Lucene search
K
DebiancveMost viewed

59600 matches found

Debian CVE
Debian CVE
•added 2017/02/16 6:0 p.m.•45 views

CVE-2016-9773

Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service out-of-bounds heap read via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9556...

5.5CVSS7.5AI score0.01832EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/02/03 3:0 p.m.•45 views

CVE-2016-9642

Removed by vendor...

5.5CVSS7AI score0.0127EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/01/18 9:0 p.m.•45 views

CVE-2016-6896

Directory traversal vulnerability in the wpajaxupdateplugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. dot dot in the plugin parameter to wp-admin/admin-ajax.php, as...

7.1CVSS4.4AI score0.38445EPSS
Exploits6
Debian CVE
Debian CVE
•added 2017/01/04 8:0 p.m.•45 views

CVE-2016-9934

Removed by vendor...

7.5CVSS8.7AI score0.06845EPSS
Exploits0
Debian CVE
Debian CVE
•added 2016/12/28 7:42 a.m.•45 views

CVE-2016-9576

The blkrqmapuseriov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service use-after-free by leveraging access to a /dev/sg device...

7.8CVSS6.6AI score0.00437EPSS
Exploits0
Debian CVE
Debian CVE
•added 2016/12/09 12:0 a.m.•45 views

CVE-2016-8858

The kexinputkexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service memory consumption by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue."...

7.8CVSS7.7AI score0.29462EPSS
Exploits0
Debian CVE
Debian CVE
•added 2016/11/28 3:1 a.m.•45 views

CVE-2016-8633

drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets...

6.8CVSS7.8AI score0.01765EPSS
Exploits0
Debian CVE
Debian CVE
•added 2016/10/25 2:0 p.m.•45 views

CVE-2016-5597

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality via vectors related to Networking...

5.9CVSS7.3AI score0.03937EPSS
Exploits0
Debian CVE
Debian CVE
•added 2016/10/16 9:0 p.m.•45 views

CVE-2016-7042

The prockeysshow function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection gcc stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service stack memory corruption and panic by...

6.2CVSS7AI score0.00395EPSS
Exploits0
Debian CVE
Debian CVE
•added 2016/10/13 2:0 p.m.•45 views

CVE-2016-5425

Removed by vendor...

7.8CVSS7.4AI score0.03782EPSS
Exploits8
Debian CVE
Debian CVE
•added 2016/09/17 9:0 p.m.•45 views

CVE-2016-7416

Removed by vendor...

7.5CVSS8.7AI score0.06672EPSS
Exploits1
Debian CVE
Debian CVE
•added 2016/09/16 12:0 a.m.•45 views

CVE-2016-2182

The BNbn2dec function in crypto/bn/bnprint.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service out-of-bounds write and application crash or possibly have unspecified other impact via unknown vectors...

9.8CVSS9.4AI score0.44218EPSS
Exploits1
Debian CVE
Debian CVE
•added 2016/09/07 7:0 p.m.•45 views

CVE-2016-6317

Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing...

7.5CVSS7.8AI score0.03903EPSS
Exploits0
Debian CVE
Debian CVE
•added 2016/07/03 9:0 p.m.•45 views

CVE-2016-4998

The IPTSOSETREPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service out-of-bounds read or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted...

7.1CVSS7.5AI score0.01885EPSS
Exploits1
Debian CVE
Debian CVE
•added 2016/05/23 10:0 a.m.•45 views

CVE-2016-4913

The getrockridgefilename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM aka alternate name entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs...

7.8CVSS7AI score0.00512EPSS
Exploits0
Debian CVE
Debian CVE
•added 2016/05/22 1:0 a.m.•45 views

CVE-2016-4342

Removed by vendor...

8.8CVSS8.7AI score0.05345EPSS
Exploits2
Debian CVE
Debian CVE
•added 2016/05/22 1:0 a.m.•45 views

CVE-2015-8876

Removed by vendor...

9.8CVSS8.7AI score0.07705EPSS
Exploits1
Debian CVE
Debian CVE
•added 2016/04/27 5:0 p.m.•45 views

CVE-2016-2384

Double free vulnerability in the sndusbmidicreate function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service panic or possibly have unspecified other impact via vectors involving an invalid USB descriptor...

4.9CVSS7.1AI score0.03723EPSS
Exploits10
Debian CVE
Debian CVE
•added 2016/04/13 4:0 p.m.•45 views

CVE-2016-3159

The fpufxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits...

3.8CVSS3.4AI score0.00399EPSS
Exploits0
Debian CVE
Debian CVE
•added 2016/01/19 2:0 a.m.•45 views

CVE-2016-1903

Removed by vendor...

9.1CVSS8.5AI score0.07806EPSS
Exploits1
Debian CVE
Debian CVE
•added 2016/01/14 12:0 a.m.•45 views

CVE-2016-0778

The 1 roamingread and 2 roamingwrite functions in roamingcommon.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service heap-based...

8.1CVSS7.3AI score0.2037EPSS
Exploits3
Debian CVE
Debian CVE
•added 2015/12/29 10:0 p.m.•45 views

CVE-2015-5296

Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c,...

5.4CVSS6.4AI score0.07263EPSS
Exploits0
Debian CVE
Debian CVE
•added 2015/10/19 10:0 a.m.•45 views

CVE-2015-7833

The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in Red Hat Enterprise Linux RHEL 7.1 allows physically proximate attackers to cause a denial of service panic via a nonzero bInterfaceNumber value in a USB device descriptor...

4.9CVSS6.1AI score0.00675EPSS
Exploits1
Debian CVE
Debian CVE
•added 2015/09/01 2:0 p.m.•45 views

CVE-2015-6729

Cross-site scripting XSS vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the rel404 parameter, which is not properly handled in an error page...

4.3CVSS5.6AI score0.02009EPSS
Exploits0
Debian CVE
Debian CVE
•added 2015/01/09 9:0 p.m.•45 views

CVE-2014-9529

Race condition in the keygcunusedkeys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service memory corruption or panic or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during...

6.9CVSS6.8AI score0.00339EPSS
Exploits0
Debian CVE
Debian CVE
•added 2014/09/11 6:0 p.m.•45 views

CVE-2014-3609

HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service crash via a request with crafted "Range headers with unidentifiable byte-range values."...

5CVSS6.1AI score0.5622EPSS
Exploits0
Debian CVE
Debian CVE
•added 2014/05/11 9:0 p.m.•45 views

CVE-2014-3145

The BPFSANCNLATTRNEST extension implementation in the skrunfilter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service over-read and system crash via crafted BPF instructions. NOTE:...

4.9CVSS5.8AI score0.00649EPSS
Exploits1
Debian CVE
Debian CVE
•added 2014/01/19 5:0 p.m.•45 views

CVE-2013-0244

Removed by vendor...

2.6CVSS7.8AI score0.02144EPSS
Exploits0
Debian CVE
Debian CVE
•added 2013/12/07 12:0 a.m.•45 views

CVE-2013-6416

Cross-site scripting XSS vulnerability in the simpleformat helper in actionpack/lib/actionview/helpers/texthelper.rb in Ruby on Rails 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML attribute...

4.3CVSS5.4AI score0.01963EPSS
Exploits0
Debian CVE
Debian CVE
•added 2013/07/08 5:0 p.m.•45 views

CVE-2013-1059

net/ceph/authnone.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact via an authreply message that triggers an attempted buildrequest operation...

7.8CVSS7AI score0.04546EPSS
Exploits0
Debian CVE
Debian CVE
•added 2013/04/22 10:0 a.m.•45 views

CVE-2013-3223

The ax25recvmsg function in net/ax25/afax25.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call...

4.9CVSS5.8AI score0.00375EPSS
Exploits0
Debian CVE
Debian CVE
•added 2013/03/12 4:0 p.m.•45 views

CVE-2013-1049

Buffer overflow in the RFC1413 ident client in cfingerd 1.4.3-3 allows remote IDENT servers to cause a denial of service crash and possibly execute arbitrary code via a crafted response...

10CVSS7.6AI score0.03125EPSS
Exploits0
Debian CVE
Debian CVE
•added 2013/02/08 7:0 p.m.•45 views

CVE-2013-1619

The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks...

4CVSS7AI score0.0644EPSS
Exploits1
Debian CVE
Debian CVE
•added 2012/12/19 11:0 a.m.•45 views

CVE-2012-3546

Removed by vendor...

4.3CVSS6.6AI score0.11975EPSS
Exploits1
Debian CVE
Debian CVE
•added 2012/10/03 10:0 a.m.•45 views

CVE-2012-3375

The epollctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLLCTLADD operations, which allows local users to cause a denial of service file-descriptor consumption and system crash via a crafted application that attempts to create a...

4.9CVSS8.2AI score0.0102EPSS
Exploits2
Debian CVE
Debian CVE
•added 2011/11/08 11:0 a.m.•45 views

CVE-2011-4415

The appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service memory consumption or NULL...

1.2CVSS6.4AI score0.031EPSS
Exploits4
Debian CVE
Debian CVE
•added 2010/11/09 8:0 p.m.•45 views

CVE-2010-4221

Multiple stack-based buffer overflows in the prnetiotelnetgets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a 1 FTP or 2 FTPS server...

10CVSS9.5AI score0.91303EPSS
Exploits10
Debian CVE
Debian CVE
•added 2010/08/05 6:0 p.m.•45 views

CVE-2010-2791

modproxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in...

5CVSS5.5AI score0.08284EPSS
Exploits1
Debian CVE
Debian CVE
•added 2009/08/20 10:0 p.m.•45 views

CVE-2009-2694

The msnslplinkprocessmsg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin formerly Gaim before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash by sending multiple...

10CVSS7.6AI score0.20295EPSS
Exploits8
Debian CVE
Debian CVE
•added 2009/06/10 2:0 p.m.•45 views

CVE-2009-1690

Removed by vendor...

9.3CVSS6.6AI score0.06618EPSS
Exploits2
Debian CVE
Debian CVE
•added 2008/10/03 5:18 p.m.•45 views

CVE-2008-4409

libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, which allows context-dependent attackers to cause a denial of service memory consumption and application crash, as demonstrated by use of xmllint on a certain XML document, a different vulnerability th...

5CVSS6.7AI score0.08534EPSS
Exploits2
Debian CVE
Debian CVE
•added 2008/01/25 12:0 a.m.•45 views

CVE-2008-0455

Cross-site scripting XSS vulnerability in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by...

4.3CVSS5.5AI score0.6477EPSS
Exploits1
Debian CVE
Debian CVE
•added 2007/06/26 12:0 a.m.•45 views

CVE-2003-1332

Stack-based buffer overflow in the replynttrans function in Samba 2.2.7a and earlier allows remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2003-0201...

7.5CVSS7.9AI score0.04951EPSS
Exploits1
Debian CVE
Debian CVE
•added 2006/08/30 1:0 a.m.•45 views

CVE-2006-4447

X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit...

7.2CVSS6.4AI score0.00434EPSS
Exploits0
Debian CVE
Debian CVE
•added 2005/05/14 4:0 a.m.•45 views

CVE-2005-1545

Integer overflow in the ELF parser in HT Editor before 0.8.0 allows remote attackers to execute arbitrary code via a crafted ELF file, which leads to a heap-based buffer overflow...

5.1CVSS7.6AI score0.02208EPSS
Exploits0
Debian CVE
Debian CVE
•added 2005/03/07 5:0 a.m.•45 views

CVE-2005-0397

Format string vulnerability in the SetImageInfo function in image.c for ImageMagick before 6.0.2.5 may allow remote attackers to cause a denial of service application crash and possibly execute arbitrary code via format string specifiers in a filename argument to convert, which may be called by...

7.5CVSS7.3AI score0.04219EPSS
Exploits0
Debian CVE
Debian CVE
•added 2004/10/26 4:0 a.m.•45 views

CVE-2004-0889

Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service crash and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888...

10CVSS7.4AI score0.06209EPSS
Exploits0
Debian CVE
Debian CVE
•added 2003/03/21 5:0 a.m.•45 views

CVE-2003-0131

The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS 1 v1.5 padding that cause OpenSSL to leak...

7.5CVSS8.6AI score0.0628EPSS
Exploits0
Debian CVE
Debian CVE
•added 1976/01/01 12:0 a.m.•45 views

CVE-2022-3529

Removed by vendor...

7AI score
Exploits0
Debian CVE
Debian CVE
•added 2024/10/09 12:0 a.m.•44 views

CVE-2023-45359

An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-toc-toggle-button-label is not escaped, but should be, because the line param can have markup...

6.5CVSS5.3AI score0.00289EPSS
Exploits0
Total number of security vulnerabilities5000