Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
debian dpkg vulnerabilities and exploits
(subscribe to this query)
641
VMScore
CVE-2004-2768
dpkg 1.9.21 does not properly reset the metadata of a file during replacement of the file in a package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid file, (2) setgid file, or (3) device, a related issue to CVE-2010-20...
Debian Dpkg 1.9.21
614
VMScore
CVE-2008-4950
gccross in dpkg-cross 2.3.0 allows local users to overwrite arbitrary files via a symlink attack on the tmp/gccross2.log temporary file. NOTE: the vendor disputes this vulnerability, stating that "There is no sense in this bug - the script ... is called under specific cross-...
Debian Dpkg-cross 2.3.0
645
VMScore
CVE-2014-3865
Multiple directory traversal vulnerabilities in dpkg-source in dpkg-dev 1.3.0 allow remote malicious users to modify files outside of the intended directories via a source package with a crafted Index: pseudo-header in conjunction with (1) missing --- and +++ header lines or (2) ...
Debian Dpkg-dev 1.3.0
1 EDB exploit
570
VMScore
CVE-2014-3864
Directory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 allows remote malicious users to modify files outside of the intended directories via a crafted source package that lacks a --- header line.
Debian Dpkg-dev 1.3.0
668
VMScore
CVE-2022-1664
Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-pl...
Debian Dpkg
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Netapp Ontap Select Deploy Administration Utility -
1 Github repository
890
VMScore
CVE-2009-1358
apt-get in apt prior to 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote malicious users to trick apt into installing mali...
Debian Advanced Package Tool 0.7.21
Debian Advanced Package Tool 0.7.19
Debian Advanced Package Tool 0.7.16
Debian Advanced Package Tool 0.7.15
Debian Apt 0.7.9
Debian Apt 0.7.8
Debian Advanced Package Tool 0.7.2
Debian Advanced Package Tool 0.7.1
Debian Apt 0.6.46.1
Debian Apt 0.6.46
Debian Apt 0.6.45
Debian Apt 0.6.43.2
Debian Apt 0.6.43.1
Debian Apt 0.6.40.1
Debian Apt 0.6.40
Debian Apt 0.6.33
Debian Apt 0.6.32
Debian Apt 0.6.27
Debian Apt 0.6.20
Debian Apt 0.6.19
Debian Apt 0.6.11
Debian Apt 0.6.10
383
VMScore
CVE-2018-0361
ClamAV prior to 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file.
Clamav Clamav
Debian Debian Linux 8.0
383
VMScore
CVE-2018-0360
ClamAV prior to 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c.
Clamav Clamav
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Debian Debian Linux 8.0
605
VMScore
CVE-2015-1330
unattended-upgrades prior to 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle malicious users to upload and execute arbitrary pa...
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 15.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Debian Unattended-upgrades
890
VMScore
CVE-2009-1300
apt 0.7.20 does not check when the date command returns an "invalid date" error, which can prevent apt from loading security updates in time zones for which DST occurs at midnight.
Debian Advanced Package Tool 0.7.20
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »