Lucene search
K
DebiancveMost viewed

60161 matches found

Debian CVE
Debian CVE
•added 2019/12/20 4:1 p.m.•81 views

CVE-2019-17571

Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1...

9.8CVSS8.2AI score0.6906EPSS
Exploits3
Debian CVE
Debian CVE
•added 2018/10/19 10:0 p.m.•81 views

CVE-2018-18398

Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey input method for file searches within File Manager, leading to an out-of-bounds read and SEGV. This could potentially be exploited by an arbitrary local user who creates files in /tmp before the victim uses this input method...

4.7CVSS4.7AI score0.00322EPSS
Exploits1
Debian CVE
Debian CVE
•added 2017/02/23 5:0 p.m.•81 views

CVE-2017-6214

The tcpspliceread function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service infinite loop and soft lockup via vectors involving a TCP packet with the URG flag...

7.5CVSS7.6AI score0.04666EPSS
Exploits0
Debian CVE
Debian CVE
•added 2024/07/12 3:24 p.m.•80 views

CVE-2024-39917

xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter MaxLoginRetry in /etc/xrdp/sesman.ini. However, this...

9.8CVSS7AI score0.00602EPSS
Exploits0
Debian CVE
Debian CVE
•added 2024/04/17 10:27 a.m.•80 views

CVE-2024-26895

In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces wilcnetdevcleanup currently triggers a KASAN warning, which can be observed on interface registration error path, or simply by removing the...

7.8CVSS6.9AI score0.00235EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/05/17 12:0 a.m.•80 views

CVE-2023-1972

A potential heap based buffer overflow was found in bfdelfslurpversiontables in bfd/elf.c. This may lead to loss of availability...

6.5CVSS6AI score0.00895EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/03/27 12:0 a.m.•80 views

CVE-2023-0210

A bug affects the Linux kernel’s ksmbd NTLMv2 authentication and is known to crash the OS immediately in Linux-based systems...

7.5CVSS6.7AI score0.71737EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/11/09 12:0 a.m.•80 views

CVE-2022-3446

Heap buffer overflow in WebSQL in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS9.4AI score0.00683EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/06/02 8:51 p.m.•80 views

CVE-2022-32250

net/netfilter/nftablesapi.c in the Linux kernel through 5.18.1 allows a local user able to create user/net namespaces to escalate privileges to root because an incorrect NFTSTATEFULEXPR check leads to a use-after-free...

7.8CVSS6.5AI score0.03134EPSS
Exploits6
Debian CVE
Debian CVE
•added 2022/04/05 12:25 a.m.•80 views

CVE-2022-0797

Out of bounds memory access in Mojo in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page...

8.8CVSS8.9AI score0.01677EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/04/04 11:55 p.m.•80 views

CVE-2022-0608

Integer overflow in Mojo in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS9.3AI score0.01118EPSS
Exploits0
Debian CVE
Debian CVE
•added 2019/10/30 1:42 p.m.•80 views

CVE-2018-5735

The Debian backport of the fix for CVE-2017-3137 leads to assertion failure in validator.c:1858; Affects Debian versions 9.9.5.dfsg-9+deb8u15; 9.9.5.dfsg-9+deb8u18; 9.10.3.dfsg.P4-12.3+deb9u5; 9.11.5.P4+dfsg-5.1 No ISC releases are affected. Other packages from other distributions who did similar...

7.5CVSS7.2AI score0.01386EPSS
Exploits0
Debian CVE
Debian CVE
•added 2018/03/26 3:0 p.m.•80 views

CVE-2017-15715

In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the...

8.1CVSS6.3AI score0.86006EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/08/08 3:0 p.m.•80 views

CVE-2017-10198

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with...

6.8CVSS6.8AI score0.02598EPSS
Exploits0
Debian CVE
Debian CVE
•added 2025/02/26 12:0 a.m.•79 views

CVE-2024-53427

decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form ...

8.1CVSS6AI score0.00352EPSS
Exploits1
Debian CVE
Debian CVE
•added 2023/11/28 3:31 p.m.•79 views

CVE-2023-46589

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could...

7.5CVSS7.9AI score0.02651EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/10/23 6:50 a.m.•79 views

CVE-2023-45802

When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing...

5.9CVSS6.6AI score0.03024EPSS
Exploits1
Debian CVE
Debian CVE
•added 2023/06/29 12:0 a.m.•79 views

CVE-2023-26966

libtiff 4.5.0 is vulnerable to Buffer Overflow in uvencode when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian...

5.5CVSS7.3AI score0.00422EPSS
Exploits1
Debian CVE
Debian CVE
•added 2023/02/08 7:3 p.m.•79 views

CVE-2023-0215

The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the...

7.5CVSS7.2AI score0.04494EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/07/21 9:6 p.m.•79 views

CVE-2022-0979

Use after free in Safe Browsing in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS9.4AI score0.00716EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/06/08 10:0 a.m.•79 views

CVE-2022-26377

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions...

7.5CVSS8.6AI score0.19008EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/04/05 12:25 a.m.•79 views

CVE-2022-0799

Insufficient policy enforcement in Installer in Google Chrome on Windows prior to 99.0.4844.51 allowed a remote attacker to perform local privilege escalation via a crafted offline installer file...

8.8CVSS8.8AI score0.00966EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/03/28 6:53 p.m.•79 views

CVE-2021-4191

Removed by vendor...

5.3CVSS7AI score0.80004EPSS
Exploits4
Debian CVE
Debian CVE
•added 2022/03/11 12:0 a.m.•79 views

CVE-2022-0001

Non-transparent sharing of branch predictor selectors between contexts in some IntelR Processors may allow an authorized user to potentially enable information disclosure via local access...

6.5CVSS5.9AI score0.00508EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/03/05 12:0 a.m.•79 views

CVE-2022-24921

regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression...

7.5CVSS7.3AI score0.03255EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/03/02 12:0 a.m.•79 views

CVE-2021-3772

A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses...

6.5CVSS6.5AI score0.01245EPSS
Exploits0
Debian CVE
Debian CVE
•added 2014/09/25 1:0 a.m.•79 views

CVE-2014-7169

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the...

10CVSS9.9AI score0.9994EPSS
Exploits17
Debian CVE
Debian CVE
•added 2014/06/10 2:0 p.m.•79 views

CVE-2013-6825

1 movescu.cc and 2 storescp.cc in dcmnet/apps/, 3 dcmnet/libsrc/scp.cc, 4 dcmwlm/libsrc/wlmactmg.cc, 5 dcmprscp.cc and 6 dcmpsrcv.cc in dcmpstat/apps/, 7 dcmpstat/tests/msgserv.cc, and 8 dcmqrdb/apps/dcmqrscp.cc in DCMTK 3.6.1 and earlier does not check the return value of the setuid system call,...

7.2CVSS6.3AI score0.00489EPSS
Exploits1
Debian CVE
Debian CVE
•added 2008/12/08 11:0 p.m.•79 views

CVE-2008-5366

The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the 1 /tmp/probe-finished or 2 /tmp/ppp-errors temporary file...

6.9CVSS8.6AI score0.00384EPSS
Exploits0
Debian CVE
Debian CVE
•added 2025/04/09 12:0 a.m.•78 views

CVE-2025-32464

HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sampleconvregsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one...

6.8CVSS6.3AI score0.00688EPSS
Exploits0
Debian CVE
Debian CVE
•added 2025/04/03 4:57 p.m.•78 views

CVE-2025-31115

XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on t...

8.7CVSS7.5AI score0.00618EPSS
Exploits0
Debian CVE
Debian CVE
•added 2024/04/04 8:37 p.m.•78 views

CVE-2023-45288

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS7.9AI score0.91969EPSS
Exploits1
Debian CVE
Debian CVE
•added 2024/03/13 2:1 p.m.•78 views

CVE-2024-26629

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix RELEASELOCKOWNER The test on socount in nfsd4releaselockowner is nonsense and harmful. Revert to using checkforlocks, changing that to not sleep. First: harmful. As is documented in the kdoc comment for...

5.5CVSS7.3AI score0.00195EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/05/17 12:0 a.m.•78 views

CVE-2023-2203

A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of...

8.8CVSS8.6AI score0.00934EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/03/30 12:0 a.m.•78 views

CVE-2023-27536

An authentication bypass vulnerability exists libcurl 8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPTGSSAPIDELEGATION option. This vulnerability affects...

5.9CVSS6.9AI score0.01566EPSS
Exploits1
Debian CVE
Debian CVE
•added 2023/03/22 12:0 a.m.•78 views

CVE-2023-0386

A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalat...

7.8CVSS7AI score0.0788EPSS
Exploits14
Debian CVE
Debian CVE
•added 2022/10/19 9:20 p.m.•78 views

CVE-2022-41741

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to corrupt NGINX worker memory, resulting in...

7.8CVSS7.7AI score0.00756EPSS
Exploits2
Debian CVE
Debian CVE
•added 2022/09/06 5:29 p.m.•78 views

CVE-2022-27664

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error...

7.5CVSS7.5AI score0.02513EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/09/01 12:0 a.m.•78 views

CVE-2022-1729

A race condition was found the Linux kernel in perfeventopen which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc...

7CVSS6.7AI score0.0031EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/08/29 2:3 p.m.•78 views

CVE-2022-0400

An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos...

7.5CVSS7.4AI score0.01222EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/08/25 12:0 a.m.•78 views

CVE-2022-38533

In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfdgetl32 when called from the stripmain function in strip-new via a crafted file...

5.5CVSS5.9AI score0.00311EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/07/19 12:0 a.m.•78 views

CVE-2022-21540

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitab...

5.3CVSS4.6AI score0.0296EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/06/01 12:0 a.m.•78 views

CVE-2022-27781

libcurl provides the CURLOPTCERTINFO option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation...

7.5CVSS6.7AI score0.02434EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/04/05 12:25 a.m.•78 views

CVE-2022-0804

Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox URL bar via a crafted HTML page...

6.5CVSS7AI score0.00863EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/03/04 3:52 p.m.•78 views

CVE-2021-3743

An out-of-bounds OOB memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this...

7.1CVSS6.6AI score0.00726EPSS
Exploits1
Debian CVE
Debian CVE
•added 2021/07/21 12:0 a.m.•78 views

CVE-2021-37159

hsofreenetdevice in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregisternetdev without checking for the NETREGREGISTERED state, leading to a use-after-free and a double free...

6.4CVSS6.6AI score0.00395EPSS
Exploits0
Debian CVE
Debian CVE
•added 2021/04/28 2:21 a.m.•78 views

CVE-2020-36326

PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in...

9.8CVSS7.7AI score0.03095EPSS
Exploits0
Debian CVE
Debian CVE
•added 2020/02/24 9:19 p.m.•78 views

CVE-2020-1938

When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that...

9.8CVSS8.9AI score0.9927EPSS
Exploits45
Debian CVE
Debian CVE
•added 2018/08/28 8:0 a.m.•78 views

CVE-2018-15919

Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration or...

5.3CVSS5.9AI score0.03557EPSS
Exploits1
Debian CVE
Debian CVE
•added 2016/02/18 9:0 p.m.•78 views

CVE-2015-7547

Multiple stack-based buffer overflows in the 1 senddg and 2 sendvc functions in the libresolv library in the GNU C Library aka glibc or libc6 before 2.23 allow remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted DNS response that triggers a call to...

8.1CVSS8.8AI score0.89557EPSS
Exploits17
Total number of security vulnerabilities5000