Vulnerabilities (CVE)

Filtered by vendor Debian Subscribe
Total 9011 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2005-3120 2 Debian, Invisible-island 2 Debian Linux, Lynx 2024-11-21 7.5 HIGH 9.8 CRITICAL
Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.
CVE-2005-3111 1 Debian 1 Backupninja 2024-11-21 2.1 LOW N/A
The handler code for backupninja 0.8 and earlier creates temporary files with predictable filenames, which allows local users to modify arbitrary files via a symlink attack.
CVE-2005-3106 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2024-11-21 1.2 LOW 4.7 MEDIUM
Race condition in Linux 2.6, when threads are sharing memory mapping via CLONE_VM (such as linuxthreads and vfork), might allow local users to cause a denial of service (deadlock) by triggering a core dump while waiting for a thread that has just performed an exec.
CVE-2005-3055 2 Debian, Linux 2 Debian Linux, Linux Kernel 2024-11-21 2.1 LOW N/A
Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial of service (kernel OOPS) via a userspace process that issues a USB Request Block (URB) to a USB device and terminates before the URB is finished, which leads to a stale pointer reference.
CVE-2005-2960 2 Debian, Gnu 2 Debian Linux, Cfengine 2024-11-21 2.1 LOW N/A
cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137.
CVE-2005-2700 3 Apache, Canonical, Debian 3 Http Server, Ubuntu Linux, Debian Linux 2024-11-21 10.0 HIGH N/A
ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.
CVE-2005-2557 3 Debian, Gentoo, Mantis 3 Debian Linux, Linux, Mantis 2024-11-20 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090.
CVE-2005-2555 2 Debian, Linux 2 Debian Linux, Linux Kernel 2024-11-20 4.6 MEDIUM N/A
Linux kernel 2.6.x does not properly restrict socket policy access to users with the CAP_NET_ADMIN capability, which could allow local users to conduct unauthorized activities via (1) ipv4/ip_sockglue.c and (2) ipv6/ipv6_sockglue.c.
CVE-2005-2498 2 Debian, Gggeek 2 Debian Linux, Phpxmlrpc 2024-11-20 7.5 HIGH N/A
Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921.
CVE-2005-2459 2 Debian, Linux 2 Debian Linux, Linux Kernel 2024-11-20 5.0 MEDIUM N/A
The huft_build function in inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 returns the wrong value, which allows remote attackers to cause a denial of service (kernel crash) via a certain compressed file that leads to a null pointer dereference, a different vulnerability than CVE-2005-2458.
CVE-2005-2456 2 Debian, Linux 2 Debian Linux, Linux Kernel 2024-11-20 2.1 LOW 5.5 MEDIUM
Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c in Linux kernel 2.6 allows local users to cause a denial of service (oops or deadlock) and possibly execute arbitrary code via a p->dir value that is larger than XFRM_POLICY_OUT, which is used as an index in the sock->sk_policy array.
CVE-2005-2351 2 Debian, Mutt 2 Debian Linux, Mutt 2024-11-20 2.1 LOW 5.5 MEDIUM
Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files.
CVE-2005-2214 1 Debian 1 Apt-setup 2024-11-20 4.6 MEDIUM N/A
apt-setup in Debian GNU/Linux installs the apt.conf file with insecure permissions, which allows local users to obtain sensitive information such as passwords.
CVE-2005-2088 2 Apache, Debian 2 Http Server, Debian Linux 2024-11-20 4.3 MEDIUM N/A
The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
CVE-2005-1921 5 Debian, Drupal, Gggeek and 2 more 5 Debian Linux, Drupal, Phpxmlrpc and 2 more 2024-11-20 7.5 HIGH N/A
Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.
CVE-2005-1920 2 Debian, Kde 2 Debian Linux, Kde 2024-11-20 5.0 MEDIUM 7.5 HIGH
The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could allow local users and possibly remote attackers to obtain sensitive information.
CVE-2005-1916 2 Debian, Ekg Project 2 Debian Linux, Ekg 2024-11-20 2.1 LOW 5.5 MEDIUM
linki.py in ekg 2005-06-05 and earlier allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
CVE-2005-1855 2 Debian, Sukria 2 Debian Linux, Backup Manager 2024-11-20 2.1 LOW N/A
Backup Manager (backup-manager) before 0.5.8 creates backup files with world-readable default permissions, which allows local users to obtain sensitive information.
CVE-2005-1854 1 Debian 1 Apt-cacher 2024-11-20 7.5 HIGH N/A
Unknown vulnerability in apt-cacher in Debian 3.1, related to "missing input sanitising," allows remote attackers to execute arbitrary commands on the caching server.
CVE-2005-1796 2 Debian, Ettercap 2 Debian Linux, Ettercap 2024-11-20 7.5 HIGH N/A
Format string vulnerability in the curses_msg function in the Ncurses interface (ec_curses.c) for Ettercap before 0.7.3 allows remote attackers to execute arbitrary code.