Lucene search
K
DebiancveMost viewed

60198 matches found

Debian CVE
Debian CVE
•added 2009/09/30 3:0 p.m.•48 views

CVE-2009-3490

GNU Wget before 1.12 does not properly handle a '\0' character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issu...

6.8CVSS6.4AI score0.03517EPSS
Exploits1
Debian CVE
Debian CVE
•added 2009/06/09 5:0 p.m.•48 views

CVE-2009-0791

Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7, GPdf, and kdegraphics KPDF, allow remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted PDF file that trigger...

6.8CVSS8.4AI score0.05544EPSS
Exploits1
Debian CVE
Debian CVE
•added 2009/04/23 5:0 p.m.•48 views

CVE-2009-0146

Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service crash via a crafted PDF file, related to 1 JBIG2SymbolDict::setBitmap and 2 JBIG2Stream::readSymbolDictSeg...

4.3CVSS7.3AI score0.02833EPSS
Exploits1
Debian CVE
Debian CVE
•added 2008/07/08 11:0 p.m.•48 views

CVE-2008-1447

The DNS protocol, as implemented in 1 BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; 2 Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referral...

6.8CVSS6.6AI score0.95182EPSS
Exploits20
Debian CVE
Debian CVE
•added 2008/05/13 5:0 p.m.•48 views

CVE-2008-0166

OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys...

7.8CVSS5.7AI score0.70721EPSS
Exploits7
Debian CVE
Debian CVE
•added 2008/04/04 12:0 a.m.•48 views

CVE-2008-1374

Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux 3 and 4, when running on 64-bit platforms, allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: this issue is due to an incomplete fix for CVE-2004-0888...

6.8CVSS7.6AI score0.03873EPSS
Exploits0
Debian CVE
Debian CVE
•added 2007/09/27 8:0 p.m.•48 views

CVE-2007-5135

Off-by-one error in the SSLgetsharedciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738...

6.8CVSS9AI score0.16061EPSS
Exploits0
Debian CVE
Debian CVE
•added 2007/05/14 9:0 p.m.•48 views

CVE-2007-2444

Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user...

7.2CVSS7.2AI score0.00783EPSS
Exploits0
Debian CVE
Debian CVE
•added 2004/10/26 4:0 a.m.•48 views

CVE-2004-0889

Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service crash and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888...

10CVSS7.4AI score0.06209EPSS
Exploits0
Debian CVE
Debian CVE
•added 2004/09/28 4:0 a.m.•48 views

CVE-2004-0911

telnetd for netkit 0.17 and earlier, and possibly other versions, on Debian GNU/Linux allows remote attackers to cause a denial of service free of an invalid pointer, a different vulnerability than CVE-2001-0554...

5CVSS6.3AI score0.02599EPSS
Exploits0
Debian CVE
Debian CVE
•added 2003/10/01 4:0 a.m.•48 views

CVE-2003-0545

Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding...

10CVSS9.4AI score0.85449EPSS
Exploits0
Debian CVE
Debian CVE
•added 2003/03/21 5:0 a.m.•48 views

CVE-2003-0131

The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS 1 v1.5 padding that cause OpenSSL to leak...

7.5CVSS8.6AI score0.0628EPSS
Exploits0
Debian CVE
Debian CVE
•added 2024/05/23 6:30 a.m.•47 views

CVE-2024-4835

Removed by vendor...

8.2CVSS5.8AI score0.00802EPSS
Exploits1
Debian CVE
Debian CVE
•added 2024/05/01 5:27 a.m.•47 views

CVE-2024-26984

In the Linux kernel, the following vulnerability has been resolved: nouveau: fix instmem race condition around ptr stores Running a lot of VK CTS in parallel against nouveau, once every few hours you might see something like this crash. BUG: kernel NULL pointer dereference, address:...

5.5CVSS7.4AI score0.00202EPSS
Exploits0
Debian CVE
Debian CVE
•added 2024/04/29 3:49 a.m.•47 views

CVE-2024-2757

In PHP 8.3. before 8.3.5, function mbencodemimeheader runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function...

7.5CVSS7.4AI score0.01924EPSS
Exploits1
Debian CVE
Debian CVE
•added 2024/04/16 9:26 p.m.•47 views

CVE-2024-21062

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

4.9CVSS5AI score0.00834EPSS
Exploits0
Debian CVE
Debian CVE
•added 2024/04/06 2:53 p.m.•47 views

CVE-2024-3159

Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

8.8CVSS9AI score0.01599EPSS
Exploits0
Debian CVE
Debian CVE
•added 2024/02/03 1:35 p.m.•47 views

CVE-2024-0853

curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...

5.3CVSS5.1AI score0.01102EPSS
Exploits1
Debian CVE
Debian CVE
•added 2024/01/25 8:3 p.m.•47 views

CVE-2023-52355

An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64 API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB...

7.5CVSS6.1AI score0.01725EPSS
Exploits1
Debian CVE
Debian CVE
•added 2024/01/25 3:54 p.m.•47 views

CVE-2023-40547

A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete...

8.3CVSS7.5AI score0.04852EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/12/12 1:38 a.m.•47 views

CVE-2023-46219

When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use...

5.3CVSS6.7AI score0.01133EPSS
Exploits1
Debian CVE
Debian CVE
•added 2023/12/06 4:27 p.m.•47 views

CVE-2023-45285

Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...

7.5CVSS7AI score0.01137EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/12/01 7:1 a.m.•47 views

CVE-2023-6033

Removed by vendor...

8.7CVSS6.7AI score0.00557EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/11/29 12:2 p.m.•47 views

CVE-2023-6348

Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS9AI score0.01007EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/11/27 12:0 a.m.•47 views

CVE-2023-42364

A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function...

5.5CVSS6.2AI score0.00433EPSS
Exploits1
Debian CVE
Debian CVE
•added 2023/11/03 12:0 a.m.•47 views

CVE-2023-41260

Best Practical Request Tracker RT before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls...

7.5CVSS7.4AI score0.00705EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/10/15 12:0 a.m.•47 views

CVE-2023-45871

An issue was discovered in drivers/net/ethernet/intel/igb/igbmain.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU...

7.5CVSS6.7AI score0.00544EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/09/15 7:37 p.m.•47 views

CVE-2023-40167

Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the + character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests...

5.3CVSS6.5AI score0.01069EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/08/29 12:0 a.m.•47 views

CVE-2023-39615

Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support...

6.5CVSS6.5AI score0.00667EPSS
Exploits1
Debian CVE
Debian CVE
•added 2023/08/16 12:0 a.m.•47 views

CVE-2023-39975

kdc/dotgsreq.c in MIT Kerberos 5 aka krb5 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another...

8.8CVSS7.3AI score0.01229EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/06/08 8:19 p.m.•47 views

CVE-2023-29403

On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I...

7.8CVSS6.2AI score0.00432EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/04/21 2:51 p.m.•47 views

CVE-2023-1998

The Linux kernel allows userspace processes to enable mitigations by calling prctl with PRSETSPECULATIONCTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to...

5.6CVSS7.6AI score0.01377EPSS
Exploits3
Debian CVE
Debian CVE
•added 2023/04/16 12:0 a.m.•47 views

CVE-2022-37704

Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure...

6.7CVSS6.4AI score0.00526EPSS
Exploits1
Debian CVE
Debian CVE
•added 2023/04/06 3:50 p.m.•47 views

CVE-2023-24534

HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than requir...

7.5CVSS6.4AI score0.01888EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/03/31 12:0 a.m.•47 views

CVE-2023-28879

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then...

9.8CVSS9.7AI score0.06341EPSS
Exploits1
Debian CVE
Debian CVE
•added 2023/03/28 12:0 a.m.•47 views

CVE-2022-23125

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsing the len element, the process does not properly validate...

9.8CVSS9.7AI score0.04354EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/03/23 12:0 a.m.•47 views

CVE-2023-0590

A use-after-free flaw was found in qdiscgraft in net/sched/schapi.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 "net: sched: fix race condition in qdiscgraft" not applied yet, then kernel could be affected...

4.7CVSS6.2AI score0.00198EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/03/06 12:0 a.m.•47 views

CVE-2022-45142

The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches and possibly other branches a logic inversion sneaked...

7.5CVSS6.8AI score0.00491EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/02/28 5:19 p.m.•47 views

CVE-2022-41724

Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session...

7.5CVSS6.7AI score0.01111EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/02/22 7:54 p.m.•47 views

CVE-2023-0941

Use after free in Prompts in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS9.6AI score0.006EPSS
Exploits0
Debian CVE
Debian CVE
•added 2023/02/08 7:4 p.m.•47 views

CVE-2022-4304

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages fo...

5.9CVSS6.8AI score0.16195EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/12/30 12:0 a.m.•47 views

CVE-2022-34677

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause an integer to be truncated, which may lead to denial of service or data tampering...

7.1CVSS6.6AI score0.00286EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/12/26 12:0 a.m.•47 views

CVE-2021-35065

The glob-parent package before 6.0.1 for Node.js allows ReDoS regular expression denial of service attacks against the enclosure regular expression...

7.5CVSS7.2AI score0.01589EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/12/26 12:0 a.m.•47 views

CVE-2021-44854

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis...

5.3CVSS4.6AI score0.00613EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/12/22 12:0 a.m.•47 views

CVE-2022-40962

Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 104 and Firefox ESR 102.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these...

8.8CVSS9.5AI score0.01342EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/12/22 12:0 a.m.•47 views

CVE-2022-22748

Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL protocol. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

6.5CVSS8.1AI score0.00737EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/12/22 12:0 a.m.•47 views

CVE-2022-34470

Session history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox 102, Firefox ESR 91.11, Thunderbird 102, and Thunderbird 91.11...

9.8CVSS9.8AI score0.01064EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/12/22 12:0 a.m.•47 views

CVE-2022-34480

Within the lginit function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being allocated. This vulnerability affects Firefox 102...

8.8CVSS9.5AI score0.00542EPSS
Exploits0
Debian CVE
Debian CVE
•added 2022/12/12 12:0 a.m.•47 views

CVE-2022-41881

Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except...

7.5CVSS6.7AI score0.01466EPSS
Exploits1
Debian CVE
Debian CVE
•added 2022/12/06 12:0 a.m.•47 views

CVE-2022-44900

A directory traversal vulnerability in the SevenZipFile.extractall function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file...

9.1CVSS9.1AI score0.02242EPSS
Exploits3
Total number of security vulnerabilities5000