Lucene search
K
DebiancveMost viewed

60039 matches found

Debian CVE
Debian CVE
•added 2019/02/05 12:0 a.m.•50 views

CVE-2019-7397

In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c...

7.5CVSS7.4AI score0.03802EPSS
Exploits1
Debian CVE
Debian CVE
•added 2019/01/25 6:0 p.m.•50 views

CVE-2019-3819

A flaw was found in the Linux kernel in the function hiddebugeventsread in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user "root" can cause a system lock up and a denial of service. Versions from v4.18 and newe...

4.9CVSS5.8AI score0.00453EPSS
Exploits0
Debian CVE
Debian CVE
•added 2019/01/09 5:0 a.m.•50 views

CVE-2018-20677

In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property...

6.1CVSS6.6AI score0.03984EPSS
Exploits1
Debian CVE
Debian CVE
•added 2018/10/17 1:0 a.m.•50 views

CVE-2018-3183

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Scripting. Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network...

9CVSS6.8AI score0.02815EPSS
Exploits0
Debian CVE
Debian CVE
•added 2018/10/07 6:0 p.m.•50 views

CVE-2018-18025

In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the EncodeImage function of coders/pict.c, which allows attackers to cause a denial of service via a crafted SVG image file...

6.5CVSS7.1AI score0.02541EPSS
Exploits1
Debian CVE
Debian CVE
•added 2018/10/04 1:0 p.m.•50 views

CVE-2018-11784

When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory e.g. redirecting to '/foo/' when the user requested '/foo' a specially crafted URL could be used to cause the redirect to be generated to any URI of the...

4.3CVSS6AI score0.94494EPSS
Exploits3
Debian CVE
Debian CVE
•added 2018/07/02 12:0 p.m.•50 views

CVE-2018-13053

The alarmtimernsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktimeaddsafe is not used...

3.3CVSS6.5AI score0.00513EPSS
Exploits0
Debian CVE
Debian CVE
•added 2018/06/11 9:0 p.m.•50 views

CVE-2018-5146

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox 59.0.1, Firefox ESR 52.7.2, and Thunderbird 52.7...

8.8CVSS8.2AI score0.12054EPSS
Exploits0
Debian CVE
Debian CVE
•added 2018/05/18 4:0 p.m.•50 views

CVE-2018-11236

stdlib/canonicalize.c in the GNU C Library aka glibc or libc6 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution...

9.8CVSS10AI score0.074EPSS
Exploits0
Debian CVE
Debian CVE
•added 2018/04/11 1:0 p.m.•50 views

CVE-2018-1275

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

9.8CVSS8.3AI score0.57632EPSS
Exploits0
Debian CVE
Debian CVE
•added 2018/04/06 1:0 p.m.•50 views

CVE-2018-1270

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

9.8CVSS8.5AI score0.77245EPSS
Exploits5
Debian CVE
Debian CVE
•added 2017/11/20 3:0 p.m.•50 views

CVE-2017-16544

In the addmatch function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code...

8.8CVSS6.7AI score0.0624EPSS
Exploits12
Debian CVE
Debian CVE
•added 2017/10/06 1:0 p.m.•50 views

CVE-2017-1000254

libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in anonymous or not, it asks the server for the current directory with the PWD command. The server then responds with a 257 response containing the path, inside double...

7.5CVSS7.9AI score0.08465EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/10/04 1:0 a.m.•50 views

CVE-2017-1000112

Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSGMORE ipappenddata calls ipufoappenddata to append. However in between two send calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption. In...

7CVSS7.2AI score0.20797EPSS
Exploits19
Debian CVE
Debian CVE
•added 2017/08/07 5:0 p.m.•50 views

CVE-2011-5325

Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink...

7.5CVSS6.6AI score0.07176EPSS
Exploits3
Debian CVE
Debian CVE
•added 2017/03/02 12:0 a.m.•50 views

CVE-2016-10228

The iconv program in the GNU C Library aka glibc or libc6 2.31 and earlier, when invoked with multiple suffixes in the destination encoding TRANSLATE or IGNORE along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service...

5.9CVSS6.3AI score0.04006EPSS
Exploits0
Debian CVE
Debian CVE
•added 2016/11/28 3:1 a.m.•50 views

CVE-2016-9178

The getuserasmex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information from kernel stack memory by triggering failure of a getuserex call...

5.5CVSS6.1AI score0.00417EPSS
Exploits0
Debian CVE
Debian CVE
•added 2016/10/16 9:0 p.m.•50 views

CVE-2016-7097

The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions...

4.4CVSS6.7AI score0.00377EPSS
Exploits0
Debian CVE
Debian CVE
•added 2016/05/02 10:0 a.m.•50 views

CVE-2016-3689

The imspcuparsecdcdata function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service system crash via a USB device without both a master and a slave interface...

4.9CVSS6AI score0.00586EPSS
Exploits0
Debian CVE
Debian CVE
•added 2016/04/25 12:0 a.m.•50 views

CVE-2016-2111

The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted applicatio...

6.3CVSS6.9AI score0.02902EPSS
Exploits0
Debian CVE
Debian CVE
•added 2016/03/13 6:0 p.m.•50 views

CVE-2016-1950

Heap-based buffer overflow in Mozilla Network Security Services NSS before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate...

8.8CVSS10AI score0.04192EPSS
Exploits0
Debian CVE
Debian CVE
•added 2016/02/15 7:0 p.m.•50 views

CVE-2016-0746

Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service worker process crash or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing...

9.8CVSS9.2AI score0.08625EPSS
Exploits0
Debian CVE
Debian CVE
•added 2015/10/21 9:0 p.m.•50 views

CVE-2015-4806

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries...

6.4CVSS6.3AI score0.03926EPSS
Exploits0
Debian CVE
Debian CVE
•added 2015/07/10 3:0 p.m.•50 views

CVE-2015-2967

Cross-site scripting XSS vulnerability in settings.php in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.5AI score0.01846EPSS
Exploits0
Debian CVE
Debian CVE
•added 2014/05/02 2:0 p.m.•50 views

CVE-2014-3000

Removed by vendor...

7.8CVSS6.7AI score0.12824EPSS
Exploits0
Debian CVE
Debian CVE
•added 2013/03/19 10:0 p.m.•50 views

CVE-2013-1855

The sanitizecss method in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n newline characters, which makes it easier for remote attackers to...

4.3CVSS5.5AI score0.0264EPSS
Exploits1
Debian CVE
Debian CVE
•added 2013/02/28 7:0 p.m.•50 views

CVE-2013-1774

The chaseport function in drivers/usb/serial/ioti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service NULL pointer dereference and system crash via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter...

4CVSS6.3AI score0.00388EPSS
Exploits0
Debian CVE
Debian CVE
•added 2011/12/06 11:0 a.m.•50 views

CVE-2011-4130

Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer...

9CVSS7.1AI score0.12804EPSS
Exploits4
Debian CVE
Debian CVE
•added 2011/08/25 2:0 p.m.•50 views

CVE-2011-2483

cryptblowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash...

5CVSS6.6AI score0.04972EPSS
Exploits0
Debian CVE
Debian CVE
•added 2010/12/14 3:0 p.m.•50 views

CVE-2010-4344

Heap-based buffer overflow in the stringvformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging...

9.8CVSS9.1AI score0.71794EPSS
Exploits6
Debian CVE
Debian CVE
•added 2010/11/05 5:0 p.m.•50 views

CVE-2010-3702

The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service crash via unknown vectors that trigger an uninitialized pointer...

7.5CVSS7.3AI score0.02757EPSS
Exploits0
Debian CVE
Debian CVE
•added 2010/10/21 6:12 p.m.•50 views

CVE-2010-3170

Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL serve...

4.3CVSS8.7AI score0.01096EPSS
Exploits0
Debian CVE
Debian CVE
•added 2010/03/05 7:0 p.m.•50 views

CVE-2010-0425

modules/arch/win32/modisapi.c in modisapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapiunload for an ISAPI .dll module, which allows remote attackers ...

10CVSS8.9AI score0.94248EPSS
Exploits13
Debian CVE
Debian CVE
•added 2024/11/07 10:0 a.m.•49 views

CVE-2023-1932

A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or...

6.1CVSS6.4AI score0.00452EPSS
Exploits0
Debian CVE
Debian CVE
•added 2024/07/18 9:32 a.m.•49 views

CVE-2024-40725

A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local...

5.3CVSS6.3AI score0.04134EPSS
Exploits3
Debian CVE
Debian CVE
•added 2024/07/07 5:22 p.m.•49 views

CVE-2024-3651

A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This...

7.5CVSS6.5AI score0.01386EPSS
Exploits1
Debian CVE
Debian CVE
•added 2024/07/01 6:12 p.m.•49 views

CVE-2024-38472

SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note: Existing configurations that access UNC paths will have to configure new...

7.5CVSS6.3AI score0.6795EPSS
Exploits1
Debian CVE
Debian CVE
•added 2024/05/03 9:55 a.m.•49 views

CVE-2024-34062

tqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments e.g. --delim, --buf-size, --manpath are passed through python's eval, allowing arbitrary code execution. This issue is only locally exploitable and had been addressed in release version 4.66.3. All user...

4.8CVSS6.2AI score0.00432EPSS
Exploits0
Debian CVE
Debian CVE
•added 2024/04/29 3:34 a.m.•49 views

CVE-2024-2756

Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a Host- or Secure- cookie by PHP applications...

6.5CVSS7AI score0.3786EPSS
Exploits0
Debian CVE
Debian CVE
•added 2024/04/16 7:59 p.m.•49 views

CVE-2022-24810

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a SET to the nsVacmAccessTable to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong...

8.8CVSS7.3AI score0.01146EPSS
Exploits0
Debian CVE
Debian CVE
•added 2024/03/15 12:0 a.m.•49 views

CVE-2024-27351

In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words method with html=True and the truncatewordshtml template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because ...

5.3CVSS7AI score0.01854EPSS
Exploits0
Debian CVE
Debian CVE
•added 2024/02/17 1:50 a.m.•49 views

CVE-2024-20923

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated...

3.1CVSS3.8AI score0.00601EPSS
Exploits0
Debian CVE
Debian CVE
•added 2024/02/06 12:0 a.m.•49 views

CVE-2024-22365

linux-pam aka Linux PAM before 1.6.0 allows attackers to cause a denial of service blocked login process via mkfifo because the openat call for protectdir lacks ODIRECTORY...

5.5CVSS5.9AI score0.00455EPSS
Exploits1
Debian CVE
Debian CVE
•added 2023/11/23 12:0 a.m.•49 views

CVE-2023-33202

Bouncy Castle for Java before 1.73 contains a potential Denial of Service DoS issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafte...

5.5CVSS6.4AI score0.00932EPSS
Exploits1
Debian CVE
Debian CVE
•added 2023/11/16 2:8 p.m.•49 views

CVE-2023-4771

A Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15.1 and earlier. An attacker could send malicious javascript code through the /ckeditor/samples/old/ajax.html file and retrieve an authorized user's information...

6.1CVSS6.1AI score0.00878EPSS
Exploits1
Debian CVE
Debian CVE
•added 2023/11/15 5:19 p.m.•49 views

CVE-2023-6112

Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS9.4AI score0.30339EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/11/07 7:14 p.m.•49 views

CVE-2023-4154

A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers RODCs. This flaw allows RODCs and users possessing the GETCHANGES right to access all attributes, including sensitive...

7.5CVSS6.7AI score0.01151EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/11/07 12:0 a.m.•49 views

CVE-2023-47360

Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length...

7.5CVSS7.5AI score0.00907EPSS
Exploits1
Debian CVE
Debian CVE
•added 2023/08/01 3:2 p.m.•49 views

CVE-2023-4058

Memory safety bugs present in Firefox 115. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 116...

9.8CVSS10AI score0.00633EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/06/08 8:19 p.m.•49 views

CVE-2023-29405

The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "cgo LDFLAGS" directive. Flags containing...

9.8CVSS7.8AI score0.01728EPSS
Exploits0
Total number of security vulnerabilities5000