Lucene search
K
DebiancveMost viewed

59600 matches found

Debian CVE
Debian CVE
•added 2023/06/26 8:40 p.m.•56 views

CVE-2023-3421

Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS9.2AI score0.0122EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/06/22 10:39 p.m.•56 views

CVE-2023-34241

OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data...

7.1CVSS7.2AI score0.01395EPSS
Exploits1
Debian CVE
Debian CVE
•added 2023/05/26 12:0 a.m.•56 views

CVE-2023-28319

A use after free vulnerability exists in curl v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the now freed hash. This flaw...

7.5CVSS6.7AI score0.02489EPSS
Exploits1
Debian CVE
Debian CVE
•added 2023/03/28 2:30 p.m.•56 views

CVE-2023-0466

The function X509VERIFYPARAMadd0policy is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate...

5.3CVSS6.3AI score0.01629EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/03/28 2:30 p.m.•56 views

CVE-2023-0465

Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that...

5.3CVSS6.5AI score0.01583EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/03/22 4:36 p.m.•56 views

CVE-2023-0464

A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of...

7.5CVSS6.4AI score0.03658EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/01/30 1:9 p.m.•56 views

CVE-2023-0266

A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRVCTLIOCTLELEMREAD|WRITE32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past...

7.9CVSS7.2AI score0.03702EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/12/22 12:0 a.m.•56 views

CVE-2022-34476

ASN.1 parsing of an indefinite SEQUENCE inside an indefinite GROUP could have resulted in the parser accepting malformed ASN.1. This vulnerability affects Firefox 102...

9.8CVSS9.4AI score0.007EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/12/22 12:0 a.m.•56 views

CVE-2022-45411

Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitigate this attack, browsers placed limits on fetch and XMLHttpReques...

6.1CVSS7.9AI score0.00575EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/08/23 12:0 a.m.•56 views

CVE-2021-3997

A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp...

5.5CVSS6.4AI score0.01561EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/08/12 7:37 p.m.•56 views

CVE-2022-2623

Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions...

8.8CVSS9.6AI score0.00604EPSS
Exploits2
Debian CVE
Debian CVE
•added 2022/08/09 12:0 a.m.•56 views

CVE-2022-29804

Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack...

7.5CVSS7AI score0.0187EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/08/01 2:13 p.m.•56 views

CVE-2022-30698

NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the...

6.5CVSS6.8AI score0.0085EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/07/15 7:36 p.m.•56 views

CVE-2022-30634

Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 32 - 1 bytes...

7.5CVSS7AI score0.01647EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/06/27 12:0 a.m.•56 views

CVE-2022-31081

HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served ...

7.3CVSS6.9AI score0.02108EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/06/18 8:51 p.m.•56 views

CVE-2022-33987

The got package before 12.1.0 also fixed in 11.8.5 for Node.js allows a redirect to a UNIX socket...

5.3CVSS6.4AI score0.01855EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/06/08 10:0 a.m.•56 views

CVE-2022-28615

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in apstrcmpmatch when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use...

9.1CVSS8.2AI score0.05729EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/05/12 4:36 p.m.•56 views

CVE-2022-21151

Processor optimization removal or modification of security-critical code for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access...

5.5CVSS5.7AI score0.00343EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/05/10 12:0 a.m.•56 views

CVE-2022-1629

Buffer Over-read in function findnextquote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution...

7.8CVSS7.8AI score0.01842EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/04/03 12:0 a.m.•56 views

CVE-2022-28368

Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets CSS statement within an HTML input file...

9.8CVSS9.7AI score0.82438EPSS
Exploits8
Debian CVE
Debian CVE
•added 2022/03/26 12:0 a.m.•56 views

CVE-2022-27941

tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in getl2lenprotocol in common/get.c...

7.8CVSS7.8AI score0.01091EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/03/26 12:0 a.m.•56 views

CVE-2022-27939

tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in getlayer4v6 in common/get.c...

5.5CVSS5.8AI score0.01019EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/03/23 7:46 p.m.•56 views

CVE-2021-4149

A vulnerability was found in btrfsalloctreeb in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service DOS due to a deadlock problem...

5.5CVSS6.2AI score0.004EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/03/15 2:40 p.m.•56 views

CVE-2022-24756

Removed by vendor...

7.5CVSS7.5AI score0.01906EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/03/12 9:30 p.m.•56 views

CVE-2022-26966

An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device...

5.5CVSS6.2AI score0.00338EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/03/11 12:0 a.m.•56 views

CVE-2022-0924

Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4...

5.5CVSS6.6AI score0.0133EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/03/10 7:20 p.m.•56 views

CVE-2022-23041

Linux PV device frontends vulnerable to attacks by backends This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Several Linux PV device frontends are using the grant table interfaces for removing access rights of the...

7CVSS6.8AI score0.00351EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/03/03 9:42 p.m.•56 views

CVE-2021-4002

A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data...

4.4CVSS6.4AI score0.0052EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/02/24 6:50 p.m.•56 views

CVE-2021-4021

A vulnerability was found in Radare2 in versions prior to 5.6.2, 5.6.0, 5.5.4 and 5.5.2. Mapping a huge section filled with zeros of an ELF64 binary for MIPS architecture can lead to uncontrolled resource consumption and DoS...

7.5CVSS7.8AI score0.01029EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/02/16 4:38 p.m.•56 views

CVE-2022-23803

A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadXYCoord coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious fil...

7.8CVSS7.8AI score0.01539EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/02/09 10:4 p.m.•56 views

CVE-2021-0179

Removed by vendor...

6.5CVSS6.5AI score0.00373EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/01/19 11:23 a.m.•56 views

CVE-2022-21296

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

5.3CVSS4.7AI score0.02825EPSS
Exploits0
Debian CVE
Debian CVE
•added 2021/12/25 1:4 a.m.•56 views

CVE-2021-45486

In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small...

3.5CVSS6.1AI score0.00371EPSS
Exploits0
Debian CVE
Debian CVE
•added 2021/10/28 3:22 p.m.•56 views

CVE-2021-22096

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries...

4.3CVSS6AI score0.01268EPSS
Exploits0
Debian CVE
Debian CVE
•added 2021/10/05 8:40 a.m.•56 views

CVE-2021-41524

While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project...

7.5CVSS7.8AI score0.24982EPSS
Exploits0
Debian CVE
Debian CVE
•added 2021/08/08 7:28 p.m.•56 views

CVE-2021-38198

arch/x86/kvm/mmu/pagingtmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault...

5.5CVSS6.3AI score0.00469EPSS
Exploits1
Debian CVE
Debian CVE
•added 2021/05/11 12:0 a.m.•56 views

CVE-2020-24588

The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames which is mandatory as part of 802.11...

3.5CVSS7.6AI score0.03537EPSS
Exploits2
Debian CVE
Debian CVE
•added 2021/04/29 12:55 a.m.•56 views

CVE-2021-25216

In BIND 9.5.0 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.11.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 - 9.17.1 of the BIND 9.17 development branch, BIND servers are vulnerable if they are running an affected version an...

9.8CVSS8.4AI score0.83406EPSS
Exploits0
Debian CVE
Debian CVE
•added 2021/03/07 3:55 a.m.•56 views

CVE-2021-27363

An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsitransport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file...

4.4CVSS6.3AI score0.00711EPSS
Exploits1
Debian CVE
Debian CVE
•added 2020/10/06 1:33 p.m.•56 views

CVE-2020-25641

A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue...

5.5CVSS6.1AI score0.0038EPSS
Exploits0
Debian CVE
Debian CVE
•added 2020/09/15 6:51 p.m.•56 views

CVE-2020-14331

A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VTRESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the...

7.2CVSS7AI score0.00563EPSS
Exploits1
Debian CVE
Debian CVE
•added 2020/04/09 8:13 p.m.•56 views

CVE-2020-11668

In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlinkcit.c aka the Xirlink camera USB driver mishandles invalid descriptors, aka CID-a246b4d54770...

7.1CVSS6.6AI score0.00487EPSS
Exploits0
Debian CVE
Debian CVE
•added 2019/12/23 2:40 a.m.•56 views

CVE-2019-11045

Removed by vendor...

5.9CVSS7.4AI score0.08818EPSS
Exploits1
Debian CVE
Debian CVE
•added 2019/12/18 5:33 p.m.•56 views

CVE-2019-8783

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary...

8.8CVSS9AI score0.01968EPSS
Exploits0
Debian CVE
Debian CVE
•added 2019/09/10 4:58 p.m.•56 views

CVE-2019-1547

Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters instead of using a named curve. In those cases it is possible that such a group does not have...

4.7CVSS6.4AI score0.01188EPSS
Exploits0
Debian CVE
Debian CVE
•added 2019/04/26 8:26 p.m.•56 views

CVE-2019-3844

It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that wil...

7.8CVSS5AI score0.00888EPSS
Exploits2
Debian CVE
Debian CVE
•added 2019/04/10 9:4 p.m.•56 views

CVE-2019-11072

lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burlnormalize2Ftoslashfix in burl.c. NOTE:...

9.8CVSS9.9AI score0.73762EPSS
Exploits1
Debian CVE
Debian CVE
•added 2019/02/22 11:0 p.m.•56 views

CVE-2019-9021

Removed by vendor...

9.8CVSS8.7AI score0.10059EPSS
Exploits1
Debian CVE
Debian CVE
•added 2018/07/09 8:0 p.m.•56 views

CVE-2018-1000613

Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in XMSS/XMSS^MT private key deserialization that can result in...

9.8CVSS6.8AI score0.04767EPSS
Exploits0
Debian CVE
Debian CVE
•added 2018/02/06 3:0 p.m.•56 views

CVE-2017-15095

A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw...

9.8CVSS8.6AI score0.08411EPSS
Exploits2
Total number of security vulnerabilities5000