Debian: >> Debian Linux >> 3.0 Security Vulnerabilities
Iptables before 1.2.11, under certain conditions, does not properly load the required modules at system startup, which causes the firewall rules to fail to load and protect the system from remote attackers.
CVSS Score
7.5
EPSS Score
0.013
Published
2005-03-01
Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences.
CVSS Score
5.0
EPSS Score
0.063
Published
2005-03-01
sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.
CVSS Score
7.2
EPSS Score
0.001
Published
2005-03-01
Buffer overflow in the getnickuserhost function in BNC 2.8.9, and possibly other versions, allows remote IRC servers to execute arbitrary code via an IRC server response that contains many (1) ! (exclamation) or (2) @ (at sign) characters.
CVSS Score
10.0
EPSS Score
0.015
Published
2005-03-01
Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for Linux, allows remote attackers or local users to execute arbitrary code via certain values in a .pls file.
CVSS Score
10.0
EPSS Score
0.84
Published
2005-02-09
Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 through 3.0.11b8, when running in daemon mode with certain service types in use, allows remote servers to execute arbitrary code.
CVSS Score
10.0
EPSS Score
0.016
Published
2005-02-09
Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain image file.
CVSS Score
10.0
EPSS Score
0.072
Published
2005-02-09
Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.
CVSS Score
10.0
EPSS Score
0.044
Published
2005-01-27
Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.
CVSS Score
10.0
EPSS Score
0.034
Published
2005-01-27
Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the pam_radius_auth.conf set to be world-readable, which allows local users to obtain sensitive information.
CVSS Score
2.1
EPSS Score
0.001
Published
2005-01-26