Debian_linux - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Debian_linux
(Debian)

Repositories

• https://github.com/torvalds/linux
• https://github.com/ImageMagick/ImageMagick
• https://github.com/WordPress/WordPress
• https://github.com/FFmpeg/FFmpeg
• https://github.com/rdesktop/rdesktop

More/Less (143)

• https://github.com/krb5/krb5
• https://github.com/neomutt/neomutt
• https://github.com/FasterXML/jackson-databind
• https://github.com/file/file
• https://github.com/php/php-src
• https://github.com/the-tcpdump-group/tcpdump
• https://github.com/redmine/redmine
• https://github.com/dbry/WavPack
• https://github.com/rubygems/rubygems
• https://github.com/bcgit/bc-java
• https://github.com/uclouvain/openjpeg
• https://github.com/libgd/libgd
• https://github.com/kyz/libmspack
• https://github.com/mantisbt/mantisbt
• https://github.com/gpac/gpac
• https://github.com/newsoft/libvncserver
• https://github.com/madler/zlib
• https://github.com/libgit2/libgit2
• https://github.com/mdadams/jasper
• https://github.com/FreeRDP/FreeRDP
• https://github.com/mruby/mruby
• https://github.com/uriparser/uriparser
• https://github.com/LibRaw/LibRaw
• https://github.com/ceph/ceph
• https://github.com/verdammelt/tnef
• https://github.com/libevent/libevent
• https://github.com/antirez/redis
• https://github.com/Yeraze/ytnef
• https://github.com/Perl/perl5
• https://github.com/ntp-project/ntp
• https://github.com/openssl/openssl
• https://github.com/LibVNC/libvncserver
• https://github.com/ARMmbed/mbedtls
• https://github.com/inspircd/inspircd
• https://github.com/OTRS/otrs
• https://github.com/python-pillow/Pillow
• https://github.com/perl5-dbi/DBD-mysql
• https://github.com/apache/httpd
• https://github.com/mm2/Little-CMS
• https://github.com/curl/curl
• https://github.com/libjpeg-turbo/libjpeg-turbo
• https://github.com/jquery/jquery-ui
• https://github.com/openbsd/src
• https://github.com/szukw000/openjpeg
• https://github.com/mysql/mysql-server
• https://github.com/memcached/memcached
• https://github.com/openvswitch/ovs
• https://github.com/SpiderLabs/ModSecurity
• https://github.com/kamailio/kamailio
• https://github.com/vadz/libtiff
• https://github.com/dovecot/core
• https://github.com/znc/znc
• https://github.com/horde/horde
• https://github.com/mono/mono
• git://git.openssl.org/openssl.git
• https://github.com/esnet/iperf
• https://github.com/haproxy/haproxy
• https://github.com/codehaus-plexus/plexus-utils
• https://github.com/ellson/graphviz
• https://github.com/dajobe/raptor
• https://github.com/DanBloomberg/leptonica
• https://github.com/django/django
• https://github.com/collectd/collectd
• https://github.com/weechat/weechat
• https://git.kernel.org/pub/scm/git/git.git
• https://github.com/akrennmair/newsbeuter
• https://github.com/dom4j/dom4j
• https://github.com/sleuthkit/sleuthkit
• https://github.com/python/cpython
• https://github.com/zhutougg/c3p0
• https://github.com/golang/go
• https://github.com/westes/flex
• https://github.com/jcupitt/libvips
• https://github.com/codehaus-plexus/plexus-archiver
• https://github.com/openssh/openssh-portable
• https://github.com/jpirko/libndp
• https://github.com/inverse-inc/sogo
• https://github.com/varnish/Varnish-Cache
• https://github.com/varnishcache/varnish-cache
• https://github.com/paramiko/paramiko
• https://github.com/resiprocate/resiprocate
• https://github.com/nih-at/libzip
• https://github.com/twigphp/Twig
• https://github.com/lighttpd/lighttpd1.4
• https://github.com/vim/vim
• https://github.com/smarty-php/smarty
• https://github.com/symfony/symfony
• https://github.com/ansible/ansible
• https://github.com/mapserver/mapserver
• https://github.com/stoth68000/media-tree
• https://github.com/ImageMagick/ImageMagick6
• https://github.com/antlarr/audiofile
• https://github.com/shadow-maint/shadow
• https://github.com/lxml/lxml
• https://github.com/GStreamer/gst-plugins-ugly
• https://github.com/erikd/libsndfile
• https://github.com/ruby/openssl
• https://github.com/beanshell/beanshell
• https://github.com/git/git
• https://github.com/cyu/rack-cors
• https://github.com/Exim/exim
• https://github.com/GNOME/nautilus
• https://github.com/phusion/passenger
• https://github.com/karelzak/util-linux
• https://github.com/apple/cups
• https://github.com/shadowsocks/shadowsocks-libev
• https://github.com/simplesamlphp/simplesamlphp
• https://github.com/GNOME/evince
• https://github.com/torproject/tor
• https://github.com/derickr/timelib
• https://github.com/libarchive/libarchive
• https://git.savannah.gnu.org/git/patch.git
• https://github.com/puppetlabs/puppet
• https://github.com/flori/json
• https://github.com/eldy/awstats
• https://github.com/simplesamlphp/saml2
• https://github.com/anymail/django-anymail
• https://github.com/mpv-player/mpv
• https://github.com/TeX-Live/texlive-source
• https://github.com/vim-syntastic/syntastic
• https://github.com/gosa-project/gosa-core
• https://github.com/Cisco-Talos/clamav-devel
• https://github.com/GNOME/librsvg
• https://github.com/viewvc/viewvc
• https://github.com/moinwiki/moin-1.9
• https://github.com/splitbrain/dokuwiki
• https://github.com/heimdal/heimdal
• https://github.com/openstack/swauth
• https://github.com/bottlepy/bottle
• https://github.com/charybdis-ircd/charybdis
• https://github.com/mjg59/pupnp-code
• https://git.videolan.org/git/vlc.git
• https://github.com/atheme/atheme
• https://github.com/fragglet/lhasa
• https://github.com/neovim/neovim
• https://github.com/Quagga/quagga
• https://github.com/rohe/pysaml2
• https://github.com/PHPMailer/PHPMailer
• https://github.com/Automattic/Genericons
• https://github.com/jmacd/xdelta-devel
• https://github.com/axkibe/lsyncd
• https://github.com/quassel/quassel
• https://github.com/yarolig/didiwiki

#Vulnerabilities

9064

Date	Id	Summary	Products	Score	Patch	Annotated
2001-03-12	CVE-2001-0925	The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.	Http_server, Debian_linux	N/A
2002-10-11	CVE-2002-0839	The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.	Http_server, Debian_linux	N/A
2004-07-07	CVE-2004-0488	Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.	Http_server, Debian_linux, Enterprise_linux_server, Enterprise_linux_workstation	N/A
2004-09-16	CVE-2004-0809	The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.	Http_server, Debian_linux, Linux, Hp\-Ux, Secure_web_server_for_tru64, Mandrake_linux, Enterprise_linux, Enterprise_linux_desktop, Secure_linux, Turbolinux_desktop, Turbolinux_home, Turbolinux_server	N/A
2004-11-03	CVE-2004-0837	MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs.	Debian_linux, Mysql, Mysql	N/A
2005-08-16	CVE-2005-2555	Linux kernel 2.6.x does not properly restrict socket policy access to users with the CAP_NET_ADMIN capability, which could allow local users to conduct unauthorized activities via (1) ipv4/ip_sockglue.c and (2) ipv6/ipv6_sockglue.c.	Debian_linux, Linux_kernel	N/A
2006-07-28	CVE-2006-3918	http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.	Http_server, Ubuntu_linux, Debian_linux, Enterprise_linux_server, Enterprise_linux_workstation	N/A
2007-04-22	CVE-2007-2172	A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 causes RTA_MAX to be used as an array size instead of RTN_MAX, which leads to an "out of bound access" by the (1) dn_fib_props (dn_fib.c, DECNet) and (2) fib_props (fib_semantics.c, IPv4) functions.	Ubuntu_linux, Debian_linux, Linux_kernel	N/A
2007-10-04	CVE-2007-5191	mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.	Ubuntu_linux, Debian_linux, Fedora, Util\-Linux, Loop\-Aes\-Utils	N/A
2007-12-04	CVE-2007-6206	The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information.	Ubuntu_linux, Debian_linux, Linux_kernel, Opensuse, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation, Linux_enterprise_desktop, Linux_enterprise_real_time_extension, Linux_enterprise_server, Linux_enterprise_software_development_kit	N/A