Lucene search
K
DebiancveMost viewed

60081 matches found

Debian CVE
Debian CVE
•added 2022/03/14 12:0 a.m.•72 views

CVE-2022-24577

GPAC 1.0.1 is affected by a NULL pointer dereference in gfutf8wcslen. gfutf8wcslen is a renamed Unicode utf8wcslen function...

7.8CVSS8.2AI score0.0117EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/03/06 12:0 a.m.•72 views

CVE-2022-26496

In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBDOPTINFO or NBDOPTGO message with an large value as the length of the name...

9.8CVSS9.7AI score0.0347EPSS
Exploits2
Debian CVE
Debian CVE
•added 2022/03/02 10:17 p.m.•72 views

CVE-2021-3715

A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. T...

7.8CVSS7.1AI score0.00353EPSS
Exploits2
Debian CVE
Debian CVE
•added 2022/02/22 1:41 a.m.•72 views

CVE-2022-25636

net/netfilter/nfdupnetdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nftablesoffload...

7.8CVSS6.9AI score0.02633EPSS
Exploits6
Debian CVE
Debian CVE
•added 2022/02/02 11:48 a.m.•72 views

CVE-2022-21724

pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based o...

9.8CVSS8.8AI score0.0301EPSS
Exploits1
Debian CVE
Debian CVE
•added 2021/08/23 12:0 a.m.•72 views

CVE-2021-39144

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation t...

8.5CVSS8.9AI score0.9851EPSS
Exploits6
Debian CVE
Debian CVE
•added 2020/09/11 12:0 a.m.•72 views

CVE-2020-14330

An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri...

5.5CVSS6.9AI score0.00568EPSS
Exploits1
Debian CVE
Debian CVE
•added 2019/09/26 2:7 p.m.•72 views

CVE-2019-10092

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the modproxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with...

6.1CVSS5.9AI score0.81466EPSS
Exploits4
Debian CVE
Debian CVE
•added 2019/04/08 9:31 p.m.•72 views

CVE-2019-0211

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads including scripts executed by an in-process scripting interpreter could execute arbitrary code with the privileges of the parent process usually roo...

7.8CVSS7.2AI score0.65005EPSS
Exploits8
Debian CVE
Debian CVE
•added 2025/04/19 12:0 a.m.•71 views

CVE-2023-26819

cJSON 1.7.15 might allow a denial of service via a crafted JSON document such as "a": true, "b": null,9999999999999999999999999999999999999999999999912345678901234567...

2.9CVSS4.4AI score0.00196EPSS
Exploits1
Debian CVE
Debian CVE
•added 2024/03/15 6:3 p.m.•71 views

CVE-2024-2193

A Speculative Race Condition SRC vulnerability that impacts modern CPU architectures supporting speculative execution related to Spectre V1 has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the...

5.7CVSS5.7AI score0.01231EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/05/26 5:2 p.m.•71 views

CVE-2023-32681

Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use rebuildproxies to reattach the Proxy-Authorization header to requests. For HTTP connections sent...

6.1CVSS7AI score0.02782EPSS
Exploits1
Debian CVE
Debian CVE
•added 2023/04/12 11:16 a.m.•71 views

CVE-2023-1829

A use-after-free vulnerability in the Linux Kernel traffic control index filter tcindex can be exploited to achieve local privilege escalation. The tcindexdelete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later...

7.8CVSS7.3AI score0.01029EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/10/02 12:0 a.m.•71 views

CVE-2022-42003

In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAPSINGLEVALUEARRAYS feature is enabled...

7.5CVSS7AI score0.02824EPSS
Exploits2
Debian CVE
Debian CVE
•added 2022/09/19 12:0 a.m.•71 views

CVE-2022-40468

Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in processrequest function...

7.5CVSS6.1AI score0.01413EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/09/01 12:0 a.m.•71 views

CVE-2022-2320

A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker...

7.8CVSS4.2AI score0.00573EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/08/23 3:50 p.m.•71 views

CVE-2021-3690

A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability...

7.5CVSS6.1AI score0.01375EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/07/27 9:19 p.m.•71 views

CVE-2022-1872

Insufficient policy enforcement in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page...

4.3CVSS6AI score0.00456EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/07/26 9:56 p.m.•71 views

CVE-2022-1639

Use after free in ANGLE in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS9.5AI score0.00735EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/04/29 12:0 a.m.•71 views

CVE-2022-1015

A flaw was found in the Linux kernel in linux/net/netfilter/nftablesapi.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue...

6.6CVSS6.7AI score0.01467EPSS
Exploits10
Debian CVE
Debian CVE
•added 2022/04/05 12:25 a.m.•71 views

CVE-2022-0800

Heap buffer overflow in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS9.4AI score0.00997EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/04/05 12:25 a.m.•71 views

CVE-2022-0790

Use after free in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially perform a sandbox escape via a crafted HTML page...

9.6CVSS9.5AI score0.00918EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/04/02 8:36 p.m.•71 views

CVE-2022-28356

In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/afllc.c...

5.5CVSS6.3AI score0.00582EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/03/28 6:53 p.m.•71 views

CVE-2022-0751

Removed by vendor...

8.8CVSS7.3AI score0.01391EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/03/10 7:20 p.m.•71 views

CVE-2022-23042

Linux PV device frontends vulnerable to attacks by backends This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Several Linux PV device frontends are using the grant table interfaces for removing access rights of the...

7CVSS6.8AI score0.00244EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/02/18 4:24 a.m.•71 views

CVE-2022-25315

In Expat aka libexpat before 2.4.5, there is an integer overflow in storeRawNames...

9.8CVSS8.8AI score0.04781EPSS
Exploits1
Debian CVE
Debian CVE
•added 2021/09/16 2:40 p.m.•71 views

CVE-2021-34798

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier...

7.5CVSS7.7AI score0.64509EPSS
Exploits0
Debian CVE
Debian CVE
•added 2021/01/20 3:22 p.m.•71 views

CVE-2020-25684

A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:replyquery if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query,...

4.3CVSS4.6AI score0.04041EPSS
Exploits2
Debian CVE
Debian CVE
•added 2018/01/18 11:0 p.m.•71 views

CVE-2015-9251

Removed by vendor...

6.1CVSS6.9AI score0.29726EPSS
Exploits2
Debian CVE
Debian CVE
•added 2017/07/27 9:0 p.m.•71 views

CVE-2016-0736

In Apache HTTP Server versions 2.4.0 to 2.4.23, modsessioncrypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation AES256-CBC by default, hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle...

7.5CVSS7.6AI score0.49024EPSS
Exploits4
Debian CVE
Debian CVE
•added 2017/07/04 6:0 p.m.•71 views

CVE-2017-10803

In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated privileged users to execute arbitrary Python code, because unpickle is used...

8.5CVSS6.6AI score0.0359EPSS
Exploits2
Debian CVE
Debian CVE
•added 2016/06/27 10:0 a.m.•71 views

CVE-2016-1583

The ecryptfsprivilegedopen function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service stack memory consumption via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling...

7.8CVSS6.8AI score0.01393EPSS
Exploits2
Debian CVE
Debian CVE
•added 2015/11/16 9:0 p.m.•71 views

CVE-2015-8215

net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 does not validate attempted changes to the MTU value, which allows context-dependent attackers to cause a denial of service packet loss via a value that is 1 smaller than the minimum compliant value or 2 larger than the MTU of a...

5CVSS6.6AI score0.03693EPSS
Exploits0
Debian CVE
Debian CVE
•added 2011/09/06 7:0 p.m.•71 views

CVE-2011-3389

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...

4.3CVSS7.2AI score0.73327EPSS
Exploits4
Debian CVE
Debian CVE
•added 2010/10/08 8:0 p.m.•71 views

CVE-2010-2938

arch/x86/hvm/vmx/vmcs.c in the virtual-machine control structure VMCS implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux RHEL 5, when an Intel platform without Extended Page Tables EPT functionality is used, accesses VMCS fields without verifying hardware support for these...

4.9CVSS1.9AI score0.00346EPSS
Exploits1
Debian CVE
Debian CVE
•added 2025/04/22 12:0 a.m.•70 views

CVE-2024-58250

The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges...

9.3CVSS5.2AI score0.00198EPSS
Exploits0
Debian CVE
Debian CVE
•added 2024/04/16 3:14 p.m.•70 views

CVE-2024-3863

The executable file warning was not presented when downloading .xrm-ms files. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10...

9.8CVSS8AI score0.00812EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/12/22 4:16 p.m.•70 views

CVE-2023-49088

Cacti is an open source operational monitoring and fault management framework. The fix applied for CVE-2023-39515 in version 1.2.25 is incomplete as it enables an adversary to have a victim browser execute malicious code when a victim user hovers their mouse over the malicious data source path in...

6.1CVSS5.6AI score0.01268EPSS
Exploits1
Debian CVE
Debian CVE
•added 2023/07/22 4:17 a.m.•70 views

CVE-2023-3247

In PHP versions 8.0. before 8.0.29, 8.1. before 8.1.20, 8.2. before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure ...

4.3CVSS5.5AI score0.00709EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/06/02 12:0 a.m.•70 views

CVE-2023-0767

An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

8.8CVSS7.8AI score0.00817EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/03/23 12:0 a.m.•70 views

CVE-2023-20861

In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service DoS condition...

6.5CVSS6.4AI score0.0097EPSS
Exploits1
Debian CVE
Debian CVE
•added 2023/01/02 12:0 a.m.•70 views

CVE-2022-0801

Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS preventions via a crafted HTML page. Chrome security severity: Medium...

6.1CVSS7AI score0.00545EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/10/16 12:0 a.m.•70 views

CVE-2022-3523

A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is an unknown function of the file mm/memory.c of the component Driver Handler. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to...

5.3CVSS5.9AI score0.00862EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/08/26 3:25 p.m.•70 views

CVE-2021-3735

A deadlock issue was found in the AHCI controller device of QEMU. It occurs on a software reset ahciresetport while handling a host-to-device Register FIS Frame Information Structure packet from the guest. A privileged user inside the guest could use this flaw to hang the QEMU process on the host...

4.4CVSS4.6AI score0.0019EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/07/28 9:8 p.m.•70 views

CVE-2022-30287

Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects...

8CVSS8.1AI score0.70276EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/07/05 12:50 p.m.•70 views

CVE-2022-33741

Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend CVE-2022-26365,...

7.1CVSS6.4AI score0.00318EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/05/17 7:15 p.m.•70 views

CVE-2022-28192

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager nvidia.ko, where it may lead to a use-after-free, which in turn may cause denial of service. This attack is complex to carry out because the attacker needs to have control over freeing some host side resources out of sequenc...

4.1CVSS4.1AI score0.00218EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/05/05 12:0 a.m.•70 views

CVE-2022-24903

Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code...

8.1CVSS7.6AI score0.03821EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/04/19 8:38 p.m.•70 views

CVE-2022-21496

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

5.3CVSS4.9AI score0.02651EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/04/12 7:14 p.m.•70 views

CVE-2022-27377

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Itemfuncin::cleanup, which is exploited via specially crafted SQL statements...

7.5CVSS8AI score0.02337EPSS
Exploits1
Total number of security vulnerabilities5000