VulnerableCode Package Details - pkg:deb/debian/systemtap@0.0.20061028-2

Vulnerabilities affecting this package (12)

Vulnerability	Summary	Fixed by
VCID-5u9b-wt99-abc1 Aliases: CVE-2009-4273	stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command-line arguments in a request.	1.2-5+squeeze1 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-a7f8-43dc-ybeh Aliases: CVE-2011-2503	The insert_module function in runtime/staprun/staprun_funcs.c in the systemtap runtime tool (staprun) in SystemTap before 1.6 does not properly validate a module when loading it, which allows local users to gain privileges via a race condition between the signature validation and the module initialization.	1.7-1+deb7u1 Affected by 0 other vulnerabilities.
VCID-ahku-a889-kbbb Aliases: CVE-2010-4170		1.2-5+squeeze1 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-b1gq-kp4d-mfft Aliases: CVE-2011-1781	SystemTap 1.4, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs stack unwinding (aka backtracing).	1.7-1+deb7u1 Affected by 0 other vulnerabilities.
VCID-bnxv-sxep-skb3 Aliases: CVE-2009-0784	Race condition in the SystemTap stap tool 0.0.20080705 and 0.0.20090314 allows local users in the stapusr group to insert arbitrary SystemTap kernel modules and gain privileges via unknown vectors.	1.2-5+squeeze1 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-dtxj-1p3h-rbbp Aliases: CVE-2011-2502	runtime/staprun/staprun_funcs.c in the systemtap runtime tool (staprun) in SystemTap before 1.6 does not properly validate modules when a module path is specified by a user for user-space probing, which allows local users in the stapusr group to gain privileges via a crafted module in the search path in the -u argument.	1.7-1+deb7u1 Affected by 0 other vulnerabilities.
VCID-ekgm-pcga-fubk Aliases: CVE-2010-4171		1.2-5+squeeze1 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-n9d4-jqru-wfc3 Aliases: CVE-2009-2911	SystemTap 1.0, when the --unprivileged option is used, does not properly restrict certain data sizes, which allows local users to (1) cause a denial of service or gain privileges via a print operation with a large number of arguments that trigger a kernel stack overflow, (2) cause a denial of service via crafted DWARF expressions that trigger a kernel stack frame overflow, or (3) cause a denial of service (infinite loop) via vectors that trigger creation of large unwind tables, related to Common Information Entry (CIE) and Call Frame Instruction (CFI) records.	1.2-5+squeeze1 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-ryza-4vez-7fa9 Aliases: CVE-2012-0875	A vulnerability in SystemTap could allow a local attacker to create a Denial of Service condition.	1.7-1+deb7u1 Affected by 0 other vulnerabilities.
VCID-sk3w-757s-p7h1 Aliases: CVE-2010-0412	stap-server in SystemTap 1.1 does not properly restrict the value of the -B (aka BUILD) option, which allows attackers to have an unspecified impact via vectors associated with executing the make program, a different vulnerability than CVE-2009-4273.	1.2-5+squeeze1 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-tjhr-z66v-cqgf Aliases: CVE-2011-1769	SystemTap 1.4 and earlier, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs context variable access.	1.7-1+deb7u1 Affected by 0 other vulnerabilities.
VCID-yn9n-7h5e-8fbg Aliases: CVE-2010-0411	Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_argv functions in tapset/aux_syscalls.stp in SystemTap 1.1 allow local users to cause a denial of service (script crash, or system crash or hang) via a process with a large number of arguments, leading to a buffer overflow.	1.2-5+squeeze1 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Next non-vulnerable version	1.7-1+deb7u1
Latest non-vulnerable version	1.7-1+deb7u1
Risk	7.8

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-13T12:19:29.759474+00:00	Debian Oval Importer	Affected by	VCID-ekgm-pcga-fubk	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T12:12:01.652030+00:00	Debian Oval Importer	Affected by	VCID-tjhr-z66v-cqgf	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T10:39:55.465923+00:00	Debian Oval Importer	Affected by	VCID-n9d4-jqru-wfc3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T08:56:55.131795+00:00	Debian Oval Importer	Affected by	VCID-5u9b-wt99-abc1	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T07:15:03.764796+00:00	Debian Oval Importer	Affected by	VCID-ryza-4vez-7fa9	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T06:53:14.171992+00:00	Debian Oval Importer	Affected by	VCID-dtxj-1p3h-rbbp	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T06:20:47.295362+00:00	Debian Oval Importer	Affected by	VCID-b1gq-kp4d-mfft	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T04:00:44.872915+00:00	Debian Oval Importer	Affected by	VCID-yn9n-7h5e-8fbg	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T03:51:16.218110+00:00	Debian Oval Importer	Affected by	VCID-sk3w-757s-p7h1	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T03:49:15.748494+00:00	Debian Oval Importer	Affected by	VCID-ahku-a889-kbbb	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T03:39:01.596114+00:00	Debian Oval Importer	Affected by	VCID-bnxv-sxep-skb3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T01:56:04.875175+00:00	Debian Oval Importer	Affected by	VCID-a7f8-43dc-ybeh	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0