Lucene search
K
DebiancveMost viewed

60205 matches found

Debian CVE
Debian CVE
•added 2023/07/21 8:47 p.m.•57 views

CVE-2023-3609

A use-after-free vulnerability in the Linux kernel's net/sched: clsu32 component can be exploited to achieve local privilege escalation. If tcfchangeindev fails, u32setparms will immediately return an error after incrementing or decrementing the reference counter in tcfbindfilter. If an attacker...

7.8CVSS7.5AI score0.00458EPSS
Exploits1
Debian CVE
Debian CVE
•added 2023/07/18 8:18 p.m.•57 views

CVE-2023-22043

Vulnerability in Oracle Java SE component: JavaFX. The supported version that is affected is Oracle Java SE: 8u371. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability...

5.9CVSS4.8AI score0.00974EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/04/10 12:0 a.m.•57 views

CVE-2023-1916

A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff...

6.1CVSS6.4AI score0.00388EPSS
Exploits1
Debian CVE
Debian CVE
•added 2023/03/30 12:0 a.m.•57 views

CVE-2023-27535

An authentication bypass vulnerability exists in libcurl 8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain...

5.9CVSS6.9AI score0.01607EPSS
Exploits1
Debian CVE
Debian CVE
•added 2023/02/26 12:0 a.m.•57 views

CVE-2023-26605

In the Linux kernel 6.0.8, there is a use-after-free in inodecgwbmovetoattached in fs/fs-writeback.c, related to listdelentryvalid...

7.8CVSS6.1AI score0.00372EPSS
Exploits1
Debian CVE
Debian CVE
•added 2023/02/03 12:0 a.m.•57 views

CVE-2023-25139

sprintf in the GNU C Library glibc 2.37 has a buffer overflow out-of-bounds write in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a...

9.8CVSS8.8AI score0.01423EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/12/22 12:0 a.m.•57 views

CVE-2022-1529

An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR 91.9.1...

8.8CVSS8.8AI score0.17103EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/11/11 4:35 p.m.•57 views

CVE-2022-3510

A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown...

7.5CVSS6.5AI score0.00483EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/10/17 12:0 a.m.•57 views

CVE-2022-2992

Removed by vendor...

9.9CVSS7.3AI score0.86194EPSS
Exploits5
Debian CVE
Debian CVE
•added 2022/09/05 12:0 a.m.•57 views

CVE-2022-38752

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow...

6.5CVSS7.4AI score0.02015EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/08/23 12:0 a.m.•57 views

CVE-2021-3997

A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp...

5.5CVSS6.4AI score0.01561EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/08/18 10:48 p.m.•57 views

CVE-2020-36599

lib/omniauth/failureendpoint.rb in OmniAuth before 1.9.2 and before 2.0 does not escape the messagekey value...

9.8CVSS9.5AI score0.01035EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/07/27 9:16 p.m.•57 views

CVE-2022-1858

Out of bounds read in DevTools in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform an out of bounds memory read via specific user interaction...

6.5CVSS7.7AI score0.00676EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/07/22 11:40 p.m.•57 views

CVE-2022-1146

Inappropriate implementation in Resource Timing in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

6.5CVSS7.1AI score0.00747EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/07/22 12:0 a.m.•57 views

CVE-2022-1134

Type confusion in V8 in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS9.1AI score0.01613EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/07/06 12:0 a.m.•57 views

CVE-2022-2318

There are use-after-free vulnerabilities caused by timer handler in net/rose/rosetimer.c of linux that allow attackers to crash linux kernel without any privileges...

5.5CVSS7AI score0.00419EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/07/02 12:0 a.m.•57 views

CVE-2022-2286

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0...

7.8CVSS1.6AI score0.013EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/07/02 12:0 a.m.•57 views

CVE-2022-34912

An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped...

6.1CVSS6.2AI score0.00992EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/06/08 10:0 a.m.•57 views

CVE-2022-28330

Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the modisapi module...

5.3CVSS6.7AI score0.03398EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/06/01 12:0 a.m.•57 views

CVE-2022-27774

An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTPS redirects is used with authentication could leak credentials to other services that exist on different protocols ...

5.7CVSS7AI score0.01595EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/05/17 12:0 a.m.•57 views

CVE-2022-29162

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where runc exec --cap created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling...

7.8CVSS7.2AI score0.00386EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/05/03 12:0 a.m.•57 views

CVE-2022-29824

In libxml2 before 2.9.14, several buffer handling functions in buf.c xmlBuf and tree.c xmlBuffer don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer...

6.5CVSS6.9AI score0.0363EPSS
Exploits5
Debian CVE
Debian CVE
•added 2022/05/02 10:24 p.m.•57 views

CVE-2021-42530

XMP Toolkit SDK version 2021.07 and earlier is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file...

9.3CVSS7.8AI score0.036EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/04/25 4:35 p.m.•57 views

CVE-2022-0477

Removed by vendor...

4.9CVSS5.8AI score0.00883EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/03/26 12:0 a.m.•57 views

CVE-2022-27942

tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parsempls in common/get.c...

7.8CVSS7.8AI score0.01096EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/03/14 10:20 p.m.•57 views

CVE-2021-42391

Divide-by-zero in Clickhouse's Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0...

6.5CVSS6.6AI score0.01352EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/03/14 12:0 a.m.•57 views

CVE-2021-42387

Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl loop, a 16-bit unsigned user-supplied value 'offset' is read from the compressed data. The offset is later used in the length of a copy operation, without checking the...

8.1CVSS8AI score0.01549EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/03/10 2:50 p.m.•57 views

CVE-2021-32434

abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculatebeam at draw.c...

5.5CVSS5.8AI score0.00966EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/03/03 12:0 a.m.•57 views

CVE-2022-26126

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isisnbnotifications.c...

7.8CVSS7.9AI score0.01068EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/03/02 4:5 a.m.•57 views

CVE-2022-0577

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1...

8.8CVSS7.6AI score0.01243EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/02/26 3:14 a.m.•57 views

CVE-2020-36516

An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session...

5.9CVSS6.7AI score0.00678EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/02/17 10:15 p.m.•57 views

CVE-2021-3155

snapd 2.54.2 and earlier created /snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1...

5.5CVSS5.2AI score0.00256EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/02/09 10:4 p.m.•57 views

CVE-2021-0171

Removed by vendor...

5.5CVSS5.6AI score0.0024EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/01/14 12:0 a.m.•57 views

CVE-2022-23219

The deprecated compatibility function clntcreate in the sunrpc module of the GNU C Library aka glibc through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or if an application is no...

9.8CVSS8.6AI score0.04211EPSS
Exploits1
Debian CVE
Debian CVE
•added 2021/11/25 2:51 p.m.•57 views

CVE-2021-44223

WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin...

9.8CVSS6.2AI score0.28983EPSS
Exploits1
Debian CVE
Debian CVE
•added 2021/07/20 6:1 p.m.•57 views

CVE-2021-33909

fs/seqfile.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05...

7.8CVSS7.2AI score0.09808EPSS
Exploits6
Debian CVE
Debian CVE
•added 2021/06/15 9:40 p.m.•57 views

CVE-2021-30551

Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS8.9AI score0.64701EPSS
Exploits1
Debian CVE
Debian CVE
•added 2021/05/11 7:35 p.m.•57 views

CVE-2020-26145

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second or subsequent broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets...

6.5CVSS7.6AI score0.03515EPSS
Exploits0
Debian CVE
Debian CVE
•added 2021/05/05 2:14 p.m.•57 views

CVE-2020-13665

Removed by vendor...

9.8CVSS9.4AI score0.01275EPSS
Exploits0
Debian CVE
Debian CVE
•added 2021/01/20 12:0 a.m.•57 views

CVE-2020-25685

A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:replyquery, which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash CRC32 when dnsmasq is compiled without DNSSE...

4.3CVSS4.6AI score0.02181EPSS
Exploits2
Debian CVE
Debian CVE
•added 2020/06/18 12:0 a.m.•57 views

CVE-2020-14422

Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface...

5.9CVSS6.8AI score0.12826EPSS
Exploits0
Debian CVE
Debian CVE
•added 2020/04/09 8:13 p.m.•57 views

CVE-2020-11668

In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlinkcit.c aka the Xirlink camera USB driver mishandles invalid descriptors, aka CID-a246b4d54770...

7.1CVSS6.6AI score0.00487EPSS
Exploits0
Debian CVE
Debian CVE
•added 2019/11/18 5:23 a.m.•57 views

CVE-2019-19054

A memory leak in the cx23888irprobe function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service memory consumption by triggering kfifoalloc failures, aka CID-a7b2df76b42b...

4.7CVSS6.7AI score0.00446EPSS
Exploits0
Debian CVE
Debian CVE
•added 2019/05/30 3:36 p.m.•57 views

CVE-2018-12126

Microarchitectural Store Buffer Data Sampling MSBDS: Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here:...

5.6CVSS6.1AI score0.01497EPSS
Exploits0
Debian CVE
Debian CVE
•added 2019/05/15 12:19 p.m.•57 views

CVE-2019-11833

fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem...

5.5CVSS6.6AI score0.00645EPSS
Exploits0
Debian CVE
Debian CVE
•added 2019/04/24 3:23 p.m.•57 views

CVE-2019-3882

A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhausti...

5.5CVSS6.5AI score0.00538EPSS
Exploits0
Debian CVE
Debian CVE
•added 2019/04/23 6:16 p.m.•57 views

CVE-2019-2684

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: RMI. Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

5.9CVSS6AI score0.37618EPSS
Exploits0
Debian CVE
Debian CVE
•added 2019/03/17 6:52 p.m.•57 views

CVE-2019-7222

The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak...

5.5CVSS6.6AI score0.00678EPSS
Exploits1
Debian CVE
Debian CVE
•added 2019/01/09 4:0 p.m.•57 views

CVE-2019-5747

An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components consumed by the DHCP client, server, and/or relay might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte...

7.5CVSS7.5AI score0.04651EPSS
Exploits2
Debian CVE
Debian CVE
•added 2018/12/08 4:0 a.m.•57 views

CVE-2018-19966

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service host OS crash or possibly gain host OS privileges because of an interpretation conflict for a union data structure associated with shadow paging. NOTE: this issue exists because of an incorre...

8.8CVSS5.6AI score0.00438EPSS
Exploits0
Total number of security vulnerabilities5000