Total
8596 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-5049 | 2 Debian, Mortbay | 2 Debian Linux, Jetty | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| WebApp JSP Snoop page XSS in jetty though 6.1.21. | |||||
| CVE-2009-5046 | 2 Debian, Eclipse | 2 Debian Linux, Jetty | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22. | |||||
| CVE-2009-5045 | 2 Debian, Eclipse | 2 Debian Linux, Jetty | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Dump Servlet information leak in jetty before 6.1.22. | |||||
| CVE-2009-5043 | 2 Burn Project, Debian | 2 Burn, Debian Linux | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| burn allows file names to escape via mishandled quotation marks | |||||
| CVE-2009-5042 | 2 Debian, Python-docutils Project | 2 Debian Linux, Python-docutils | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| python-docutils allows insecure usage of temporary files | |||||
| CVE-2009-3723 | 2 Debian, Sangoma | 2 Debian Linux, Asterisk | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| asterisk allows calls on prohibited networks | |||||
| CVE-2009-3614 | 2 Debian, Noping | 2 Debian Linux, Liboping | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| liboping 1.3.2 allows users reading arbitrary files upon the local system. | |||||
| CVE-2008-7291 | 2 Debian, Gri Project | 2 Debian Linux, Gri | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| gri before 2.12.18 generates temporary files in an insecure way. | |||||
| CVE-2007-6745 | 2 Clamav, Debian | 2 Clamav, Debian Linux | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| clamav 0.91.2 suffers from a floating point exception when using ScanOLE2. | |||||
| CVE-2007-5743 | 2 Debian, Viewvc | 2 Debian Linux, Viewvc | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option. | |||||
| CVE-2007-0899 | 2 Clamav, Debian | 2 Clamav, Debian Linux | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| There is a possible heap overflow in libclamav/fsg.c before 0.100.0. | |||||
| CVE-2006-4245 | 2 Archivemail Project, Debian | 2 Archivemail, Debian Linux | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| archivemail 0.6.2 uses temporary files insecurely leading to a possible race condition. | |||||
| CVE-2005-4890 | 3 Debian, Redhat, Sudo Project | 4 Debian Linux, Shadow, Enterprise Linux and 1 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process. | |||||
| CVE-2005-2351 | 2 Debian, Mutt | 2 Debian Linux, Mutt | 2024-11-20 | 2.1 LOW | 5.5 MEDIUM |
| Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files. | |||||
| CVE-2024-46952 | 2 Artifex, Debian | 2 Ghostscript, Debian Linux | 2024-11-14 | N/A | 7.8 HIGH |
| An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream (related to W array values). | |||||
| CVE-2009-5047 | 2 Debian, Eclipse | 2 Debian Linux, Jetty | 2024-02-04 | N/A | N/A |
| Jetty 6.x through 6.1.22 suffers from an escape sequence injection vulnerability from an attack vector by means of: 1) "Cookie Dump Servlet" and 2) Http Content-Length header. 1) A POST request to the form at "/test/cookie/" with the "Age" parameter set to a string throws a "java.lang.NumberFormatException" which reflects binary characters including ESC. These characters could be used to execute arbitrary commands or buffer dumps in the terminal. 2) The attack vector in 1) can be exploited by requesting a page using an HTTP request "Content-Length" header set to a consonant string (string including only letters). | |||||