | 2.1 LOW | 5.5 MEDIUM |
| A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset. | |||||
| CVE-2011-1136 | 2 Debian, Tesseract Project | 2 Debian Linux, Tesseract | 2020-08-18 | 6.3 MEDIUM | 4.7 MEDIUM |
| In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's file. | |||||
| CVE-2011-1930 | 2 Debian, Klibc Project | 2 Debian Linux, Klibc | 2020-08-18 | 10.0 HIGH | 9.8 CRITICAL |
| In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP options. | |||||
| CVE-2011-2187 | 2 Debian, Xscreensaver Project | 2 Debian Linux, Xscreensaver | 2020-08-18 | 4.6 MEDIUM | 7.8 HIGH |
| xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication. | |||||
| CVE-2011-2515 | 3 Debian, Packagekit Project, Redhat | 3 Debian Linux, Packagekit, Enterprise Linux Server | 2020-08-18 | 4.6 MEDIUM | 5.3 MEDIUM |
| PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code. | |||||
| CVE-2011-2923 | 2 Debian, Linuxfoundation | 2 Debian Linux, Foomatic-filters | 2020-08-18 | 3.3 LOW | 5.5 MEDIUM |
| foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter. | |||||
| CVE-2011-2924 | 3 Debian, Fedoraproject, Linuxfoundation | 3 Debian Linux, Fedora, Foomatic-filters | 2020-08-18 | 3.3 LOW | 5.5 MEDIUM |
| foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter. | |||||
| CVE-2007-5743 | 2 Debian, Viewvc | 2 Debian Linux, Viewvc | 2020-08-18 | 4.3 MEDIUM | 7.5 HIGH |
| viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option. | |||||
| CVE-2011-3632 | 3 Debian, Hardlink Project, Redhat | 3 Debian Linux, Hardlink, Enterprise Linux | 2020-08-18 | 3.6 LOW | 7.1 HIGH |
| Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks. | |||||
| CVE-2011-3596 | 2 Debian, Polipo Project | 2 Debian Linux, Polipo | 2020-08-18 | 5.0 MEDIUM | 7.5 HIGH |
| Polipo before 1.0.4.1 suffers from a DoD vulnerability via specially-crafted HTTP POST / PUT request. | |||||
| CVE-2011-3618 | 2 Atop Project, Debian | 2 Atop, Debian Linux | 2020-08-18 | 4.6 MEDIUM | 7.8 HIGH |
| atop: symlink attack possible due to insecure tempfile handling | |||||
| CVE-2011-3630 | 3 Debian, Hardlink Project, Redhat | 3 Debian Linux, Hardlink, Enterprise Linux | 2020-08-18 | 6.8 MEDIUM | 8.8 HIGH |
| Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow flaws because of the way directory trees with deeply nested directories are processed. A remote attacker could provide a specially-crafted directory tree, and trick the local user into consolidating it, leading to hardlink executable crash, or, potentially arbitrary code execution with the privileges of the user running the hardlink executable. | |||||
| CVE-2011-3631 | 3 Debian, Hardlink Project, Redhat | 3 Debian Linux, Hardlink, Enterprise Linux | 2020-08-18 | 6.8 MEDIUM | 8.8 HIGH |
| Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to be used. A remote attacker could provide a specially-crafted directory tree and trick the local user into consolidating it, leading to hardlink executable crash or potentially arbitrary code execution with user privileges. | |||||
| CVE-2011-4120 | 3 Debian, Linux, Yubico | 3 Debian Linux, Linux Kernel, Pam Module | 2020-08-18 | 7.5 HIGH | 9.8 CRITICAL |
| Yubico PAM Module before 2.10 performed user authentication when 'use_first_pass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration. A remote attacker could use this flaw to circumvent common authentication process and obtain access to the account in question by providing a NULL value (pressing Ctrl-D keyboard sequence) as the password string. | |||||
| CVE-2011-4082 | 2 Debian, Phpldapadmin Project | 2 Debian Linux, Phpldapadmin | 2020-08-18 | 5.0 MEDIUM | 7.5 HIGH |
| A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the "Accept-Language" HTTP header. A remote attacker could use this flaw to cause a denial of service via specially-crafted request. | |||||
| CVE-2011-4350 | 2 Debian, Yaws | 2 Debian Linux, Yaws | 2020-08-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| Yaws 1.91 has a directory traversal vulnerability in the way certain URLs are processed. A remote authenticated user could use this flaw to obtain content of arbitrary local files via specially-crafted URL request. | |||||
| CVE-2011-4625 | 2 Debian, Simplesamlphp | 2 Debian Linux, Simplesamlphp | 2020-08-18 | 5.0 MEDIUM | 7.5 HIGH |
| simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages. | |||||
| CVE-2007-6745 | 2 Clamav, Debian | 2 Clamav, Debian Linux | 2020-08-18 | 7.5 HIGH | 9.8 CRITICAL |
| clamav 0.91.2 suffers from a floating point exception when using ScanOLE2. | |||||