Lucene search
K
DebiancveMost viewed

59600 matches found

Debian CVE
Debian CVE
•added 2014/09/30 10:0 a.m.•58 views

CVE-2014-6278

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and...

10CVSS9AI score0.99621EPSS
Exploits31
Debian CVE
Debian CVE
•added 2014/07/03 1:0 a.m.•58 views

CVE-2014-4608

Multiple integer overflows in the lzo1xdecompresssafe function in lib/lzo/lzo1xdecompresssafe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service memory corruption via a crafted Literal Run. NOTE: the author of the LZO...

7.5CVSS6.4AI score0.05421EPSS
Exploits0
Debian CVE
Debian CVE
•added 2014/02/28 2:0 a.m.•58 views

CVE-2014-1690

The help function in net/netfilter/nfnatirc.c in the Linux kernel before 3.12.8 allows remote attackers to obtain sensitive information from kernel memory by establishing an IRC DCC session in which incorrect packet data is transmitted during use of the NAT mangle feature...

2.6CVSS6.4AI score0.03849EPSS
Exploits1
Debian CVE
Debian CVE
•added 2014/02/06 10:0 p.m.•58 views

CVE-2013-6393

The yamlparserscantaguri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow...

6.8CVSS7.1AI score0.09312EPSS
Exploits0
Debian CVE
Debian CVE
•added 2013/03/08 10:0 p.m.•58 views

CVE-2011-4969

Removed by vendor...

4.3CVSS7.4AI score0.19191EPSS
Exploits1
Debian CVE
Debian CVE
•added 2008/11/19 5:0 p.m.•58 views

CVE-2008-5161

Error handling in the SSH protocol in 1 SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1;...

3.7CVSS5.9AI score0.15395EPSS
Exploits1
Debian CVE
Debian CVE
•added 2007/07/30 11:0 p.m.•58 views

CVE-2007-3387

Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in 1 poppler before 0.5.91, 2 gpdf before 2.8.2, 3 kpdf, 4 kdegraphics, 5 CUPS, 6 PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a...

6.8CVSS7.8AI score0.08565EPSS
Exploits0
Debian CVE
Debian CVE
•added 2024/08/17 9:24 a.m.•57 views

CVE-2024-43856

In the Linux kernel, the following vulnerability has been resolved: dma: fix call order in dmamfreecoherent dmamfreecoherent frees a DMA allocation, which makes the freed vaddr available for reuse, then calls devresdestroy to remove and free the data structure used to track the DMA allocation...

5.5CVSS5.5AI score0.00398EPSS
Exploits0
Debian CVE
Debian CVE
•added 2024/05/01 5:19 a.m.•57 views

CVE-2024-26961

In the Linux kernel, the following vulnerability has been resolved: mac802154: fix llsec key resources release in mac802154llseckeydel mac802154llseckeydel can free resources of a key directly without following the RCU rules for waiting before the end of a grace period. This may lead to...

7.8CVSS7.5AI score0.00239EPSS
Exploits0
Debian CVE
Debian CVE
•added 2024/05/01 5:17 a.m.•57 views

CVE-2024-26934

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in usbdeauthorizeinterface Among the attribute file callback routines in drivers/usb/core/sysfs.c, the interfaceauthorizedstore function is the only one which acquires a device lock on an ancestor device: ...

7.8CVSS7.7AI score0.0019EPSS
Exploits0
Debian CVE
Debian CVE
•added 2024/04/17 10:10 a.m.•57 views

CVE-2024-26836

In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix password opcode ordering for workstations The Lenovo workstations require the password opcode to be run before the attribute value is changed if Admin password is enabled. Tested on some Thinkpads to...

7.8CVSS6.9AI score0.00231EPSS
Exploits0
Debian CVE
Debian CVE
•added 2024/03/02 9:52 p.m.•57 views

CVE-2023-52501

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not attempt to read past "commit" When iterating over the ring buffer while the ring buffer is active, the writer can corrupt the reader. There's barriers to help detect this and handle it, but that code missed th...

7.1CVSS7.2AI score0.0023EPSS
Exploits0
Debian CVE
Debian CVE
•added 2024/02/22 12:0 a.m.•57 views

CVE-2023-52160

The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successful attack, wpasupplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eappeapdecrypt vulnerability can then be abused to skip Phase 2...

6.5CVSS9.5AI score0.01177EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/09/20 12:0 a.m.•57 views

CVE-2023-40619

phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize' function in multiple places. An example is the functionality to manage tables in 'tables.php' where the...

9.8CVSS9.9AI score0.01097EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/08/22 11:56 p.m.•57 views

CVE-2023-4427

Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...

8.1CVSS8.1AI score0.3398EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/07/21 8:47 p.m.•57 views

CVE-2023-3609

A use-after-free vulnerability in the Linux kernel's net/sched: clsu32 component can be exploited to achieve local privilege escalation. If tcfchangeindev fails, u32setparms will immediately return an error after incrementing or decrementing the reference counter in tcfbindfilter. If an attacker...

7.8CVSS7.5AI score0.00458EPSS
Exploits1
Debian CVE
Debian CVE
•added 2023/04/10 12:0 a.m.•57 views

CVE-2023-1916

A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff...

6.1CVSS6.4AI score0.00388EPSS
Exploits1
Debian CVE
Debian CVE
•added 2023/03/31 12:0 a.m.•57 views

CVE-2022-4899

A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun...

7.5CVSS7.9AI score0.01588EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/03/30 12:0 a.m.•57 views

CVE-2023-27535

An authentication bypass vulnerability exists in libcurl 8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain...

5.9CVSS6.9AI score0.01607EPSS
Exploits1
Debian CVE
Debian CVE
•added 2023/02/26 12:0 a.m.•57 views

CVE-2023-26605

In the Linux kernel 6.0.8, there is a use-after-free in inodecgwbmovetoattached in fs/fs-writeback.c, related to listdelentryvalid...

7.8CVSS6.1AI score0.00372EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/12/22 12:0 a.m.•57 views

CVE-2022-1529

An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR 91.9.1...

8.8CVSS8.8AI score0.17103EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/12/13 3:43 p.m.•57 views

CVE-2022-3996

If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems most widely: Windows this results in a denial of service when the affected process hangs. Policy processing being enabled o...

7.5CVSS6.9AI score0.0123EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/11/11 4:35 p.m.•57 views

CVE-2022-3510

A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown...

7.5CVSS6.5AI score0.00483EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/10/17 12:0 a.m.•57 views

CVE-2022-2992

Removed by vendor...

9.9CVSS7.3AI score0.86194EPSS
Exploits5
Debian CVE
Debian CVE
•added 2022/10/16 12:0 a.m.•57 views

CVE-2022-3524

A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6renewoptions of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this...

5.5CVSS5.8AI score0.00733EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/09/29 2:35 p.m.•57 views

CVE-2022-39254

matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room ke...

8.6CVSS7.4AI score0.00555EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/09/05 12:0 a.m.•57 views

CVE-2022-38752

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow...

6.5CVSS7.4AI score0.02015EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/08/18 10:48 p.m.•57 views

CVE-2020-36599

lib/omniauth/failureendpoint.rb in OmniAuth before 1.9.2 and before 2.0 does not escape the messagekey value...

9.8CVSS9.5AI score0.01035EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/07/27 9:16 p.m.•57 views

CVE-2022-1858

Out of bounds read in DevTools in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform an out of bounds memory read via specific user interaction...

6.5CVSS7.7AI score0.00652EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/07/22 11:40 p.m.•57 views

CVE-2022-1146

Inappropriate implementation in Resource Timing in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

6.5CVSS7.1AI score0.00747EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/07/22 12:0 a.m.•57 views

CVE-2022-1134

Type confusion in V8 in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS9.1AI score0.01589EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/07/07 12:0 a.m.•57 views

CVE-2022-32205

A malicious server can serve excessive amounts of Set-Cookie: headers in a HTTP response to curl and curl 7.84.0 stores all of them. A sufficiently large amount of big cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger th...

4.3CVSS6.8AI score0.26915EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/07/06 12:0 a.m.•57 views

CVE-2022-2318

There are use-after-free vulnerabilities caused by timer handler in net/rose/rosetimer.c of linux that allow attackers to crash linux kernel without any privileges...

5.5CVSS7AI score0.0041EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/07/02 12:0 a.m.•57 views

CVE-2022-2286

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0...

7.8CVSS1.6AI score0.013EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/07/02 12:0 a.m.•57 views

CVE-2022-34912

An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped...

6.1CVSS6.2AI score0.00992EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/06/08 10:0 a.m.•57 views

CVE-2022-28330

Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the modisapi module...

5.3CVSS6.7AI score0.03398EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/06/01 12:0 a.m.•57 views

CVE-2022-27774

An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTPS redirects is used with authentication could leak credentials to other services that exist on different protocols ...

5.7CVSS7AI score0.01595EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/05/17 12:0 a.m.•57 views

CVE-2022-29162

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where runc exec --cap created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling...

7.8CVSS7.2AI score0.00386EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/05/03 12:0 a.m.•57 views

CVE-2022-29824

In libxml2 before 2.9.14, several buffer handling functions in buf.c xmlBuf and tree.c xmlBuffer don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer...

6.5CVSS6.9AI score0.0363EPSS
Exploits5
Debian CVE
Debian CVE
•added 2022/04/25 4:35 p.m.•57 views

CVE-2022-0477

Removed by vendor...

4.9CVSS5.8AI score0.00883EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/04/05 12:26 a.m.•57 views

CVE-2022-0809

Out of bounds memory access in WebXR in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS9.2AI score0.01031EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/03/26 12:0 a.m.•57 views

CVE-2022-27942

tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parsempls in common/get.c...

7.8CVSS7.8AI score0.01096EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/03/14 10:20 p.m.•57 views

CVE-2021-42391

Divide-by-zero in Clickhouse's Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0...

6.5CVSS6.6AI score0.01352EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/03/14 12:0 a.m.•57 views

CVE-2021-42387

Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl loop, a 16-bit unsigned user-supplied value 'offset' is read from the compressed data. The offset is later used in the length of a copy operation, without checking the...

8.1CVSS8AI score0.01549EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/03/10 2:50 p.m.•57 views

CVE-2021-32434

abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculatebeam at draw.c...

5.5CVSS5.8AI score0.00966EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/03/08 2:6 p.m.•57 views

CVE-2022-0516

A vulnerability was found in kvms390guestsidaop in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4...

7.8CVSS6.3AI score0.00327EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/03/03 12:0 a.m.•57 views

CVE-2022-26126

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isisnbnotifications.c...

7.8CVSS7.9AI score0.01068EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/03/02 10:28 p.m.•57 views

CVE-2021-23191

A security issue was found in htmldoc v1.9.12 and before. A NULL pointer dereference in the function imageloadjpeg in image.cxx may result in denial of service...

7.8CVSS7.4AI score0.01083EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/03/02 4:5 a.m.•57 views

CVE-2022-0577

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1...

8.8CVSS7.6AI score0.01243EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/02/26 3:14 a.m.•57 views

CVE-2020-36516

An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session...

5.9CVSS6.7AI score0.00678EPSS
Exploits0
Total number of security vulnerabilities5000