Vulnerabilities (CVE)

Filtered by vendor Debian Subscribe
Total 8776 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-3618 2 Atop Project, Debian 2 Atop, Debian Linux 2019-11-14 4.6 MEDIUM 7.8 HIGH
atop: symlink attack possible due to insecure tempfile handling
CVE-2010-3440 2 Babiloo Project, Debian 2 Babiloo, Debian Linux 2019-11-14 3.3 LOW 5.5 MEDIUM
babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and unpacking dictionary files, allowing a local attacker to overwrite arbitrary files.
CVE-2012-1572 2 Debian, Openstack 2 Debian Linux, Keystone 2019-11-14 5.0 MEDIUM 7.5 HIGH
OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space
CVE-2011-2897 3 Debian, Gnome, Redhat 3 Debian Linux, Gdk-pixbuf, Enterprise Linux 2019-11-14 7.5 HIGH 9.8 CRITICAL
gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw
CVE-2011-4625 2 Debian, Simplesamlphp 2 Debian Linux, Simplesamlphp 2019-11-13 5.0 MEDIUM 7.5 HIGH
simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages.
CVE-2010-2450 2 Debian, Shibboleth 2 Debian Linux, Service Provider 2019-11-13 5.0 MEDIUM 7.5 HIGH
The script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable by default.
CVE-2007-6745 2 Clamav, Debian 2 Clamav, Debian Linux 2019-11-13 7.5 HIGH 9.8 CRITICAL
clamav 0.91.2 suffers from a floating point exception when using ScanOLE2.
CVE-2013-6364 2 Debian, Horde 2 Debian Linux, Groupware 2019-11-13 6.8 MEDIUM 8.8 HIGH
Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book
CVE-2013-1809 2 Debian, Gambas Project 2 Debian Linux, Gambas 2019-11-13 6.4 MEDIUM 7.5 HIGH
Gambas before 3.4.0 allows remote attackers to move or manipulate directory contents or perform symlink attacks due to the creation of insecure temporary directories.
CVE-2005-2351 2 Debian, Mutt 2 Debian Linux, Mutt 2019-11-13 2.1 LOW 5.5 MEDIUM
Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files.
CVE-2009-5046 2 Debian, Eclipse 2 Debian Linux, Jetty 2019-11-13 4.3 MEDIUM 6.1 MEDIUM
JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22.
CVE-2009-5045 2 Debian, Eclipse 2 Debian Linux, Jetty 2019-11-13 5.0 MEDIUM 7.5 HIGH
Dump Servlet information leak in jetty before 6.1.22.
CVE-2013-5123 5 Debian, Fedoraproject, Pypa and 2 more 6 Debian Linux, Fedora, Pip and 3 more 2019-11-12 4.3 MEDIUM 5.9 MEDIUM
The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.
CVE-2009-3614 2 Debian, Noping 2 Debian Linux, Liboping 2019-11-12 2.1 LOW 3.3 LOW
liboping 1.3.2 allows users reading arbitrary files upon the local system.
CVE-2012-0051 2 Debian, Tahoe-lafs 2 Debian Linux, Tahoe-lafs 2019-11-12 5.8 MEDIUM 7.4 HIGH
Tahoe-LAFS 1.9.0 fails to ensure integrity which allows remote attackers to corrupt mutable files or directories upon retrieval.
CVE-2013-1811 2 Debian, Mantisbt 2 Debian Linux, Mantisbt 2019-11-09 4.0 MEDIUM 4.3 MEDIUM
An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New".
CVE-2012-0049 3 Debian, Fedoraproject, Openttd 3 Debian Linux, Fedora, Openttd 2019-11-09 4.0 MEDIUM 4.3 MEDIUM
OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server.
CVE-2007-5743 2 Debian, Viewvc 2 Debian Linux, Viewvc 2019-11-09 4.3 MEDIUM 7.5 HIGH
viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option.
CVE-2019-17362 2 Debian, Libtom 2 Debian Linux, Libtomcrypt 2019-11-09 6.4 MEDIUM 9.1 CRITICAL
In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.
CVE-2008-7291 2 Debian, Gri Project 2 Debian Linux, Gri 2019-11-08 7.5 HIGH 9.8 CRITICAL
gri before 2.12.18 generates temporary files in an insecure way.