CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Debian » Debian Linux » 3.0 * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2007-0454 134 Exec Code 2007-02-06 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping.
2 CVE-2006-2661 476 DoS 2006-05-30 2021-04-05
5.0
None Remote Low Not required None None Partial
ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference.
3 CVE-2006-2016 79 XSS 2006-04-25 2020-11-16
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope parameter in (f) search.php; and (3) Container DN, (4) Machine Name, and (5) UID Number fields in (g) template_engine.php.
4 CVE-2006-0050 2006-03-23 2017-07-20
1.2
None Local High Not required None Partial None
snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary log file.
5 CVE-2006-0042 DoS 2006-02-18 2018-11-29
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers to cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
6 CVE-2005-4347 2005-12-31 2018-10-04
5.0
None Remote Low Not required Partial None None
The Linux 2.4 kernel patch in kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux does not correctly set the "chroot barrier" with util-vserver, which allows attackers to access files on the host system that are outside of the vserver.
7 CVE-2005-4178 Exec Code Overflow 2005-12-12 2018-10-30
6.5
None Remote Low ??? Partial Partial Partial
Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations.
8 CVE-2005-3626 399 DoS 2005-12-31 2018-10-19
5.0
None Remote Low Not required None None Partial
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.
9 CVE-2005-3625 399 DoS 2005-12-31 2018-10-19
10.0
None Remote Low Not required Complete Complete Complete
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."
10 CVE-2005-3624 189 Overflow 2005-12-31 2018-10-19
5.0
None Remote Low Not required None Partial None
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
11 CVE-2005-3323 2005-10-27 2018-10-03
7.5
None Remote Low Not required Partial Partial Partial
docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows remote attackers to include arbitrary files via include directives in RestructuredText functionality.
12 CVE-2005-1260 400 DoS 2005-05-19 2020-11-13
5.0
None Remote Low Not required None None Partial
bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").
13 CVE-2005-0211 119 DoS Exec Code Overflow 2005-05-02 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter.
14 CVE-2005-0206 Overflow 2005-04-27 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.
15 CVE-2005-0159 2005-04-27 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
The tpkg-* scripts in the toolchain-source 3.0.4 package on Debian GNU/Linux 3.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files.
16 CVE-2005-0076 Exec Code Overflow 2005-05-02 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in the XView library 3.2 may allow local users to execute arbitrary code via setuid applications that use the library.
17 CVE-2004-1340 +Info 2005-01-26 2017-07-11
2.1
None Local Low Not required Partial None None
Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the pam_radius_auth.conf set to be world-readable, which allows local users to obtain sensitive information.
18 CVE-2004-1176 DoS Exec Code 2005-04-14 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.
19 CVE-2004-1175 Exec Code 2005-04-14 2017-07-19
7.5
None Remote Low Not required Partial Partial Partial
fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters.
20 CVE-2004-1174 DoS 2005-04-14 2017-07-11
5.0
None Remote Low Not required None None Partial
direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles."
21 CVE-2004-1093 DoS 2005-04-14 2017-07-11
5.0
None Remote Low Not required None None Partial
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory."
22 CVE-2004-1092 DoS 2005-04-14 2017-07-11
5.0
None Remote Low Not required None None Partial
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory.
23 CVE-2004-1091 DoS 2005-04-14 2017-07-11
5.0
None Remote Low Not required None None Partial
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference.
24 CVE-2004-1090 DoS 2005-04-14 2017-07-11
5.0
None Remote Low Not required None None Partial
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "a corrupt section header."
25 CVE-2004-1014 DoS 2005-01-10 2018-10-19
5.0
None Remote Low Not required None None Partial
statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated.
26 CVE-2004-1009 DoS 2005-04-14 2017-07-11
5.0
None Remote Low Not required None None Partial
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.
27 CVE-2004-1005 Overflow 2005-04-14 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.
28 CVE-2004-1004 2005-04-14 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.
29 CVE-2004-0996 2005-01-10 2017-07-11
2.1
None Local Low Not required None Partial None
main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.
30 CVE-2004-0986 2005-03-01 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Iptables before 1.2.11, under certain conditions, does not properly load the required modules at system startup, which causes the firewall rules to fail to load and protect the system from remote attackers.
31 CVE-2004-0980 Exec Code 2005-02-09 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 through 3.0.11b8, when running in daemon mode with certain service types in use, allows remote servers to execute arbitrary code.
32 CVE-2004-0915 2005-01-10 2017-07-11
5.0
None Remote Low Not required Partial None None
Multiple unknown vulnerabilities in viewcvs before 0.9.2, when exporting a repository as a tar archive, does not properly implement the hide_cvsroot and forbidden settings, which could allow remote attackers to gain sensitive information.
33 CVE-2004-0889 DoS Exec Code Overflow 2005-01-27 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.
34 CVE-2004-0888 DoS Exec Code Overflow 2005-01-27 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.
35 CVE-2004-0837 DoS 2004-11-03 2019-12-17
2.6
None Remote High Not required None None Partial
MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs.
36 CVE-2004-0836 119 DoS Exec Code Overflow 2004-11-03 2019-12-17
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).
37 CVE-2004-0835 2004-11-03 2019-10-07
7.5
None Remote Low Not required Partial Partial Partial
MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.
38 CVE-2004-0833 2004-12-23 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a Sendmail configuration script with a fixed username and password, which could allow remote attackers to use Sendmail as an open mail relay and send spam messages.
39 CVE-2004-0770 2005-01-10 2017-07-11
2.1
None Local Low Not required None Partial None
romload.c in DGen Emulator 1.23 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files during decompression of (1) gzip or (2) bzip ROM files.
40 CVE-2004-0643 415 Exec Code 2004-09-28 2021-02-02
4.6
None Local Low Not required Partial Partial Partial
Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code.
41 CVE-2004-0642 415 Exec Code 2004-09-28 2021-02-02
7.5
None Remote Low Not required Partial Partial Partial
Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code.
42 CVE-2004-0583 2004-08-06 2017-07-11
5.0
None Remote Low Not required Partial None None
The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords.
43 CVE-2004-0579 Exec Code 2004-08-06 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Format string vulnerability in super before 3.23 allows local users to execute arbitrary code as root.
44 CVE-2004-0564 2004-12-23 2017-07-11
2.1
None Local Low Not required None Partial None
Roaring Penguin pppoe (rp-ppoe), if installed or configured to run setuid root contrary to its design, allows local users to overwrite arbitrary files. NOTE: the developer has publicly disputed the claim that this is a vulnerability because pppoe "is NOT designed to run setuid-root." Therefore this identifier applies *only* to those configurations and installations under which pppoe is run setuid root despite the developer's warnings.
45 CVE-2004-0522 Bypass 2004-08-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Gallery 1.4.3 and earlier allows remote attackers to bypass authentication and obtain Gallery administrator privileges.
46 CVE-2004-0456 Exec Code Overflow 2004-12-06 2017-07-11
7.6
None Remote High Not required Complete Complete Complete
Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly other versions allows remote web sites to execute arbitrary code via a long HTTP Location header.
47 CVE-2004-0455 120 Exec Code Overflow 2004-12-06 2020-12-09
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in cgi.c in www-sql before 0.5.7 allows local users to execute arbitrary code via a web page that is processed by www-sql.
48 CVE-2004-0451 Exec Code 2004-12-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple format string vulnerabilities in the (1) logquit, (2) logerr, or (3) loginfo functions in Software Upgrade Protocol (SUP) allows remote attackers to execute arbitrary code via format string specifiers in messages that are logged by syslog.
49 CVE-2004-0434 787 Exec Code Overflow 2004-07-07 2020-11-16
10.0
None Remote Low Not required Complete Complete Complete
k5admind (kadmind) for Heimdal allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request whose framing length is less than 2, which leads to a heap-based buffer overflow.
50 CVE-2004-0398 787 Exec Code Overflow 2004-07-07 2020-10-09
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the client.
Total number of vulnerabilities : 64   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.