debian vulnerabilities and exploits

1.2
CVSSv2
CVE-2001-1331

mandb in the man-db package before 2.3.16-3 allows local users to overwrite arbitrary files via the command line options (1) -u or (2) -c, which do not drop privileges and follow symlinks....

7.2
CVSSv2
CVE-2007-3912

checkrestart in debian-goodies before 0.34 allows local users to gain privileges via shell metacharacters in the name of the executable file for a running process....

NA
CVE-2019-5788

Debian: CVE-2019-5788: chromium -- security update...

3.6
CVSSv2
CVE-2017-8806

The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local...

2.1
CVSSv2
CVE-1999-0732

The logging facility of the Debian smtp-refuser package allows local users to delete arbitrary files using symbolic links....

7.5
CVSSv2
CVE-2003-0360

Multiple buffer overflows in gPS before 1.0.0 allow attackers to cause a denial of service and possibly execute arbitrary code....

5
CVSSv2
CVE-2017-5193

The nickcmp function in Irssi before 0.8.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a message without a nick....

DebianDebian Linux
2.1
CVSSv2
CVE-2005-0624

reportbug before 2.62 creates the .reportbugrc configuration file with world-readable permissions, which allows local users to obtain email smarthost passwords....

4.3
CVSSv2
CVE-2009-0931

Cross-site scripting (XSS) vulnerability in the tag cloud search script (horde/services/portal/cloud_search.php) in Horde before 3.2.4 and 3.3.3, and Horde Groupware before 1.1.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors....

2.1
CVSSv2
CVE-2019-9706

Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (use-after-free and daemon crash) because of a force_rescan_user error....