Filtered by vendor Debian
Subscribe
Total
9287 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1664 | 2 Debian, Ekg | 2 Debian Linux, Ekg | 2025-04-09 | 5.0 MEDIUM | N/A |
| ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service (NULL pointer dereference) via a vector related to the token OCR functionality. | |||||
| CVE-2009-1961 | 5 Canonical, Debian, Linux and 2 more | 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more | 2025-04-09 | 1.9 LOW | 4.7 MEDIUM |
| The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local users to cause a denial of service (prevention of file creation and removal) via a series of splice system calls that trigger a deadlock between the generic_file_splice_write, splice_from_pipe, and ocfs2_file_splice_write functions. | |||||
| CVE-2006-7098 | 1 Debian | 1 Apache | 2025-04-09 | 6.6 MEDIUM | N/A |
| The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl. | |||||
| CVE-2008-3928 | 1 Debian | 1 Honeyd Common | 2025-04-09 | 6.9 MEDIUM | N/A |
| test.sh in Honeyd 1.5c might allow local users to overwrite arbitrary files via a symlink attack on a temporary file. | |||||
| CVE-2009-0949 | 5 Apple, Canonical, Debian and 2 more | 7 Cups, Mac Os X, Mac Os X Server and 4 more | 2025-04-09 | 5.0 MEDIUM | 7.5 HIGH |
| The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags. | |||||
| CVE-2007-2837 | 2 Debian, Fireflier | 2 Debian Linux, Fireflier | 2025-04-09 | 3.6 LOW | N/A |
| The (1) getRule and (2) getChains functions in server/rules.cpp in fireflierd (fireflier-server) in FireFlier 1.1.6 allow local users to overwrite arbitrary files via a symlink attack on the /tmp/fireflier.rules temporary file. | |||||
| CVE-2007-2443 | 3 Canonical, Debian, Mit | 3 Ubuntu Linux, Debian Linux, Kerberos 5 | 2025-04-09 | 8.3 HIGH | N/A |
| Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value. | |||||
| CVE-2008-4359 | 2 Debian, Lighttpd | 2 Debian Linux, Lighttpd | 2025-04-09 | 7.5 HIGH | N/A |
| lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data. | |||||
| CVE-2007-2875 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2025-04-09 | 2.1 LOW | N/A |
| Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file. | |||||
| CVE-2008-3831 | 3 Debian, Linux, Openbsd | 3 Linux, Linux Kernel, Linux | 2025-04-09 | 4.7 MEDIUM | N/A |
| The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel 2.6.24 on Debian GNU/Linux and (2) sys/dev/pci/drm/i915_drv.c in OpenBSD does not restrict the DRM_I915_HWS_ADDR ioctl to the Direct Rendering Manager (DRM) master, which allows local users to cause a denial of service (memory corruption) via a crafted ioctl call, related to absence of the DRM_MASTER and DRM_ROOT_ONLY flags in the ioctl's configuration. | |||||
| CVE-2007-2797 | 3 Debian, Redhat, Xterm | 3 Debian Linux, Enterprise Linux, Xterm | 2025-04-09 | 2.1 LOW | N/A |
| xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in Debian GNU/Linux, sets the wrong group ownership of tty devices, which allows local users to write data to other users' terminals. | |||||
| CVE-2008-4406 | 1 Debian | 1 Xsabre | 2025-04-09 | 7.2 HIGH | N/A |
| A certain Debian patch to the run scripts for sabre (aka xsabre) 0.2.4b allows local users to delete or overwrite arbitrary files via a symlink attack on unspecified .tmp files. | |||||
| CVE-2007-1663 | 2 Debian, Ekg | 2 Debian Linux, Ekg | 2025-04-09 | 5.0 MEDIUM | N/A |
| Memory leak in the image message functionality in ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service. | |||||
| CVE-2008-3281 | 7 Apple, Canonical, Debian and 4 more | 11 Iphone Os, Safari, Ubuntu Linux and 8 more | 2025-04-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document. | |||||
| CVE-2008-0166 | 3 Canonical, Debian, Openssl | 3 Ubuntu Linux, Debian Linux, Openssl | 2025-04-09 | 7.8 HIGH | 7.5 HIGH |
| OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys. | |||||
| CVE-2007-4476 | 3 Canonical, Debian, Gnu | 3 Ubuntu Linux, Debian Linux, Tar | 2025-04-09 | 7.5 HIGH | N/A |
| Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack." | |||||
| CVE-2009-1185 | 7 Canonical, Debian, Fedoraproject and 4 more | 9 Ubuntu Linux, Debian Linux, Fedora and 6 more | 2025-04-09 | 7.2 HIGH | N/A |
| udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space. | |||||
| CVE-2007-3798 | 6 Apple, Canonical, Debian and 3 more | 7 Mac Os X, Mac Os X Server, Ubuntu Linux and 4 more | 2025-04-09 | 6.8 MEDIUM | 9.8 CRITICAL |
| Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value. | |||||
| CVE-2008-2726 | 3 Canonical, Debian, Ruby-lang | 3 Ubuntu Linux, Debian Linux, Ruby | 2025-04-09 | 7.8 HIGH | N/A |
| Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg + rlen" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change. | |||||
| CVE-2007-1864 | 4 Canonical, Debian, Php and 1 more | 5 Ubuntu Linux, Debian Linux, Php and 2 more | 2025-04-09 | 7.5 HIGH | N/A |
| Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors. | |||||