Vulnerabilities (CVE)

Filtered by vendor Debian Subscribe
Total 8002 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-0402 1 Debian 1 Dpkg 2017-08-17 6.8 MEDIUM N/A
dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory.
CVE-2010-4338 2 Debian, Jwilk 2 Linux, Ocrodjvu 2017-08-17 6.2 MEDIUM N/A
ocrodjvu 0.4.6-1 on Debian GNU/Linux allows local users to modify arbitrary files via a symlink attack on temporary files that are generated when Cuneiform is invoked as the OCR engine.
CVE-2010-1679 1 Debian 1 Dpkg 2017-08-17 6.8 MEDIUM N/A
Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package.
CVE-2010-0394 3 Debian, Edgewall Software, Nanosleep 3 Debian Linux, Trac, Trac-git 2017-08-17 6.8 MEDIUM N/A
PyGIT.py in the Trac Git plugin (trac-git) before 0.0.20080710-3+lenny1 and before 0.0.20090320-1 on Debian GNU/Linux, when enabled in Trac, allows remote attackers to execute arbitrary commands via shell metacharacters in a crafted HTTP query that is used to generate a certain git command.
CVE-2010-0396 1 Debian 1 Dpkg 2017-08-17 5.8 MEDIUM N/A
Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive.
CVE-2009-1573 4 Branden Robinson, Debian, Redhat and 1 more 4 Xvfb-run, Debian Linux, Fedora and 1 more 2017-08-17 4.6 MEDIUM N/A
xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments.
CVE-2009-1962 2 Debian, Xfig 2 Debian Linux, Xfig 2017-08-17 4.4 MEDIUM N/A
Xfig, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the (1) xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID], (7) xfig-print[PID], (8) xfig-export[PID].err, (9) xfig-batch[PID], (10) xfig-exp[PID], or (11) xfig-spell.[PID] temporary files, where [PID] is a process ID.
CVE-2004-2768 1 Debian 1 Dpkg 2017-08-17 7.2 HIGH N/A
dpkg 1.9.21 does not properly reset the metadata of a file during replacement of the file in a package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid file, (2) setgid file, or (3) device, a related issue to CVE-2010-2059.
CVE-2008-4973 1 Debian 1 Myspell 2017-08-08 6.9 MEDIUM N/A
i2myspell in myspell 3.1 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/i2my#####.1 and (2) /tmp/i2my#####.2 temporary files.
CVE-2008-5145 1 Debian 1 Ltp 2017-08-08 6.9 MEDIUM N/A
ltpmenu in ltp 20060918 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/runltp.mainmenu.##### temporary file.
CVE-2008-5140 1 Debian 1 Mailscanner 2017-08-08 6.9 MEDIUM N/A
trend-autoupdate.new in mailscanner 4.55.10 and other versions before 4.74.16-1 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/opr.ini.##### or (2) /tmp/lpt*.zip temporary file.
CVE-2008-4553 2 Debian, Qemu 2 Debian Linux, Qemu 2017-08-08 7.2 HIGH N/A
qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files and directories.
CVE-2008-4908 2 Crossfire, Debian 2 Crossfire, Debian Linux 2017-08-08 3.3 LOW N/A
maps/Info/combine.pl in CrossFire crossfire-maps 1.11.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
CVE-2008-4109 2 Debian, Openbsd 2 Linux, Openssh 2017-08-08 5.0 MEDIUM N/A
A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051.
CVE-2008-3928 1 Debian 1 Honeyd Common 2017-08-08 6.9 MEDIUM N/A
test.sh in Honeyd 1.5c might allow local users to overwrite arbitrary files via a symlink attack on a temporary file.
CVE-2008-3930 1 Debian 1 Citadel Server 2017-08-08 6.9 MEDIUM N/A
migrate_aliases.sh in Citadel Server 7.37 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
CVE-2008-4406 1 Debian 1 Xsabre 2017-08-08 7.2 HIGH N/A
A certain Debian patch to the run scripts for sabre (aka xsabre) 0.2.4b allows local users to delete or overwrite arbitrary files via a symlink attack on unspecified .tmp files.
CVE-2008-3216 1 Debian 1 Projectl 2017-08-08 4.6 MEDIUM N/A
The save function in br/prefmanager.d in projectl 1.001 creates a projectL.prf file in the current working directory, which allows local users to overwrite arbitrary files via a symlink attack.
CVE-2008-3330 1 Debian 2 Horde, Turba 2017-08-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in services/obrowser/index.php in Horde 3.2 and Turba 2.2 allows remote attackers to inject arbitrary web script or HTML via the contact name.
CVE-2008-1902 1 Debian 1 Aptlinex 2017-08-08 5.0 MEDIUM N/A
The GUI for aptlinex before 0.91 does not sufficiently warn the user of potentially dangerous actions, which allows remote attackers to remove or modify packages via an apt:// URL.