Vulnerabilities (CVE)

Filtered by vendor Debian Subscribe
Total 9295 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-5511 3 Canonical, Debian, Mozilla 5 Ubuntu Linux, Debian Linux, Firefox and 2 more 2025-04-09 4.3 MEDIUM N/A
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting (XSS) attacks via an XBL binding to an "unloaded document."
CVE-2007-0994 2 Debian, Mozilla 3 Debian Linux, Firefox, Seamonkey 2025-04-09 6.8 MEDIUM N/A
A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges.
CVE-2009-1891 5 Apache, Canonical, Debian and 2 more 9 Http Server, Ubuntu Linux, Debian Linux and 6 more 2025-04-09 7.1 HIGH N/A
The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
CVE-2008-2812 7 Avaya, Canonical, Debian and 4 more 15 Communication Manager, Expanded Meet-me Conferencing, Intuity Audix Lx and 12 more 2025-04-09 7.2 HIGH 7.8 HIGH
The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.
CVE-2007-6415 1 Debian 1 Debian Linux 2025-04-09 8.5 HIGH N/A
scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute arbitrary code by invoking scp, as implemented by OpenSSH, with the -F and -o options.
CVE-2009-3939 7 Avaya, Canonical, Debian and 4 more 18 Aura Application Enablement Services, Aura Communication Manager, Aura Session Manager and 15 more 2025-04-09 6.6 MEDIUM 7.1 HIGH
The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.
CVE-2009-0115 8 Avaya, Christophe.varoqui, Debian and 5 more 11 Intuity Audix Lx, Message Networking, Messaging Storage Server and 8 more 2025-04-09 7.2 HIGH 7.8 HIGH
The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.
CVE-2008-3930 1 Debian 1 Citadel Server 2025-04-09 6.9 MEDIUM N/A
migrate_aliases.sh in Citadel Server 7.37 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
CVE-2006-6942 2 Debian, Phpmyadmin 2 Debian Linux, Phpmyadmin 2025-04-09 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the newname parameter to db_operations.php, the (4) query_history_latest, (5) query_history_latest_db, and (6) querydisplay_tab parameters to (c) querywindow.php, and (7) the pos parameter to (d) sql.php.
CVE-2008-0932 3 Debian, Redhat, The Sword Project 4 Debian Linux, Fedora, Diatheke Front End and 1 more 2025-04-09 7.5 HIGH N/A
diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the range parameter.
CVE-2008-0302 1 Debian 1 Apt-listchanges 2025-04-09 7.2 HIGH N/A
Untrusted search path vulnerability in apt-listchanges.py in apt-listchanges before 2.82 allows local users to execute arbitrary code via a malicious apt-listchanges program in the current working directory.
CVE-2008-5018 3 Canonical, Debian, Mozilla 5 Ubuntu Linux, Debian Linux, Firefox and 2 more 2025-04-09 10.0 HIGH N/A
The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to "insufficient class checking" in the Date class.
CVE-2008-5140 1 Debian 1 Mailscanner 2025-04-09 6.9 MEDIUM N/A
trend-autoupdate.new in mailscanner 4.55.10 and other versions before 4.74.16-1 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/opr.ini.##### or (2) /tmp/lpt*.zip temporary file.
CVE-2009-0932 1 Debian 2 Horde, Horde Groupware 2025-04-09 6.4 MEDIUM N/A
Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.
CVE-2009-1073 1 Debian 2 Debian Linux, Nss-ldap 2025-04-09 4.9 MEDIUM 5.5 MEDIUM
nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/nss-ldapd.conf file, which allows local users to obtain a cleartext password for the LDAP server by reading the bindpw field.
CVE-2007-5795 2 Debian, Gnu 2 Debian Linux, Emacs 2025-04-09 6.3 MEDIUM N/A
The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration.
CVE-2008-0411 6 Debian, Ghostscript, Mandrakesoft and 3 more 14 Debian Linux, Ghostscript, Mandrake Linux and 11 more 2025-04-09 6.8 MEDIUM N/A
Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator.
CVE-2009-1962 2 Debian, Xfig 2 Debian Linux, Xfig 2025-04-09 4.4 MEDIUM N/A
Xfig, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the (1) xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID], (7) xfig-print[PID], (8) xfig-export[PID].err, (9) xfig-batch[PID], (10) xfig-exp[PID], or (11) xfig-spell.[PID] temporary files, where [PID] is a process ID.
CVE-2008-1945 6 Canonical, Debian, Opensuse and 3 more 9 Ubuntu Linux, Debian Linux, Opensuse and 6 more 2025-04-09 2.1 LOW N/A
QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004.
CVE-2007-3409 3 Canonical, Debian, Net-dns 3 Ubuntu Linux, Debian Linux, Net\ 2025-04-09 4.3 MEDIUM 7.5 HIGH
Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop.