Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
debian debian linux vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2013-1429
Lintian prior to 2.5.12 allows remote malicious users to gather information about the "host" system using crafted symlinks.
Debian Lintian 2.5.11
Debian Lintian
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 12.04
7.2
CVSSv2
CVE-2011-2910
The AX.25 daemon (ax25d) in ax25-tools prior to 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would continue to run with root privileges which can allow possible privilege escalat...
Linux-ax25 Ax25-tools
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
7.5
CVSSv2
CVE-2021-20001
It exists, that debian-edu-config, a set of configuration files used for the Debian Edu blend, prior to 2.12.16 configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation.
Skolelinux Debian-edu-config
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
4.3
CVSSv2
CVE-2011-3374
It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.
Debian Advanced Package Tool
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
8 Github repositories
7.2
CVSSv2
CVE-2019-3467
Debian-edu-config all versions < 2.11.10, a set of configuration files used for Debian Edu, and debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other Kerberos user principals.
Debian Debian-lan-config
Skolelinux Debian-edu-config
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
4.3
CVSSv2
CVE-2020-11028
In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5....
Wordpress Wordpress
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 8.0
5
CVSSv2
CVE-2010-0749
Transmission prior to 1.92 allows malicious users to prevent download of a file by corrupted data during the endgame.
Transmissionbt Transmission
Debian Debian Linux 8.0
Debian Debian Linux 10.0
Debian Debian Linux 9.0
5.8
CVSSv2
CVE-2016-1000108
yaws prior to 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote malicious users to redirect a CG...
Yaws Yaws
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
7.5
CVSSv2
CVE-2019-17670
WordPress prior to 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
6.8
CVSSv2
CVE-2019-18397
A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi up to and including 1.0.7 allows an malicious user to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this ...
Gnu Fribidi
Debian Debian Linux 10.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »