| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-1051 |
20 |
|
|
2013-03-21 |
2013-03-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories. |
|
2 |
CVE-2013-1049 |
119 |
|
DoS Exec Code Overflow |
2013-03-13 |
2013-03-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the RFC1413 (ident) client in cfingerd 1.4.3-3 allows remote IDENT servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted response. |
|
3 |
CVE-2013-1048 |
264 |
|
+Priv |
2013-03-06 |
2013-03-06 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack. |
|
4 |
CVE-2013-0251 |
119 |
|
DoS Exec Code Overflow |
2013-03-19 |
2013-03-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in llogincircuit.cc in latd 1.25 through 1.30 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the llogin version. |
|
5 |
CVE-2012-5519 |
264 |
|
|
2012-11-19 |
2013-03-22 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface. |
|
6 |
CVE-2012-3587 |
20 |
|
|
2012-06-19 |
2012-06-26 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack. |
|
7 |
CVE-2012-3453 |
264 |
|
|
2012-08-07 |
2012-08-08 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
logol 1.5.0 uses world writable permissions for the /var/lib/logol/results directory, which allows local users to delete or overwrite arbitrary files. |
|
8 |
CVE-2012-2387 |
200 |
|
+Info |
2012-08-20 |
2012-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
devotee 0.1 patch 2 uses a 32-bit seed for generating 48-bit random numbers, which makes it easier for remote attackers to obtain the secret monikers via a brute force attack. |
|
9 |
CVE-2012-2317 |
310 |
|
Bypass |
2012-08-07 |
2012-08-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The Debian php_crypt_revamped.patch patch for PHP 5.3.x, as used in the php5 package before 5.3.3-7+squeeze4 in Debian GNU/Linux squeeze, the php5 package before 5.3.2-1ubuntu4.17 in Ubuntu 10.04 LTS, and the php5 package before 5.3.5-1ubuntu7.10 in Ubuntu 11.04, does not properly handle an empty salt string, which might allow remote attackers to bypass authentication by leveraging an application that relies on the PHP crypt function to choose a salt for password hashing. |
|
10 |
CVE-2012-2251 |
20 |
|
Bypass |
2013-01-10 |
2013-01-14 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) "-e" or (2) "--" command line option. |
|
11 |
CVE-2012-2120 |
264 |
|
|
2012-05-18 |
2012-05-21 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
latex2man in texlive-extra-utils 2011.20120322, and possibly other versions or packages, when used with the H or T option, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. |
|
12 |
CVE-2012-1586 |
200 |
|
+Info |
2012-08-27 |
2012-08-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message. |
|
13 |
CVE-2012-0961 |
200 |
|
+Info |
2012-12-26 |
2012-12-31 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which allows local users to obtain sensitive shell information by reading the log file. |
|
14 |
CVE-2012-0954 |
20 |
|
|
2012-06-19 |
2012-06-26 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587. |
|
15 |
CVE-2012-0698 |
119 |
1
|
DoS Overflow |
2012-11-26 |
2013-04-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
tcsd in TrouSerS before 0.3.10 allows remote attackers to cause a denial of service (daemon crash) via a crafted type_offset value in a TCP packet to port 30003. |
|
16 |
CVE-2012-0216 |
|
|
+Priv XSS +Info |
2012-04-22 |
2012-08-13 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server. |
|
17 |
CVE-2011-1829 |
20 |
|
|
2011-07-26 |
2011-08-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
APT before 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle attackers to install modified packages via vectors involving lack of an initial clearsigned message. |
|
18 |
CVE-2011-1400 |
16 |
|
Exec Code |
2011-03-25 |
2011-09-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The default configuration of the shell_escape_commands directive in conf/texmf.d/95NonPath.cnf in the tex-common package before 2.08.1 in Debian GNU/Linux squeeze, Ubuntu 10.10 and 10.04 LTS, and possibly other operating systems lists certain programs, which might allow remote attackers to execute arbitrary code via a crafted TeX document. |
|
19 |
CVE-2011-0721 |
20 |
|
|
2011-02-18 |
2011-04-08 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field. |
|
20 |
CVE-2011-0402 |
59 |
|
|
2011-01-10 |
2011-02-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory. |
|
21 |
CVE-2010-3369 |
|
|
+Priv |
2010-10-20 |
2010-12-14 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The (1) mdb and (2) mdb-symbolreader scripts in mono-debugger 2.4.3, and other versions before 2.8.1, place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. |
|
22 |
CVE-2010-1679 |
22 |
|
Dir. Trav. |
2011-01-10 |
2011-02-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package. |
|
23 |
CVE-2010-0396 |
22 |
|
Dir. Trav. |
2010-03-15 |
2010-03-26 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive. |
|
24 |
CVE-2009-4015 |
89 |
|
Exec Code Sql |
2010-02-02 |
2010-02-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments. |
|
25 |
CVE-2009-4014 |
134 |
|
|
2010-02-02 |
2010-02-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple format string vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to have an unspecified impact via vectors involving (1) check scripts and (2) the Lintian::Schedule module. |
|
26 |
CVE-2009-4013 |
22 |
|
Dir. Trav. +Info |
2010-02-02 |
2010-02-03 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive information via vectors involving (1) control field names, (2) control field values, and (3) control files of patch systems. |
|
27 |
CVE-2009-3232 |
287 |
|
Bypass |
2009-09-17 |
2009-09-17 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an "empty selection" for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote attackers to bypass authentication. |
|
28 |
CVE-2009-1962 |
59 |
|
|
2009-06-07 |
2010-03-06 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Xfig, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the (1) xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID], (7) xfig-print[PID], (8) xfig-export[PID].err, (9) xfig-batch[PID], (10) xfig-exp[PID], or (11) xfig-spell.[PID] temporary files, where [PID] is a process ID. |
|
29 |
CVE-2009-1573 |
264 |
|
+Priv |
2009-05-06 |
2010-05-27 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments. |
|
30 |
CVE-2009-1358 |
|
|
|
2009-04-21 |
2009-05-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories. |
|
31 |
CVE-2009-1341 |
200 |
|
DoS +Info |
2009-04-30 |
2012-01-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Memory leak in the dequote_bytea function in quote.c in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows context-dependent attackers to cause a denial of service (memory consumption) by fetching data with BYTEA columns. |
|
32 |
CVE-2009-1300 |
20 |
|
|
2009-04-16 |
2009-05-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
apt 0.7.20 does not check when the date command returns an "invalid date" error, which can prevent apt from loading security updates in time zones for which DST occurs at midnight. |
|
33 |
CVE-2009-1073 |
264 |
|
|
2009-03-31 |
2009-04-08 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/nss-ldapd.conf file, which allows local users to obtain a cleartext password for the LDAP server by reading the bindpw field. |
|
34 |
CVE-2009-0932 |
22 |
|
Dir. Trav. |
2009-03-17 |
2011-09-21 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name. |
|
35 |
CVE-2009-0931 |
79 |
|
XSS |
2009-03-17 |
2009-03-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the tag cloud search script (horde/services/portal/cloud_search.php) in Horde before 3.2.4 and 3.3.3, and Horde Groupware before 1.1.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
36 |
CVE-2009-0930 |
79 |
|
XSS |
2009-03-17 |
2009-04-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 4.2.2 and 4.3.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) smime.php, (2) pgp.php, and (3) message.php. |
|
37 |
CVE-2008-5394 |
59 |
1
|
|
2008-12-08 |
2009-09-15 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry. |
|
38 |
CVE-2008-5145 |
59 |
|
|
2008-11-18 |
2009-03-07 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
ltpmenu in ltp 20060918 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/runltp.mainmenu.##### temporary file. |
|
39 |
CVE-2008-5140 |
59 |
|
|
2008-11-18 |
2012-10-30 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
trend-autoupdate.new in mailscanner 4.55.10 and other versions before 4.74.16-1 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/opr.ini.##### or (2) /tmp/lpt*.zip temporary file. |
|
40 |
CVE-2008-5135 |
59 |
|
|
2008-11-18 |
2008-11-18 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
** DISPUTED ** os-prober in os-prober 1.17 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/mounted-map or (2) /tmp/raided-map temporary file. NOTE: the vendor disputes this issue, stating "the insecure code path should only ever run inside a d-i environment, which has no non-root users." |
|
41 |
CVE-2008-4996 |
59 |
|
|
2008-11-07 |
2008-11-10 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
** DISPUTED ** init in initramfs-tools 0.92f allows local users to overwrite arbitrary files via a symlink attack on the /tmp/initramfs.debug temporary file. NOTE: the vendor disputes this vulnerability, stating that "init is [used in] a single-user context; there's no possibility that this is exploitable." |
|
42 |
CVE-2008-4975 |
59 |
|
|
2008-11-06 |
2009-09-15 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
mkmailpost in newsgate 1.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mmp##### temporary file. |
|
43 |
CVE-2008-4973 |
59 |
|
|
2008-11-06 |
2009-09-15 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
i2myspell in myspell 3.1 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/i2my#####.1 and (2) /tmp/i2my#####.2 temporary files. |
|
44 |
CVE-2008-4950 |
59 |
|
|
2008-11-05 |
2009-07-20 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
** DISPUTED ** gccross in dpkg-cross 2.3.0 allows local users to overwrite arbitrary files via a symlink attack on the tmp/gccross2.log temporary file. NOTE: the vendor disputes this vulnerability, stating that "There is no sense in this bug - the script ... is called under specific cross-building environments within a chroot." |
|
45 |
CVE-2008-4440 |
59 |
|
|
2008-10-03 |
2008-11-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The to-upgrade plugin in feta 1.4.16 allows local users to overwrite arbitrary files via a symlink on the (1) /tmp/feta.install.$USER and (2) /tmp/feta.avail.$USER temporary files. |
|
46 |
CVE-2008-4407 |
|
|
DoS |
2008-10-03 |
2008-11-15 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
XRunSabre in sabre (aka xsabre) 0.2.4b relies on the ability to create /tmp/sabre.log, which allows local users to cause a denial of service (application unavailability) by creating a /tmp/sabre.log file that cannot be overwritten. |
|
47 |
CVE-2008-4406 |
59 |
|
|
2008-10-03 |
2009-02-18 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
A certain Debian patch to the run scripts for sabre (aka xsabre) 0.2.4b allows local users to delete or overwrite arbitrary files via a symlink attack on unspecified .tmp files. |
|
48 |
CVE-2008-4126 |
16 |
|
|
2008-09-18 |
2008-09-19 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
PyDNS (aka python-dns) before 2.3.1-5 in Debian GNU/Linux does not use random source ports for DNS requests and does not use random transaction IDs for DNS retries, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4099. |
|
49 |
CVE-2008-4099 |
16 |
|
|
2008-09-18 |
2008-09-19 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
PyDNS (aka python-dns) before 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. |
|
50 |
CVE-2008-3930 |
59 |
|
|
2008-09-04 |
2009-08-19 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
migrate_aliases.sh in Citadel Server 7.37 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. |
