CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Debian : Security Vulnerabilities (CVSS score between 4 and 4.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-3310 119 DoS Overflow 2015-04-24 2015-05-11
4.3
None Remote Medium Not required None None Partial
Buffer overflow in the rc_mksid function in plugins/radius/util.c in Paul's PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is greater than 65535, allows remote attackers to cause a denial of service (crash) via a start accounting message to the RADIUS server.
2 CVE-2015-3012 79 XSS 2015-05-08 2015-05-11
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in WebODF before 0.5.5, as used in ownCloud, allow remote attackers to inject arbitrary web script or HTML via a (1) style or (2) font name or (3) javascript or (4) data URI.
3 CVE-2015-2776 20 DoS 2015-03-31 2015-04-01
4.3
None Remote Medium Not required None None Partial
The parse_SST function in FreeXL before 1.0.0i allows remote attackers to cause a denial of service (memory consumption) via a crafted shared strings table in a workbook.
4 CVE-2015-2684 20 DoS 2015-03-31 2015-04-01
4.0
None Remote Low Single system None None Partial
Shibboleth Service Provider (SP) before 2.5.4 allows remote authenticated users to cause a denial of service (crash) via a crafted SAML message.
5 CVE-2015-2317 79 XSS 2015-03-25 2015-05-11
4.3
None Remote Medium Not required None Partial None
The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a control character in a URL, as demonstrated by a \x08javascript: URL.
6 CVE-2015-1572 119 Exec Code Overflow 2015-02-24 2015-03-31
4.6
None Local Low Not required Partial Partial Partial
Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247.
7 CVE-2015-0840 284 Bypass 2015-04-13 2015-04-14
4.3
None Remote Medium Not required None Partial None
The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc).
8 CVE-2015-0247 119 Exec Code Overflow 2015-02-17 2015-03-31
4.6
None Local Low Not required Partial Partial Partial
Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.
9 CVE-2014-9713 264 2015-04-01 2015-04-01
4.0
None Remote Low Single system None Partial None
The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors.
10 CVE-2014-9273 119 Exec Code Overflow +Priv 2014-12-08 2015-03-11
4.6
User Local Low Not required Partial Partial Partial
lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write.
11 CVE-2014-9272 79 XSS 2015-01-09 2015-01-12
4.3
None Remote Medium Not required None Partial None
The string_insert_href function in MantisBT 1.2.0a1 through 1.2.x before 1.2.18 does not properly validate the URL protocol, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the javascript:// protocol.
12 CVE-2014-9271 79 XSS 2015-01-09 2015-01-12
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in file_download.php in MantisBT before 1.2.18 allows remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image extension, related to inline attachments, as demonstrated by a .swf.jpeg filename.
13 CVE-2014-8867 17 DoS 2014-12-01 2015-04-13
4.9
None Local Low Not required None None Complete
The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM guests to cause a denial of service (host crash) via unspecified vectors.
14 CVE-2014-8866 17 DoS 2014-12-01 2015-03-17
4.7
None Local Medium Not required None None Complete
The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode.
15 CVE-2014-8150 Http R.Spl. 2015-01-15 2015-05-11
4.3
None Remote Medium Not required None Partial None
CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.
16 CVE-2014-7817 20 Exec Code 2014-11-24 2015-03-17
4.6
None Local Low Not required Partial Partial Partial
The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".
17 CVE-2014-4510 352 XSS 2014-10-06 2014-10-07
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in job.cc in apt-cacher-ng 0.7.26 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
18 CVE-2014-0478 20 2014-06-17 2014-06-26
4.0
None Remote High Not required None Partial Partial
APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature.
19 CVE-2013-6476 264 +Priv 2014-03-14 2014-03-17
4.4
None Local Medium Not required Partial Partial Partial
The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file.
20 CVE-2013-1051 20 2013-03-21 2013-03-22
4.3
None Remote Medium Not required None Partial None
apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories.
21 CVE-2013-1048 264 +Priv 2013-03-06 2013-03-06
4.6
None Local Low Not required Partial Partial Partial
The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
22 CVE-2012-2317 310 Bypass 2012-08-07 2012-08-08
4.3
None Remote Medium Not required None Partial None
The Debian php_crypt_revamped.patch patch for PHP 5.3.x, as used in the php5 package before 5.3.3-7+squeeze4 in Debian GNU/Linux squeeze, the php5 package before 5.3.2-1ubuntu4.17 in Ubuntu 10.04 LTS, and the php5 package before 5.3.5-1ubuntu7.10 in Ubuntu 11.04, does not properly handle an empty salt string, which might allow remote attackers to bypass authentication by leveraging an application that relies on the PHP crypt function to choose a salt for password hashing.
23 CVE-2012-2251 20 Bypass 2013-01-10 2013-01-14
4.4
None Local Medium Not required Partial Partial Partial
rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) "-e" or (2) "--" command line option.
24 CVE-2012-0216 +Priv XSS +Info 2012-04-22 2012-08-13
4.4
None Local Medium Not required Partial Partial Partial
The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
25 CVE-2011-4613 264 Bypass 2014-02-05 2014-02-24
4.6
None Local Low Not required Partial Partial Partial
The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY.
26 CVE-2011-1829 20 2011-07-26 2011-08-01
4.3
None Remote Medium Not required None Partial None
APT before 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle attackers to install modified packages via vectors involving lack of an initial clearsigned message.
27 CVE-2009-1962 59 2009-06-07 2010-03-06
4.4
None Local Medium Not required Partial Partial Partial
Xfig, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the (1) xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID], (7) xfig-print[PID], (8) xfig-export[PID].err, (9) xfig-batch[PID], (10) xfig-exp[PID], or (11) xfig-spell.[PID] temporary files, where [PID] is a process ID.
28 CVE-2009-1573 264 +Priv 2009-05-06 2010-05-27
4.6
None Local Low Not required Partial Partial Partial
xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments.
29 CVE-2009-1073 264 2009-03-31 2009-04-08
4.9
None Local Low Not required Complete None None
nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/nss-ldapd.conf file, which allows local users to obtain a cleartext password for the LDAP server by reading the bindpw field.
30 CVE-2009-0931 79 XSS 2009-03-17 2009-03-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the tag cloud search script (horde/services/portal/cloud_search.php) in Horde before 3.2.4 and 3.3.3, and Horde Groupware before 1.1.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
31 CVE-2009-0930 79 XSS 2009-03-17 2009-04-16
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 4.2.2 and 4.3.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) smime.php, (2) pgp.php, and (3) message.php.
32 CVE-2008-3330 79 XSS 2008-07-27 2009-04-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in services/obrowser/index.php in Horde 3.2 and Turba 2.2 allows remote attackers to inject arbitrary web script or HTML via the contact name.
33 CVE-2008-3216 59 2008-07-18 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
The save function in br/prefmanager.d in projectl 1.001 creates a projectL.prf file in the current working directory, which allows local users to overwrite arbitrary files via a symlink attack.
34 CVE-2008-2137 264 DoS 2008-05-29 2012-03-19
4.4
User Local Medium Not required Partial Partial Partial
The (1) sparc_mmap_check function in arch/sparc/kernel/sys_sparc.c and the (2) sparc64_mmap_check function in arch/sparc64/kernel/sys_sparc.c, in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3, omit some virtual-address range (aka span) checks when the mmap MAP_FIXED bit is not set, which allows local users to cause a denial of service (panic) via unspecified mmap calls.
35 CVE-2006-4250 Exec Code Overflow 2007-04-10 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in man and mandb (man-db) 2.4.3 and earlier allows local users to execute arbitrary code via crafted arguments to the -H flag.
36 CVE-2006-1566 +Priv 2006-03-31 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Untrusted search path vulnerability in libtunepimp-perl 0.4.2-1 in Debian GNU/Linux includes an RPATH value under the /tmp/buildd directory for the tunepimp.so module, which might allow local users to gain privileges by installing malicious libraries in that directory.
37 CVE-2006-1565 +Priv 2006-03-31 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Untrusted search path vulnerability in libgpib-perl 3.2.06-2 in Debian GNU/Linux includes an RPATH value under the /tmp/buildd directory for the LinuxGpib.so module, which might allow local users to gain privileges by installing malicious libraries in that directory.
38 CVE-2006-1564 +Priv 2006-03-31 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
39 CVE-2005-4728 +Priv 2005-12-31 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Untrusted search path vulnerability (RPATH) in amaya 9.2.1 on Debian GNU/Linux allows local users to gain privileges via a malicious Mesa library in the /home/anand directory.
40 CVE-2005-2557 XSS 2005-09-28 2008-09-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090.
41 CVE-2005-2214 +Info 2005-07-11 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
apt-setup in Debian GNU/Linux installs the apt.conf file with insecure permissions, which allows local users to obtain sensitive information such as passwords.
42 CVE-2005-0159 2005-04-27 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
The tpkg-* scripts in the toolchain-source 3.0.4 package on Debian GNU/Linux 3.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files.
43 CVE-2005-0078 2005-05-02 2010-08-21
4.6
User Local Low Not required Partial Partial Partial
The KDE screen saver in KDE before 3.0.5 does not properly check the return value from a certain function call, which allows attackers with physical access to cause a crash and access the desktop session.
44 CVE-2005-0073 Exec Code Overflow 2005-05-02 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in queue.c in a support script for sympa 3.3.3, when running setuid, allows local users to execute arbitrary code.
45 CVE-2005-0004 2005-04-14 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.
46 CVE-2004-1001 2005-03-01 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, and possibly other versions before 4.0.5, allows local users to conduct unauthorized activities when an error from a pam_chauthtok function call is not properly handled.
47 CVE-2003-0615 XSS 2003-08-27 2013-07-21
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter.
48 CVE-2003-0440 2003-08-18 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and possibly other versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
49 CVE-2003-0382 Overflow +Priv 2003-07-02 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in Eterm 0.9.2 allows local users to gain privileges via a long ETERMPATH environment variable.
50 CVE-2003-0214 2003-05-12 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
run-mailcap in mime-support 3.22 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.
Total number of vulnerabilities : 57   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.