Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
debian debian linux vulnerabilities and exploits
(subscribe to this query)
6.3
CVSSv3
CVE-2013-1429
Lintian prior to 2.5.12 allows remote malicious users to gather information about the "host" system using crafted symlinks.
Debian Lintian 2.5.11
Debian Lintian
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 12.04
6.7
CVSSv3
CVE-2011-2910
The AX.25 daemon (ax25d) in ax25-tools prior to 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would continue to run with root privileges which can allow possible privilege escalat...
Linux-ax25 Ax25-tools
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
7.8
CVSSv3
CVE-2019-3467
Debian-edu-config all versions < 2.11.10, a set of configuration files used for Debian Edu, and debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other Kerberos user principals.
Debian Debian-lan-config
Skolelinux Debian-edu-config
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
9.8
CVSSv3
CVE-2021-20001
It exists, that debian-edu-config, a set of configuration files used for the Debian Edu blend, prior to 2.12.16 configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation.
Skolelinux Debian-edu-config
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
3.7
CVSSv3
CVE-2011-3374
It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.
Debian Advanced Package Tool
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
8 Github repositories
5.9
CVSSv3
CVE-2021-39365
In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
Gnome Grilo
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
6.1
CVSSv3
CVE-2017-6927
Drupal 8.4.x versions prior to 8.4.5 and Drupal 7.x versions prior to 7.57 has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML (as JavaScript output does not typically go through Twig autoescaping). This fu...
Drupal Drupal
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 9.0
NA
CVE-2009-2687
The exif_read_data function in the Exif module in PHP prior to 5.2.10 allows remote malicious users to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353.
Php Php
Debian Debian Linux 5.0
Debian Debian Linux 4.0
Debian Debian Linux 6.0
8.2
CVSSv3
CVE-2011-1408
ikiwiki prior to 3.20110608 allows remote malicious users to hijack root's tty and run symlink attacks.
Ikiwiki Ikiwiki
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
6.5
CVSSv3
CVE-2021-28711
Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically re...
Xen Xen -
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege
CVE-2022-48762
CVE-2022-48751
CVE-2024-37079
CVE-2024-30848
LFI
man-in-the-middle
CVE-2022-48736
CVE-2024-30103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »