Lucene search
K

19 matches found

OSV
OSV
added 2026/06/30 11:17 p.m.3 views

DEBIAN-CVE-2026-13966

Inappropriate implementation in History in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.8AI score0.0023EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 7:17 p.m.3 views

DEBIAN-CVE-2026-13023

Uninitialized Use in GPU in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

5.3CVSS5.9AI score0.00186EPSS
Exploits0References1
OSV
OSV
added 2026/06/23 5:17 p.m.3 views

DEBIAN-CVE-2026-56113

dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same-link attackers to crash the daemon by sending a crafted DHCPv6 RENEW reply with RFC6603 OPTIONPDEXCLUDE and both preferred and valid lifetimes set to zero. Attackers actin...

6.5CVSS5.9AI score0.00175EPSS
Exploits0References1
OSV
OSV
added 2026/06/11 10:16 p.m.5 views

DEBIAN-CVE-2026-12022

Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. Chromium security severity: High...

8.3CVSS5.4AI score0.00166EPSS
Exploits0References1
OSV
OSV
added 2026/06/04 11:17 p.m.5 views

DEBIAN-CVE-2026-11204

Inappropriate implementation in Signin in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.5AI score0.00201EPSS
Exploits0References1
OSV
OSV
added 2026/04/24 6:16 p.m.4 views

DEBIAN-CVE-2026-42033

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when Object.prototype has been polluted by any co-dependency with keys that axios reads without a hasOwnProperty guard, an attacker can a silently intercept and modify every JSON response before the...

7.4CVSS5.4AI score0.00838EPSS
Exploits1References1
OSV
OSV
added 2023/05/05 3:15 p.m.2 views

DEBIAN-CVE-2023-29939

llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::spirv::TargetEnv::TargetEnvmlir::spirv::TargetEnvAttr...

5.5CVSS5.5AI score0.00218EPSS
Exploits0References1
OSV
OSV
added 2023/01/04 4:15 p.m.1 views

DEBIAN-CVE-2023-0049

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143...

7.8CVSS7.5AI score0.00471EPSS
Exploits1References1
OSV
OSV
added 2022/12/23 3:15 p.m.2 views

DEBIAN-CVE-2022-43551

A vulnerability exists in curl 7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypasse...

7.5CVSS6.5AI score0.1654EPSS
Exploits1References1
OSV
OSV
added 2022/01/21 8:15 p.m.1 views

DEBIAN-CVE-2021-23518

The package cached-path-relative before 1.1.0 are vulnerable to Prototype Pollution via the cache variable that is set as instead of Object.createnull in the cachedPathRelative function, which allows access to the parent prototype properties when the object is used to create the cached relative...

9.8CVSS8.4AI score0.01943EPSS
Exploits1References1
OSV
OSV
added 2021/09/20 4:15 p.m.4 views

DEBIAN-CVE-2021-32270

An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function vwidboxdel located in boxcodebase.c. It allows an attacker to cause Denial of Service...

5.5CVSS6.6AI score0.00614EPSS
Exploits1References1
OSV
OSV
added 2020/11/02 9:15 p.m.0 views

DEBIAN-CVE-2020-28034

WordPress before 5.5.2 allows XSS associated with global variables...

6.1CVSS6.6AI score0.017EPSS
Exploits0References1
OSV
OSV
added 2019/05/01 6:29 p.m.3 views

DEBIAN-CVE-2019-11637

An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function recrsetgetprops at rec-rset.c in librec.a, leading to a crash...

6.5CVSS7AI score0.01411EPSS
Exploits1References1
OSV
OSV
added 2017/10/17 1:29 p.m.1 views

DEBIAN-CVE-2017-13084

Wi-Fi Protected Access WPA and WPA2 allows reinstallation of the Station-To-Station-Link STSL Transient Key STK during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames...

6.8CVSS8.6AI score0.02205EPSS
Exploits0References1
OSV
OSV
added 2016/04/07 11:59 p.m.1 views

DEBIAN-CVE-2016-2851

Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service memory corruption and application crash or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow...

9.8CVSS8.4AI score0.254EPSS
Exploits5References1
OSV
OSV
added 2014/02/08 12:55 a.m.1 views

DEBIAN-CVE-2011-4099

The capsh program in libcap before 2.22 does not change the current working directory when the --chroot option is specified, which allows local users to bypass the chroot restrictions via unspecified vectors...

4.6CVSS6.6AI score0.00379EPSS
Exploits0References1
OSV
OSV
added 2009/12/08 5:30 p.m.1 views

DEBIAN-CVE-2009-3994

Stack-based buffer overflow in the GetUID function in src-IL/src/ildicom.c in DevIL 1.7.8 allows remote attackers to cause a denial of service application crash or execute arbitrary code via a crafted DICOM file...

9.3CVSS8.1AI score0.07032EPSS
Exploits0References1
OSV
OSV
added 2002/12/31 5:0 a.m.4 views

DEBIAN-CVE-2002-1850

modcgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service hang and memory consumption by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script...

7.5CVSS6.6AI score0.17408EPSS
Exploits1References1
Debian
Debian
added 1999/01/17 12:0 a.m.11 views

[SECURITY] ftpwatch package has major security problems

We have found that the ftpwatch package as distributed in Debian GNU/Linux 1.3 and later distributions has a security problem which makes it trivial for users to gain root access. We recommend that you remove the ftpwatch package immediately. We will be working on a new version of ftpwatch to...

2.4AI score
Exploits0
Rows per page
Query Builder