Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dpkg vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv2
CVE-2004-2768
dpkg 1.9.21 does not properly reset the metadata of a file during replacement of the file in a package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid file, (2) setgid file, or (3) device, a related issue to CVE-2010-20...
Debian Dpkg 1.9.21
6.9
CVSSv2
CVE-2008-4950
gccross in dpkg-cross 2.3.0 allows local users to overwrite arbitrary files via a symlink attack on the tmp/gccross2.log temporary file. NOTE: the vendor disputes this vulnerability, stating that "There is no sense in this bug - the script ... is called under specific cross-...
Debian Dpkg-cross 2.3.0
6.4
CVSSv2
CVE-2014-3864
Directory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 allows remote malicious users to modify files outside of the intended directories via a crafted source package that lacks a --- header line.
Debian Dpkg-dev 1.3.0
6.4
CVSSv2
CVE-2014-3865
Multiple directory traversal vulnerabilities in dpkg-source in dpkg-dev 1.3.0 allow remote malicious users to modify files outside of the intended directories via a source package with a crafted Index: pseudo-header in conjunction with (1) missing --- and +++ header lines or (2) ...
Debian Dpkg-dev 1.3.0
1 EDB exploit
7.5
CVSSv2
CVE-2022-1664
Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-pl...
Debian Dpkg
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Netapp Ontap Select Deploy Administration Utility -
1 Github repository
5.1
CVSSv2
CVE-2010-0405
Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 prior to 1.0.6 allows context-dependent malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.
Bzip Bzip2 1.0
Bzip Bzip2 0.9.5 A
Bzip Bzip2 0.9.5 D
Bzip Bzip2 0.9.5 C
Bzip Bzip2 0.9 A
Bzip Bzip2 0.9.5d
Bzip Bzip2 0.9.0a
Bzip Bzip2 0.9.0
Bzip Bzip2 0.9 C
Bzip Bzip2 1.0.3
Bzip Bzip2 1.0.2
Bzip Bzip2 0.9.5a
Bzip Bzip2 0.9.5b
Libzip2 Libzip2
Bzip Bzip2 0.9.0c
Bzip Bzip2 0.9
Bzip Bzip2 1.0.1
Bzip Bzip2 0.9.5c
Bzip Bzip2 0.9 B
Bzip Bzip2 0.9.5 B
Bzip Bzip2 1.0.4
Bzip Bzip2 0.9.0b
6.9
CVSSv2
CVE-2008-4984
scratchbox2 1.99.0.24 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/dpkg.#####.tmp, (b) /tmp/missing_deps.#####, and (c) /tmp/sb2-pkg-chk.$tstamp.##### temporary files, related to the (1) dpkg-checkbuilddeps and (2) sb2-check-pkg-mappings script...
Freedesktop Scratchbox2 1.99.0.24
5
CVSSv2
CVE-2005-1849
inftrees.h in zlib 1.2.2 allows remote malicious users to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced.
Zlib Zlib 1.2.2
6.8
CVSSv2
CVE-2015-1330
unattended-upgrades prior to 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle malicious users to upload and execute arbitrary pa...
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 15.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Debian Unattended-upgrades
2.1
CVSSv2
CVE-2021-32556
It exists that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call.
Canonical Apport
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »