Vulnerabilities (CVE)

Filtered by vendor Debian Subscribe
Total 7552 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-1679 1 Debian 1 Dpkg 2017-08-17 6.8 MEDIUM N/A
Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package.
CVE-2010-0394 3 Debian, Edgewall Software, Nanosleep 3 Debian Linux, Trac, Trac-git 2017-08-17 6.8 MEDIUM N/A
PyGIT.py in the Trac Git plugin (trac-git) before 0.0.20080710-3+lenny1 and before 0.0.20090320-1 on Debian GNU/Linux, when enabled in Trac, allows remote attackers to execute arbitrary commands via shell metacharacters in a crafted HTTP query that is used to generate a certain git command.
CVE-2010-0396 1 Debian 1 Dpkg 2017-08-17 5.8 MEDIUM N/A
Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive.
CVE-2009-1962 2 Debian, Xfig 2 Debian Linux, Xfig 2017-08-17 4.4 MEDIUM N/A
Xfig, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the (1) xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID], (7) xfig-print[PID], (8) xfig-export[PID].err, (9) xfig-batch[PID], (10) xfig-exp[PID], or (11) xfig-spell.[PID] temporary files, where [PID] is a process ID.
CVE-2009-1573 4 Branden Robinson, Debian, Redhat and 1 more 4 Xvfb-run, Debian Linux, Fedora and 1 more 2017-08-17 4.6 MEDIUM N/A
xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments.
CVE-2004-2768 1 Debian 1 Dpkg 2017-08-17 7.2 HIGH N/A
dpkg 1.9.21 does not properly reset the metadata of a file during replacement of the file in a package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid file, (2) setgid file, or (3) device, a related issue to CVE-2010-2059.
CVE-2008-5140 1 Debian 1 Mailscanner 2017-08-08 6.9 MEDIUM N/A
trend-autoupdate.new in mailscanner 4.55.10 and other versions before 4.74.16-1 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/opr.ini.##### or (2) /tmp/lpt*.zip temporary file.
CVE-2008-5145 1 Debian 1 Ltp 2017-08-08 6.9 MEDIUM N/A
ltpmenu in ltp 20060918 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/runltp.mainmenu.##### temporary file.
CVE-2008-4973 1 Debian 1 Myspell 2017-08-08 6.9 MEDIUM N/A
i2myspell in myspell 3.1 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/i2my#####.1 and (2) /tmp/i2my#####.2 temporary files.
CVE-2008-3930 1 Debian 1 Citadel Server 2017-08-08 6.9 MEDIUM N/A
migrate_aliases.sh in Citadel Server 7.37 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
CVE-2008-3928 1 Debian 1 Honeyd Common 2017-08-08 6.9 MEDIUM N/A
test.sh in Honeyd 1.5c might allow local users to overwrite arbitrary files via a symlink attack on a temporary file.
CVE-2008-4908 2 Crossfire, Debian 2 Crossfire, Debian Linux 2017-08-08 3.3 LOW N/A
maps/Info/combine.pl in CrossFire crossfire-maps 1.11.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
CVE-2008-4553 2 Debian, Qemu 2 Debian Linux, Qemu 2017-08-08 7.2 HIGH N/A
qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files and directories.
CVE-2008-4406 1 Debian 1 Xsabre 2017-08-08 7.2 HIGH N/A
A certain Debian patch to the run scripts for sabre (aka xsabre) 0.2.4b allows local users to delete or overwrite arbitrary files via a symlink attack on unspecified .tmp files.
CVE-2008-4109 2 Debian, Openbsd 2 Linux, Openssh 2017-08-08 5.0 MEDIUM N/A
A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051.
CVE-2008-3216 1 Debian 1 Projectl 2017-08-08 4.6 MEDIUM N/A
The save function in br/prefmanager.d in projectl 1.001 creates a projectL.prf file in the current working directory, which allows local users to overwrite arbitrary files via a symlink attack.
CVE-2008-3330 1 Debian 2 Horde, Turba 2017-08-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in services/obrowser/index.php in Horde 3.2 and Turba 2.2 allows remote attackers to inject arbitrary web script or HTML via the contact name.
CVE-2008-1901 1 Debian 1 Aptlinex 2017-08-08 7.2 HIGH N/A
aptlinex before 0.91 allows local users to overwrite arbitrary files via a symlink attack on the gambas-apt.lock temporary file.
CVE-2008-1877 1 Debian 1 Tss 2017-08-08 2.1 LOW N/A
tss 0.8.1 allows local users to read arbitrary files via the -a parameter, which is processed while tss is running with privileges.
CVE-2008-1902 1 Debian 1 Aptlinex 2017-08-08 5.0 MEDIUM N/A
The GUI for aptlinex before 0.91 does not sufficiently warn the user of potentially dangerous actions, which allows remote attackers to remove or modify packages via an apt:// URL.