debian vulnerabilities and exploits

6.5
CVSSv2
CVE-2013-7325

An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball....

5
CVSSv2
CVE-2015-7542

An issue exists in libgwenhywfar through 4.12.0 due to the usage of outdated bundled CA certificates....

1.9
CVSSv2
CVE-2014-3591

Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the...

GnupgLibgcryptDebianDebian Linux
4
CVSSv2
CVE-2011-4350

Yaws 1.91 has a directory traversal vulnerability in the way certain URLs are processed. A remote authenticated user could use this flaw to obtain content of arbitrary local files via specially-crafted URL request....

YawsDebianDebian Linux
3.6
CVSSv2
CVE-2011-3632

Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks....

6.8
CVSSv2
CVE-2011-3631

Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to be used. A remote attacker could provide a specially-crafted directory tree and...

6.8
CVSSv2
CVE-2011-3630

Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow flaws because of the way directory trees with deeply nested directories are processed. A remote attacker could provide a specially-crafted directory tree, and trick the local user into consolidating it,...

4.3
CVSSv2
CVE-2011-3374

It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack....

DebianAptDebian Linux
5
CVSSv2
CVE-2011-3596

Polipo before 1.0.4.1 suffers from a DoD vulnerability via specially-crafted HTTP POST / PUT request....

9
CVSSv2
CVE-2012-6639

An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data....