Lucene search
K
DebiancveMost viewed

59600 matches found

Debian CVE
Debian CVE
•added 2023/11/01 5:13 p.m.•66 views

CVE-2023-5480

Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. Chromium security severity: High...

6.1CVSS7.2AI score0.011EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/10/11 11:55 a.m.•66 views

CVE-2023-44981

Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true, the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The...

9.1CVSS9.2AI score0.01713EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/08/11 2:37 a.m.•66 views

CVE-2022-40982

Information exposure through microarchitectural state after transient execution in certain vector execution units for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access...

6.5CVSS6.5AI score0.03882EPSS
Exploits1
Debian CVE
Debian CVE
•added 2023/06/08 8:19 p.m.•66 views

CVE-2023-29404

The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "cgo LDFLAGS" directive. The arguments for a...

9.8CVSS7.9AI score0.01837EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/01/17 11:35 p.m.•66 views

CVE-2023-21843

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Sound. Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploi...

3.7CVSS4.8AI score0.01357EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/12/22 12:0 a.m.•66 views

CVE-2022-26385

In unusual circumstances, an individual thread may outlive the thread's manager during shutdown. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox 98...

6.5CVSS8.3AI score0.00554EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/12/22 12:0 a.m.•66 views

CVE-2022-0843

Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory safety bugs present in Firefox 97. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerabilit...

8.8CVSS10AI score0.0056EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/10/13 12:0 a.m.•66 views

CVE-2022-42721

A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers able to inject WLAN frames to corrupt a linked list and, in turn, potentially execute code...

5.5CVSS6.4AI score0.00572EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/09/28 12:0 a.m.•66 views

CVE-2022-39261

Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the source or include statement to read arbitrary files from outsi...

7.5CVSS7.5AI score0.01488EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/04/05 12:25 a.m.•66 views

CVE-2022-0792

Out of bounds read in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

6.5CVSS7.8AI score0.0098EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/03/14 10:15 a.m.•66 views

CVE-2022-22721

If LimitXMLRequestBody is set to allow request bodies larger than 350MB defaults to 1M on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier...

9.1CVSS8.5AI score0.41861EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/03/07 3:19 p.m.•66 views

CVE-2021-3739

A NULL pointer dereference flaw was found in the btrfsrmdevice function in fs/btrfs/volumes.c in the Linux Kernel, where triggering the bug requires ‘CAPSYSADMIN’. This flaw allows a local attacker to crash the system or leak kernel internal information. The highest threat from this vulnerability...

7.1CVSS6.3AI score0.00582EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/03/03 12:0 a.m.•66 views

CVE-2022-0730

Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types...

9.8CVSS9.7AI score0.03458EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/02/20 7:47 p.m.•66 views

CVE-2022-25375

An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDISMSGSET command. Attackers can obtain sensitive information from kernel memory...

5.5CVSS6.9AI score0.01054EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/02/18 5:50 p.m.•66 views

CVE-2021-20320

A flaw was found in s390 eBPF JIT in bpfjitinsn in arch/s390/net/bpfjitcomp.c in the Linux kernel. In this flaw, a local attacker with special user privilege can circumvent the verifier and may lead to a confidentiality problem...

5.5CVSS6.9AI score0.00254EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/02/18 5:50 p.m.•66 views

CVE-2021-4093

A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State SEV-ES. A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT for a string I/O instruction for example, outs or ins using the exit...

8.8CVSS7.1AI score0.00419EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/01/19 12:0 a.m.•66 views

CVE-2022-23221

H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNOREUNKNOWNSETTINGS=TRUE;FORBIDCREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392...

10CVSS9.1AI score0.64766EPSS
Exploits4
Debian CVE
Debian CVE
•added 2021/12/25 1:5 a.m.•66 views

CVE-2021-45485

In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/outputcore.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses...

7.5CVSS6.3AI score0.03615EPSS
Exploits0
Debian CVE
Debian CVE
•added 2021/03/19 4:1 a.m.•66 views

CVE-2021-28831

decompressgunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huftbuild result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data...

7.5CVSS7AI score0.02795EPSS
Exploits0
Debian CVE
Debian CVE
•added 2019/06/05 12:0 a.m.•66 views

CVE-2019-10149

A flaw was found in Exim versions 4.87 to 4.91 inclusive. Improper validation of recipient address in delivermessage function in /src/deliver.c may lead to remote command execution...

10CVSS9.7AI score0.99961EPSS
Exploits27
Debian CVE
Debian CVE
•added 2018/03/26 3:0 p.m.•66 views

CVE-2017-15710

In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, modauthnzldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset...

7.5CVSS6.6AI score0.18197EPSS
Exploits0
Debian CVE
Debian CVE
•added 2018/02/08 11:0 p.m.•66 views

CVE-2018-6789

An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely...

9.8CVSS9.3AI score0.82238EPSS
Exploits19
Debian CVE
Debian CVE
•added 2016/10/10 10:0 a.m.•66 views

CVE-2016-7117

Use-after-free vulnerability in the sysrecvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing...

10CVSS7.4AI score0.24299EPSS
Exploits0
Debian CVE
Debian CVE
•added 2016/04/14 2:0 p.m.•66 views

CVE-2015-5343

Integer overflow in util.c in moddavsvn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service subversion server crash or memory consumption and possibly execute arbitrary code via a skel-encoded request body, which...

8CVSS8.2AI score0.30216EPSS
Exploits0
Debian CVE
Debian CVE
•added 2016/03/02 12:0 a.m.•66 views

CVE-2016-0703

The getclientmasterkey function in s2srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to...

5.9CVSS8.2AI score0.05398EPSS
Exploits1
Debian CVE
Debian CVE
•added 2015/05/27 10:0 a.m.•66 views

CVE-2015-3339

Race condition in the preparebinprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped...

6.2CVSS6.7AI score0.00315EPSS
Exploits0
Debian CVE
Debian CVE
•added 2004/05/05 4:0 a.m.•66 views

CVE-2004-0230

TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service connection loss to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP...

5CVSS8.6AI score0.80855EPSS
Exploits3
Debian CVE
Debian CVE
•added 2024/09/07 4:0 p.m.•65 views

CVE-2023-30584

A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of path traversal bypass when verifying file permissions. Please note that at the time this CVE was issued, the permission model is an...

7.7CVSS7.3AI score0.00379EPSS
Exploits0
Debian CVE
Debian CVE
•added 2024/07/08 5:57 p.m.•65 views

CVE-2024-6409

A race condition vulnerability was discovered in how signals are handled by OpenSSH's server sshd. If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not...

7CVSS7.8AI score0.27935EPSS
Exploits1
Debian CVE
Debian CVE
•added 2024/07/01 6:15 p.m.•65 views

CVE-2024-38475

Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure...

9.1CVSS9.2AI score0.99957EPSS
Exploits1
Debian CVE
Debian CVE
•added 2024/02/22 12:0 a.m.•65 views

CVE-2023-52161

The Access Point functionality in eapolauthkeyhandle in eapol.c in iNet wireless daemon IWD before 2.14 allows attackers to gain unauthorized access to a protected Wi-Fi network. An attacker can complete the EAPOL handshake by skipping Msg2/4 and instead sending Msg4/4 with an all-zero key...

7.5CVSS7.6AI score0.01103EPSS
Exploits0
Debian CVE
Debian CVE
•added 2024/01/08 6:4 p.m.•65 views

CVE-2022-3328

Race condition in snap-confine's mustmkdirandopenwithperms...

7.8CVSS7.5AI score0.00384EPSS
Exploits2
Debian CVE
Debian CVE
•added 2023/08/21 4:52 p.m.•65 views

CVE-2023-32002

The use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CV...

9.8CVSS7.4AI score0.0143EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/07/24 3:19 p.m.•65 views

CVE-2023-3640

A possible unauthorized memory access flaw was found in the Linux kernel's cpuentryarea mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implement...

7.8CVSS6.2AI score0.00719EPSS
Exploits1
Debian CVE
Debian CVE
•added 2023/06/26 8:40 p.m.•65 views

CVE-2023-3422

Use after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS9.4AI score0.00658EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/04/06 3:50 p.m.•65 views

CVE-2023-24537

Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow...

7.5CVSS6.6AI score0.01412EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/02/06 12:0 a.m.•65 views

CVE-2023-0687

Removed by vendor...

9.8CVSS5.2AI score0.01103EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/12/26 12:0 a.m.•65 views

CVE-2022-41767

An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. When changes made by an IP address are reassigned to a user using reassignEdits.php, the changes will still be attributed to the IP address on Special:Contributions when doing a range...

5.3CVSS5.2AI score0.00641EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/11/01 12:0 a.m.•65 views

CVE-2022-3602

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...

7.5CVSS8.3AI score0.89804EPSS
Exploits6
Debian CVE
Debian CVE
•added 2022/08/25 7:36 p.m.•65 views

CVE-2021-3929

A DMA reentrancy issue was found in the NVM Express Controller NVME emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvmectrlreset, data structs will be freed leading to a use-after-free issue. A malicious guest could...

8.2CVSS7.2AI score0.00643EPSS
Exploits2
Debian CVE
Debian CVE
•added 2022/08/23 12:0 a.m.•65 views

CVE-2021-3996

A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves like /tmp or mounted in a...

5.5CVSS6AI score0.00634EPSS
Exploits3
Debian CVE
Debian CVE
•added 2022/07/07 12:0 a.m.•65 views

CVE-2022-32206

curl 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually...

6.5CVSS7.7AI score0.3197EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/06/27 12:0 a.m.•65 views

CVE-2022-2207

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2...

7.8CVSS2.7AI score0.01395EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/04/19 8:37 p.m.•65 views

CVE-2022-21434

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

5.3CVSS4.8AI score0.02401EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/04/08 5:12 p.m.•65 views

CVE-2021-43503

Removed by vendor...

6.7AI score
Exploits2
Debian CVE
Debian CVE
•added 2022/03/30 12:0 a.m.•65 views

CVE-2022-1154

Use after free in utfptr2char in GitHub repository vim/vim prior to 8.2.4646...

7.8CVSS8.7AI score0.01462EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/03/28 3:45 a.m.•65 views

CVE-2022-27950

In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hidparse error condition...

5.5CVSS5.8AI score0.00384EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/03/25 6:2 p.m.•65 views

CVE-2021-3567

A flaw was found in Caribou due to a regression of CVE-2020-25712 fix. An attacker could use this flaw to bypass screen-locking applications that leverage Caribou as an input mechanism. The highest threat from this vulnerability is to system availability...

7.5CVSS7.7AI score0.01112EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/03/23 12:50 p.m.•65 views

CVE-2021-25220

BIND 9.11.0 - 9.11.36 9.12.0 - 9.16.26 9.17.0 - 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 - 9.11.36-S1 9.16.8-S1 - 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as th...

6.8CVSS6.8AI score0.0325EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/03/22 12:0 a.m.•65 views

CVE-2022-24764

PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API pjmediasdpprint, pjmediasdpmediaprint. Applications that do not use PJSUA2 and do not directly...

7.5CVSS8.5AI score0.02303EPSS
Exploits0
Total number of security vulnerabilities5000