Debian: >> Debian Linux >> 2.2 Security Vulnerabilities
in.uucpd UUCP server in Debian GNU/Linux 2.2, and possibly other operating systems, does not properly terminate long strings, which allows remote attackers to cause a denial of service, possibly due to a buffer overflow.
CVSS Score
5.0
EPSS Score
0.01
Published
2002-10-04
Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
CVSS Score
7.5
EPSS Score
0.601
Published
2002-07-03
SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via malformed packets that cause Ethereal to dereference a NULL pointer.
CVSS Score
7.5
EPSS Score
0.058
Published
2002-06-18
Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded.
CVSS Score
7.8
EPSS Score
0.002
Published
2002-05-16
Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling."
CVSS Score
7.2
EPSS Score
0.002
Published
2002-03-08
Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice.
CVSS Score
7.2
EPSS Score
0.003
Published
2002-02-27
GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitrary files of the Enscript user via a symlink attack on temporary files.
CVSS Score
3.6
EPSS Score
0.001
Published
2002-01-31
Buffer overflow in Xvt 2.1 in Debian Linux 2.2 allows local users to execute arbitrary code via long (1) -name and (2) -T arguments.
CVSS Score
7.2
EPSS Score
0.002
Published
2001-12-31
htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file.
CVSS Score
6.4
EPSS Score
0.025
Published
2001-12-06
LogLine function in klogd in sysklogd 1.3 in various Linux distributions allows an attacker to cause a denial of service (hang) by causing null bytes to be placed in log messages.
CVSS Score
5.0
EPSS Score
0.008
Published
2001-10-18