| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2012-2387 |
200 |
|
+Info |
2012-08-20 |
2012-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
devotee 0.1 patch 2 uses a 32-bit seed for generating 48-bit random numbers, which makes it easier for remote attackers to obtain the secret monikers via a brute force attack. |
|
2 |
CVE-2012-0698 |
119 |
1
|
DoS Overflow |
2012-11-26 |
2013-04-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
tcsd in TrouSerS before 0.3.10 allows remote attackers to cause a denial of service (daemon crash) via a crafted type_offset value in a TCP packet to port 30003. |
|
3 |
CVE-2010-0396 |
22 |
|
Dir. Trav. |
2010-03-15 |
2010-03-26 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive. |
|
4 |
CVE-2009-1341 |
200 |
|
DoS +Info |
2009-04-30 |
2012-01-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Memory leak in the dequote_bytea function in quote.c in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows context-dependent attackers to cause a denial of service (memory consumption) by fetching data with BYTEA columns. |
|
5 |
CVE-2008-1902 |
|
|
|
2008-04-22 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The GUI for aptlinex before 0.91 does not sufficiently warn the user of potentially dangerous actions, which allows remote attackers to remove or modify packages via an apt:// URL. |
|
6 |
CVE-2007-6284 |
399 |
|
DoS |
2008-01-11 |
2010-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences. |
|
7 |
CVE-2007-4739 |
264 |
|
|
2007-09-06 |
2009-02-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
reprepro 1.3.0 through 2.2.3 does not properly verify signatures when updating repositories, which allows remote attackers to construct and distribute an ostensibly valid Release.gpg file by signing it with an unknown key, related to the update command. |
|
8 |
CVE-2005-4347 |
|
|
|
2005-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Linux 2.4 kernel patch in kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux does not correctly set the "chroot barrier" with util-vserver, which allows attackers to access files on the host system that are outside of the vserver. |
|
9 |
CVE-2005-3624 |
189 |
|
Overflow |
2005-12-31 |
2010-11-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. |
|
10 |
CVE-2004-1180 |
|
|
DoS |
2004-02-16 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on little endian architectures, allows remote attackers to cause a denial of service (application crash). |
|
11 |
CVE-2004-1174 |
|
|
DoS |
2005-04-14 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles." |
|
12 |
CVE-2004-1145 |
|
|
Bypass |
2004-12-15 |
2010-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary files. |
|
13 |
CVE-2004-1142 |
|
|
DoS |
2004-12-15 |
2010-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed SMB packet. |
|
14 |
CVE-2004-1139 |
|
|
DoS |
2004-12-15 |
2010-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 allows remote attackers to cause a denial of service (application crash). |
|
15 |
CVE-2004-1093 |
|
|
DoS |
2005-04-14 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory." |
|
16 |
CVE-2004-1092 |
|
|
DoS |
2005-04-14 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory. |
|
17 |
CVE-2004-1091 |
|
|
DoS |
2005-04-14 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference. |
|
18 |
CVE-2004-1090 |
|
|
DoS |
2005-04-14 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "a corrupt section header." |
|
19 |
CVE-2004-1014 |
|
|
DoS |
2005-01-10 |
2010-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated. |
|
20 |
CVE-2004-1009 |
|
|
DoS |
2005-04-14 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors. |
|
21 |
CVE-2004-0915 |
|
|
|
2005-01-10 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Multiple unknown vulnerabilities in viewcvs before 0.9.2, when exporting a repository as a tar archive, does not properly implement the hide_cvsroot and forbidden settings, which could allow remote attackers to gain sensitive information. |
|
22 |
CVE-2004-0911 |
|
|
DoS |
2004-11-03 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
telnetd for netkit 0.17 and earlier, and possibly other versions, on Debian GNU/Linux allows remote attackers to cause a denial of service (free of an invalid pointer), a different vulnerability than CVE-2001-0554. |
|
23 |
CVE-2004-0583 |
|
|
|
2004-08-06 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords. |
|
24 |
CVE-2003-0362 |
|
|
DoS Overflow |
2003-06-09 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in gPS before 0.10.2 may allow local users to cause a denial of service (SIGSEGV) in rgpsp via long command lines. |
|
25 |
CVE-2002-1581 |
|
|
Dir. Trav. |
2004-12-06 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in nph-mr.cgi in Mailreader.com 2.3.20 through 2.3.31 allows remote attackers to view arbitrary files via .. (dot dot) sequences and a null byte (%00) in the configLanguage parameter. |
|
26 |
CVE-2002-1232 |
|
|
DoS |
2002-11-04 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist. |
|
27 |
CVE-2002-0912 |
|
|
DoS Overflow |
2002-10-04 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
in.uucpd UUCP server in Debian GNU/Linux 2.2, and possibly other operating systems, does not properly terminate long strings, which allows remote attackers to cause a denial of service, possibly due to a buffer overflow. |
|
28 |
CVE-2001-0977 |
|
|
DoS |
2001-07-16 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field. |
|
29 |
CVE-2001-0738 |
|
|
DoS |
2001-10-18 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
LogLine function in klogd in sysklogd 1.3 in various Linux distributions allows an attacker to cause a denial of service (hang) by causing null bytes to be placed in log messages. |
|
30 |
CVE-2001-0457 |
|
|
DoS |
2001-06-27 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
man2html before 1.5-22 allows remote attackers to cause a denial of service (memory exhaustion). |
|
31 |
CVE-2001-0136 |
|
|
DoS |
2001-03-12 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed. |
|
32 |
CVE-2000-0513 |
|
|
DoS |
2000-06-21 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service by authenticating with a user name that does not exist or does not have a shadow password. |
|
33 |
CVE-2000-0512 |
|
|
DoS |
2000-06-16 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
CUPS (Common Unix Printing System) 1.04 and earlier does not properly delete request files, which allows a remote attacker to cause a denial of service. |
|
34 |
CVE-2000-0511 |
|
|
DoS |
2000-06-21 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service via a CGI POST request. |
|
35 |
CVE-2000-0510 |
|
|
DoS |
2000-06-21 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service via a malformed IPP request. |
|
36 |
CVE-2000-0508 |
|
|
DoS |
1994-12-19 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
rpc.lockd in Red Hat Linux 6.1 and 6.2 allows remote attackers to cause a denial of service via a malformed request. |
|
37 |
CVE-2000-0315 |
|
|
|
2001-03-12 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
traceroute in NetBSD 1.3.3 and Linux systems allows local unprivileged users to modify the source address of the packets, which could be used in spoofing attacks. |
|
38 |
CVE-2000-0314 |
|
|
|
2001-03-12 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
traceroute in NetBSD 1.3.3 and Linux systems allows local users to flood other systems by providing traceroute with a large waittime (-w) option, which is not parsed properly and sets the time delay for sending packets to zero. |
|
39 |
CVE-2000-0289 |
|
|
|
2000-03-27 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IP masquerading in Linux 2.2.x allows remote attackers to route UDP packets through the internal interface by modifying the external source IP address and port number to match those of an established connection. |
|
40 |
CVE-1999-0986 |
|
|
DoS |
1999-12-08 |
2008-09-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option. |
|
41 |
CVE-1999-0939 |
|
|
DoS |
1999-08-26 |
2008-09-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Denial of service in Debian IRC Epic/epic4 client via a long string. |
|
42 |
CVE-1999-0831 |
|
|
DoS |
1999-11-19 |
2008-09-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Denial of service in Linux syslogd via a large number of connections. |
|
43 |
CVE-1999-0804 |
|
|
DoS |
1999-06-01 |
2008-09-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, and IP header lengths. |
|
44 |
CVE-1999-0742 |
|
|
+Priv |
1999-06-22 |
2008-09-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Debian mailman package uses weak authentication, which allows attackers to gain privileges. |
|
45 |
CVE-1999-0678 |
|
|
|
1999-01-17 |
2008-09-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server. |
