Debian Lintian vulnerabilities

6 known vulnerabilities affecting debian/lintian.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM1LOW1

Vulnerabilities

Page 1 of 1
CVE-2013-1429MEDIUMCVSS 6.3fixed in 2.5.10.5v2.5.112019-11-07
CVE-2013-1429 [MEDIUM] CWE-59 CVE-2013-1429: Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using cr Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using crafted symlinks.
nvd
CVE-2017-8829HIGHCVSS 7.8≤ 2.5.50.32017-05-08
CVE-2017-8829 [HIGH] CWE-502 CVE-2017-8829: Deserialization vulnerability in lintian through 2.5.50.3 allows attackers to trigger code execution Deserialization vulnerability in lintian through 2.5.50.3 allows attackers to trigger code execution by requesting a review of a source package with a crafted YAML file.
nvd
CVE-2009-4013CRITICALCVSS 9.8≥ 1.23.0, ≤ 1.23.28≥ 1.24.0, ≤ 1.24.2.1+1 more2010-02-02
CVE-2009-4013 [CRITICAL] CWE-22 CVE-2009-4013: Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24. Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive information via vectors involving (1) control field names, (2) control field values, and (3) control files of patch systems.
nvd
CVE-2009-4015HIGHCVSS 7.5v1.23.0v1.23.1+58 more2010-02-02
CVE-2009-4015 [HIGH] CWE-89 CVE-2009-4015: Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attacker Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments.
nvd
CVE-2009-4014HIGHCVSS 7.5v1.23.0v1.23.1+59 more2010-02-02
CVE-2009-4014 [HIGH] CWE-134 CVE-2009-4014: Multiple format string vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, a Multiple format string vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to have an unspecified impact via vectors involving (1) check scripts and (2) the Lintian::Schedule module.
nvd
CVE-2004-1000LOWCVSS 2.1v1.2_0.17.12004-01-10
CVE-2004-1000 [LOW] CVE-2004-1000: lintian 1.23 and earlier removes the working directory even if it was not created by lintian, which lintian 1.23 and earlier removes the working directory even if it was not created by lintian, which may allow local users to delete arbitrary files or directories via a symlink attack.
nvd