CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Debian : Security Vulnerabilities (Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-6273 119 DoS Exec Code Overflow 2014-09-30 2014-10-16
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL.
2 CVE-2014-3686 20 Exec Code 2014-10-15 2014-11-13
6.8
None Remote Medium Not required Partial Partial Partial
wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame.
3 CVE-2014-3564 119 DoS Exec Code Overflow 2014-10-20 2014-11-05
6.8
None Remote Medium Not required Partial Partial Partial
Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "different line lengths in a specific order."
4 CVE-2014-0490 20 Exec Code 2014-11-03 2014-11-04
7.5
None Remote Low Not required Partial Partial Partial
The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package.
5 CVE-2014-0489 20 Exec Code 2014-11-03 2014-11-04
7.5
None Remote Low Not required Partial Partial Partial
APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package.
6 CVE-2014-0479 94 Exec Code 2014-08-06 2014-08-07
6.8
None Remote Medium Not required Partial Partial Partial
reportbug before 6.4.4+deb7u1 and 6.5.x before 6.5.0+nmu1 allows remote attackers to execute arbitrary commands via vectors related to compare_versions and reportbug/checkversions.py.
7 CVE-2014-0469 119 Exec Code Overflow 2014-05-05 2014-05-31
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in a certain Debian patch for xbuffy before 3.3.bl.3.dfsg-9 allows remote attackers to execute arbitrary code via the subject of an email, possibly related to indent subject lines.
8 CVE-2013-6475 189 Exec Code Overflow 2014-03-14 2014-03-17
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers a heap-based buffer overflow.
9 CVE-2013-6474 119 Exec Code Overflow 2014-03-14 2014-03-17
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file.
10 CVE-2013-4852 189 DoS Exec Code Overflow 2013-08-19 2013-09-11
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow.
11 CVE-2013-4565 119 DoS Exec Code Overflow 2014-04-25 2014-04-25
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the __OLEdecode function in ppthtml 0.5.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .ppt file.
12 CVE-2013-4243 119 DoS Exec Code Overflow 2013-09-10 2014-03-05
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image.
13 CVE-2013-4234 119 DoS Exec Code Overflow Mem. Corr. 2013-09-16 2013-09-25
6.8
None Remote Medium Not required Partial Partial Partial
Multiple heap-based buffer overflows in the (1) abc_MIDI_drum and (2) abc_MIDI_gchord functions in load_abc.cpp in libmodplug 0.8.8.4 and earlier allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted ABC.
14 CVE-2013-4233 189 DoS Exec Code Overflow 2013-09-16 2013-09-25
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the abc_set_parts function in load_abc.cpp in libmodplug 0.8.8.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted P header in an ABC file, which triggers a heap-based buffer overflow.
15 CVE-2013-4232 399 DoS Exec Code 2013-09-10 2014-03-05
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) or possible execute arbitrary code via a crafted TIFF image.
16 CVE-2013-1049 119 DoS Exec Code Overflow 2013-03-13 2013-03-19
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the RFC1413 (ident) client in cfingerd 1.4.3-3 allows remote IDENT servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted response.
17 CVE-2013-0251 119 DoS Exec Code Overflow 2013-03-19 2013-03-21
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in llogincircuit.cc in latd 1.25 through 1.30 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the llogin version.
18 CVE-2011-1400 16 Exec Code 2011-03-25 2011-09-07
6.8
None Remote Medium Not required Partial Partial Partial
The default configuration of the shell_escape_commands directive in conf/texmf.d/95NonPath.cnf in the tex-common package before 2.08.1 in Debian GNU/Linux squeeze, Ubuntu 10.10 and 10.04 LTS, and possibly other operating systems lists certain programs, which might allow remote attackers to execute arbitrary code via a crafted TeX document.
19 CVE-2009-4015 89 Exec Code Sql 2010-02-02 2010-02-04
7.5
None Remote Low Not required Partial Partial Partial
Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments.
20 CVE-2008-1673 119 DoS Exec Code Overflow 2008-06-09 2012-11-26
10.0
None Remote Low Not required Complete Complete Complete
The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow; (2) an oid length of zero, which can lead to an off-by-one error; or (3) an indefinite length for a primitive encoding.
21 CVE-2008-0302 94 Exec Code 2008-01-16 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Untrusted search path vulnerability in apt-listchanges.py in apt-listchanges before 2.82 allows local users to execute arbitrary code via a malicious apt-listchanges program in the current working directory.
22 CVE-2007-6610 Exec Code 2008-01-03 2008-11-15
10.0
None Remote Low Not required Complete Complete Complete
unp 1.0.12, and other versions before 1.0.14, does not properly escape file names, which might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument. NOTE: this might only be a vulnerability when unp is invoked by a third party product.
23 CVE-2007-6415 94 Exec Code Bypass 2008-01-24 2008-09-05
8.5
None Remote Low Single system Complete Complete None
scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute arbitrary code by invoking scp, as implemented by OpenSSH, with the -F and -o options.
24 CVE-2007-5365 119 1 DoS Exec Code Overflow 2007-10-11 2011-08-02
7.2
None Local Low Not required Complete Complete Complete
Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU.
25 CVE-2007-2839 Exec Code 2007-07-05 2008-11-15
7.2
Admin Local Low Not required Complete Complete Complete
gfax 0.4.2 and probably other versions creates temporary files insecurely, which allows local users to execute arbitrary commands via unknown vectors.
26 CVE-2007-2834 189 Exec Code Overflow 2007-09-18 2011-10-11
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow.
27 CVE-2007-0454 Exec Code 2007-02-05 2010-09-15
7.5
User Remote Low Not required Partial Partial Partial
Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping.
28 CVE-2006-4250 Exec Code Overflow 2007-04-10 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in man and mandb (man-db) 2.4.3 and earlier allows local users to execute arbitrary code via crafted arguments to the -H flag.
29 CVE-2005-1854 Exec Code 2005-08-05 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Unknown vulnerability in apt-cacher in Debian 3.1, related to "missing input sanitising," allows remote attackers to execute arbitrary commands on the caching server.
30 CVE-2005-0392 Exec Code 2005-05-19 2008-11-15
7.2
Admin Local Low Not required Complete Complete Complete
ppxp does not drop root privileges before opening log files, which allows local users to execute arbitrary commands.
31 CVE-2005-0107 Exec Code 2005-02-25 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
bsmtpd 2.3 and earlier does not properly sanitize e-mail addresses, which allows remote attackers to execute arbitrary commands.
32 CVE-2005-0076 Exec Code Overflow 2005-05-02 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Multiple buffer overflows in the XView library 3.2 may allow local users to execute arbitrary code via setuid applications that use the library.
33 CVE-2005-0073 Exec Code Overflow 2005-05-02 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in queue.c in a support script for sympa 3.3.3, when running setuid, allows local users to execute arbitrary code.
34 CVE-2005-0005 Exec Code Overflow 2005-05-02 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.
35 CVE-2004-1176 DoS Exec Code 2005-04-14 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.
36 CVE-2004-1175 Exec Code 2005-04-14 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
fish.c in midnight commander allows remote attackers execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters.
37 CVE-2004-1095 Exec Code Overflow 2005-01-10 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple integer overflows in (1) readbmp.c, (2) readgif.c, (3) readgif.c, (4) readmrf.c, (5) readpcx.c, (6) readpng.c,(7) readpnm.c, (8) readprf.c, (9) readtiff.c, (10) readxbm.c, (11) readxpm.c in zgv 5.8 allow remote attackers to execute arbitrary code via certain image headers that cause calculations to be overflowed and small buffers to be allocated, leading to buffer overflows. NOTE: CVE-2004-0994 and CVE-2004-1095 identify sets of bugs that only partially overlap, despite having the same developer. Therefore, they should be regarded as distinct.
38 CVE-2004-1076 Exec Code Overflow 2005-01-10 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Multiple buffer overflows in the RtConfigLoad function in rt-config.c for Atari800 before 1.3.4 allow local users to execute arbitrary code via large values in the configuration file.
39 CVE-2004-1052 Exec Code Overflow 2005-03-01 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the getnickuserhost function in BNC 2.8.9, and possibly other versions, allows remote IRC servers to execute arbitrary code via an IRC server response that contains many (1) ! (exclamation) or (2) @ (at sign) characters.
40 CVE-2004-1051 Exec Code 2005-03-01 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.
41 CVE-2004-0994 Exec Code Overflow 2005-01-10 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple integer overflows in xzgv 0.8 and earlier allow remote attackers to execute arbitrary code via images with large width and height values, which trigger a heap-based buffer overflow, as demonstrated in the read_prf_file function in readprf.c. NOTE: CVE-2004-0994 and CVE-2004-1095 identify sets of bugs that only partially overlap, despite having the same developer. Therefore, they should be regarded as distinct.
42 CVE-2004-0981 Exec Code Overflow 2005-02-09 2010-08-21
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain image file.
43 CVE-2004-0980 Exec Code 2005-02-09 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 through 3.0.11b8, when running in daemon mode with certain service types in use, allows remote servers to execute arbitrary code.
44 CVE-2004-0964 Exec Code Overflow 2005-02-09 2011-09-21
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for Linux, allows remote attackers or local users to execute arbitrary code via certain values in a .pls file.
45 CVE-2004-0889 DoS Exec Code Overflow 2005-01-27 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.
46 CVE-2004-0888 DoS Exec Code Overflow 2005-01-27 2013-08-28
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.
47 CVE-2004-0793 264 Exec Code 2004-10-20 2013-01-11
7.2
Admin Local Low Not required Complete Complete Complete
The calendar program in bsdmainutils 6.0 through 6.0.14 does not drop root privileges when executed with the -a flag, which allows attackers to execute arbitrary commands via a calendar event file.
48 CVE-2004-0579 Exec Code 2004-08-06 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Format string vulnerability in super before 3.23 allows local users to execute arbitrary code as root.
49 CVE-2004-0456 Exec Code Overflow 2004-12-06 2008-09-10
7.6
Admin Remote High Not required Complete Complete Complete
Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly other versions allows remote web sites to execute arbitrary code via a long HTTP Location header.
50 CVE-2004-0451 Exec Code 2004-12-06 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple format string vulnerabilities in the (1) logquit, (2) logerr, or (3) loginfo functions in Software Upgrade Protocol (SUP) allows remote attackers to execute arbitrary code via format string specifiers in messages that are logged by syslog.
Total number of vulnerabilities : 72   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.