Vulnerabilities > Debian > Dpkg > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-26 | CVE-2017-8283 | Path Traversal vulnerability in Debian Dpkg dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD. | 7.5 |
| 2015-12-03 | CVE-2015-0860 | Numeric Errors vulnerability in multiple products Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which triggers a stack-based buffer overflow. | 7.5 |
| 2014-05-14 | CVE-2014-3127 | Path Traversal vulnerability in Debian Dpkg dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. | 7.1 |
| 2010-06-08 | CVE-2004-2768 | Permissions, Privileges, and Access Controls vulnerability in Debian Dpkg 1.9.21 dpkg 1.9.21 does not properly reset the metadata of a file during replacement of the file in a package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid file, (2) setgid file, or (3) device, a related issue to CVE-2010-2059. | 7.2 |