Lucene search
K
DebiancveMost viewed

60235 matches found

Debian CVE
Debian CVE
•added 2019/04/15 2:23 p.m.•71 views

CVE-2019-0232

When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by...

9.3CVSS8.4AI score0.99652EPSS
Exploits9
Debian CVE
Debian CVE
•added 2018/03/09 8:0 p.m.•71 views

CVE-2016-9606

JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions...

8.1CVSS8.3AI score0.06179EPSS
Exploits0
Debian CVE
Debian CVE
•added 2018/01/18 11:0 p.m.•71 views

CVE-2015-9251

Removed by vendor...

6.1CVSS6.9AI score0.29726EPSS
Exploits2
Debian CVE
Debian CVE
•added 2017/07/04 6:0 p.m.•71 views

CVE-2017-10803

In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated privileged users to execute arbitrary Python code, because unpickle is used...

8.5CVSS6.6AI score0.0359EPSS
Exploits2
Debian CVE
Debian CVE
•added 2017/05/18 6:13 a.m.•71 views

CVE-2017-9048

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more...

7.5CVSS8.4AI score0.04888EPSS
Exploits1
Debian CVE
Debian CVE
•added 2015/11/16 9:0 p.m.•71 views

CVE-2015-8215

net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 does not validate attempted changes to the MTU value, which allows context-dependent attackers to cause a denial of service packet loss via a value that is 1 smaller than the minimum compliant value or 2 larger than the MTU of a...

5CVSS6.6AI score0.03693EPSS
Exploits0
Debian CVE
Debian CVE
•added 2012/09/06 6:0 p.m.•71 views

CVE-2012-1107

The analyzeCurrent function in ape/apeproperties.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service application crash via a crafted sampleRate in an ape file, which triggers a divide-by-zero error...

4.3CVSS4.4AI score0.01827EPSS
Exploits1
Debian CVE
Debian CVE
•added 2010/10/08 8:0 p.m.•71 views

CVE-2010-2938

arch/x86/hvm/vmx/vmcs.c in the virtual-machine control structure VMCS implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux RHEL 5, when an Intel platform without Extended Page Tables EPT functionality is used, accesses VMCS fields without verifying hardware support for these...

4.9CVSS1.9AI score0.00346EPSS
Exploits1
Debian CVE
Debian CVE
•added 2025/04/22 12:0 a.m.•70 views

CVE-2024-58250

The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges...

9.3CVSS5.2AI score0.00196EPSS
Exploits0
Debian CVE
Debian CVE
•added 2024/04/16 3:14 p.m.•70 views

CVE-2024-3863

The executable file warning was not presented when downloading .xrm-ms files. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10...

9.8CVSS8AI score0.00812EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/12/22 4:16 p.m.•70 views

CVE-2023-49088

Cacti is an open source operational monitoring and fault management framework. The fix applied for CVE-2023-39515 in version 1.2.25 is incomplete as it enables an adversary to have a victim browser execute malicious code when a victim user hovers their mouse over the malicious data source path in...

6.1CVSS5.6AI score0.01268EPSS
Exploits1
Debian CVE
Debian CVE
•added 2023/07/22 4:17 a.m.•70 views

CVE-2023-3247

In PHP versions 8.0. before 8.0.29, 8.1. before 8.1.20, 8.2. before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure ...

4.3CVSS5.5AI score0.00709EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/06/02 12:0 a.m.•70 views

CVE-2023-0767

An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

8.8CVSS7.8AI score0.00817EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/03/23 12:0 a.m.•70 views

CVE-2023-20861

In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service DoS condition...

6.5CVSS6.4AI score0.0097EPSS
Exploits1
Debian CVE
Debian CVE
•added 2023/01/02 12:0 a.m.•70 views

CVE-2022-0801

Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS preventions via a crafted HTML page. Chrome security severity: Medium...

6.1CVSS7AI score0.00545EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/10/16 12:0 a.m.•70 views

CVE-2022-3523

A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is an unknown function of the file mm/memory.c of the component Driver Handler. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to...

5.3CVSS5.9AI score0.00862EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/08/26 3:25 p.m.•70 views

CVE-2021-3735

A deadlock issue was found in the AHCI controller device of QEMU. It occurs on a software reset ahciresetport while handling a host-to-device Register FIS Frame Information Structure packet from the guest. A privileged user inside the guest could use this flaw to hang the QEMU process on the host...

4.4CVSS4.6AI score0.0019EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/07/28 9:8 p.m.•70 views

CVE-2022-30287

Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects...

8CVSS8.1AI score0.70276EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/07/05 12:50 p.m.•70 views

CVE-2022-33741

Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend CVE-2022-26365,...

7.1CVSS6.4AI score0.00322EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/05/17 7:15 p.m.•70 views

CVE-2022-28192

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager nvidia.ko, where it may lead to a use-after-free, which in turn may cause denial of service. This attack is complex to carry out because the attacker needs to have control over freeing some host side resources out of sequenc...

4.1CVSS4.1AI score0.00218EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/05/05 12:0 a.m.•70 views

CVE-2022-24903

Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code...

8.1CVSS7.6AI score0.03821EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/04/12 7:14 p.m.•70 views

CVE-2022-27377

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Itemfuncin::cleanup, which is exploited via specially crafted SQL statements...

7.5CVSS8AI score0.02337EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/04/05 12:25 a.m.•70 views

CVE-2022-0798

Use after free in MediaStream in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension...

8.8CVSS9.6AI score0.00664EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/03/16 2:4 p.m.•70 views

CVE-2022-0918

A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The...

7.5CVSS6.6AI score0.05914EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/03/16 9:50 a.m.•70 views

CVE-2021-46705

A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2...

5.1CVSS5.7AI score0.00236EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/03/04 5:19 p.m.•70 views

CVE-2021-3428

A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4escacheextent. Fabricating an integer overflow, A local attacker with a special user privilege may cause a system crash problem...

5.5CVSS6.3AI score0.00296EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/03/02 2:27 p.m.•70 views

CVE-2022-25634

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory...

7.5CVSS7.7AI score0.0193EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/02/24 3:37 p.m.•70 views

CVE-2022-24687

HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.10.7, and 1.11.2 clusters with at least one Ingress Gateway allow a user with service:write to register a specifically-defined service that can cause Consul servers to panic. Fixed in 1.9.15, 1.10.8, and 1.11.3...

6.5CVSS6.2AI score0.01366EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/02/18 12:0 a.m.•70 views

CVE-2022-0585

Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file...

6.5CVSS4.4AI score0.02374EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/02/09 10:4 p.m.•70 views

CVE-2021-33120

Out of bounds read under complex microarchitectural condition in memory subsystem for some Intel AtomR Processors may allow authenticated user to potentially enable information disclosure or cause denial of service via network access...

5.5CVSS5.7AI score0.01017EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/02/01 1:46 a.m.•70 views

CVE-2021-46667

MariaDB before 10.6.5 has a sqllex.cc integer overflow, leading to an application crash...

5.5CVSS8AI score0.00425EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/01/07 12:0 a.m.•70 views

CVE-2021-44528

A open redirect vulnerability exists in Action Pack = 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website...

6.1CVSS5.8AI score0.04182EPSS
Exploits0
Debian CVE
Debian CVE
•added 2021/11/04 6:39 p.m.•70 views

CVE-2021-43389

An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detachcapictr function in drivers/isdn/capi/kcapi.c...

5.5CVSS6.5AI score0.00669EPSS
Exploits1
Debian CVE
Debian CVE
•added 2021/02/24 12:0 a.m.•70 views

CVE-2021-27645

The nameserver caching daemon nscd in the GNU C Library aka glibc or libc6 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c...

2.5CVSS5.7AI score0.00374EPSS
Exploits0
Debian CVE
Debian CVE
•added 2020/04/29 12:0 a.m.•70 views

CVE-2020-11023

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0...

6.9CVSS6.8AI score0.8383EPSS
Exploits6
Debian CVE
Debian CVE
•added 2020/01/09 2:41 p.m.•70 views

CVE-2019-19332

An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVMGETEMULATEDCPUID' ioctl2 request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device...

6.1CVSS7.3AI score0.00679EPSS
Exploits1
Debian CVE
Debian CVE
•added 2019/10/11 6:16 p.m.•70 views

CVE-2019-2215

A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network...

7.8CVSS8.2AI score0.72105EPSS
Exploits27
Debian CVE
Debian CVE
•added 2019/09/30 12:3 p.m.•70 views

CVE-2019-16994

In the Linux kernel before 5.0, a memory leak exists in sitinitnet in net/ipv6/sit.c when registernetdev fails to register sitn-fbtunneldev, which may cause denial of service, aka CID-07f12b26e21a...

4.7CVSS6.4AI score0.00454EPSS
Exploits1
Debian CVE
Debian CVE
•added 2017/12/22 10:0 a.m.•70 views

CVE-2017-16995

The checkaluop function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial of service memory corruption or possibly have unspecified other impact by leveraging incorrect sign extension...

7.8CVSS6.9AI score0.30052EPSS
Exploits16
Debian CVE
Debian CVE
•added 2016/10/10 10:0 a.m.•70 views

CVE-2016-7117

Use-after-free vulnerability in the sysrecvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing...

10CVSS7.4AI score0.24299EPSS
Exploits0
Debian CVE
Debian CVE
•added 2013/07/19 10:0 a.m.•70 views

CVE-2012-3414

Cross-site scripting XSS vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the...

4.3CVSS5.6AI score0.09088EPSS
Exploits10
Debian CVE
Debian CVE
•added 1976/01/01 12:0 a.m.•70 views

CVE-2021-38577

Removed by vendor...

6.8AI score
Exploits0
Debian CVE
Debian CVE
•added 2024/03/27 12:0 a.m.•69 views

CVE-2024-28085

wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked. There may be plausible...

3.3CVSS5.9AI score0.02242EPSS
Exploits3
Debian CVE
Debian CVE
•added 2024/01/26 1:2 a.m.•69 views

CVE-2024-0402

Removed by vendor...

9.9CVSS7.5AI score0.03302EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/12/21 10:26 p.m.•69 views

CVE-2023-7024

Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS9.3AI score0.07356EPSS
Exploits2
Debian CVE
Debian CVE
•added 2023/12/07 12:0 a.m.•69 views

CVE-2023-41913

strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKESAINIT message...

9.8CVSS9.9AI score0.0229EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/09/13 4:50 p.m.•69 views

CVE-2023-2680

This CVE exists because of an incomplete fix for CVE-2021-3750. More specifically, the qemu-kvm package as released for Red Hat Enterprise Linux 9.1 via RHSA-2022:7967 included a version of qemu-kvm that was actually missing the fix for CVE-2021-3750...

8.2CVSS7.3AI score0.00241EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/08/22 12:0 a.m.•69 views

CVE-2022-36648

The hardware emulation in the ofdpacmdaddl2flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third...

10CVSS6.9AI score0.01401EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/06/08 8:19 p.m.•69 views

CVE-2023-29402

The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved...

9.8CVSS7.2AI score0.01708EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/02/14 7:56 p.m.•69 views

CVE-2023-25577

Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. ...

7.5CVSS7.1AI score0.0142EPSS
Exploits0
Total number of security vulnerabilities5000