Lucene search
K
DebiancveMost viewed

60207 matches found

Debian CVE
Debian CVE
added 2015/09/01 2:0 p.m.45 views

CVE-2015-6729

Cross-site scripting XSS vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the rel404 parameter, which is not properly handled in an error page...

4.3CVSS5.6AI score0.02009EPSS
Exploits0
Debian CVE
Debian CVE
added 2015/01/21 3:0 p.m.45 views

CVE-2014-6591

Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585...

2.6CVSS6.5AI score0.0405EPSS
Exploits0
Debian CVE
Debian CVE
added 2015/01/09 9:0 p.m.45 views

CVE-2014-9529

Race condition in the keygcunusedkeys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service memory corruption or panic or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during...

6.9CVSS6.8AI score0.00339EPSS
Exploits0
Debian CVE
Debian CVE
added 2014/09/11 6:0 p.m.45 views

CVE-2014-3609

HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service crash via a request with crafted "Range headers with unidentifiable byte-range values."...

5CVSS6.1AI score0.5622EPSS
Exploits0
Debian CVE
Debian CVE
added 2014/09/04 5:0 p.m.45 views

CVE-2012-6153

http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via...

4.3CVSS6.6AI score0.05844EPSS
Exploits0
Debian CVE
Debian CVE
added 2014/02/02 12:0 a.m.45 views

CVE-2013-4331

Light Display Manager aka LightDM 1.4.x before 1.4.3, 1.6.x before 1.6.2, and 1.7.x before 1.7.14 uses 0664 permissions for the temporary .Xauthority file, which allows local users to obtain sensitive information by reading the file...

2.1CVSS5.6AI score0.00368EPSS
Exploits0
Debian CVE
Debian CVE
added 2014/01/19 5:0 p.m.45 views

CVE-2013-0244

Removed by vendor...

2.6CVSS7.8AI score0.02144EPSS
Exploits0
Debian CVE
Debian CVE
added 2013/12/07 12:0 a.m.45 views

CVE-2013-6416

Cross-site scripting XSS vulnerability in the simpleformat helper in actionpack/lib/actionview/helpers/texthelper.rb in Ruby on Rails 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML attribute...

4.3CVSS5.4AI score0.01963EPSS
Exploits0
Debian CVE
Debian CVE
added 2013/07/08 5:0 p.m.45 views

CVE-2013-1059

net/ceph/authnone.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact via an authreply message that triggers an attempted buildrequest operation...

7.8CVSS7AI score0.04546EPSS
Exploits0
Debian CVE
Debian CVE
added 2013/04/22 10:0 a.m.45 views

CVE-2013-3223

The ax25recvmsg function in net/ax25/afax25.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call...

4.9CVSS5.8AI score0.00375EPSS
Exploits0
Debian CVE
Debian CVE
added 2013/03/12 9:0 p.m.45 views

CVE-2012-6076

Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts...

4.4CVSS5.5AI score0.00488EPSS
Exploits0
Debian CVE
Debian CVE
added 2013/02/08 7:0 p.m.45 views

CVE-2013-1619

The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks...

4CVSS7AI score0.0644EPSS
Exploits1
Debian CVE
Debian CVE
added 2013/01/04 11:0 a.m.45 views

CVE-2012-6090

Multiple stack-based buffer overflows in the expand function in os/pl-glob.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted filename...

7.5CVSS7.2AI score0.0313EPSS
Exploits0
Debian CVE
Debian CVE
added 2012/10/03 10:0 a.m.45 views

CVE-2012-3375

The epollctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLLCTLADD operations, which allows local users to cause a denial of service file-descriptor consumption and system crash via a crafted application that attempts to create a...

4.9CVSS8.2AI score0.0102EPSS
Exploits2
Debian CVE
Debian CVE
added 2012/10/01 12:0 a.m.45 views

CVE-2012-2153

Removed by vendor...

4CVSS6.7AI score0.01881EPSS
Exploits0
Debian CVE
Debian CVE
added 2012/08/10 10:0 a.m.45 views

CVE-2012-3465

Cross-site scripting XSS vulnerability in actionpack/lib/actionview/helpers/sanitizehelper.rb in the striptags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup...

4.3CVSS5.6AI score0.01977EPSS
Exploits1
Debian CVE
Debian CVE
added 2012/03/13 10:0 a.m.45 views

CVE-2012-1099

Cross-site scripting XSS vulnerability in actionpack/lib/actionview/helpers/formoptionshelper.rb in the select helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving certain...

4.3CVSS5.5AI score0.02504EPSS
Exploits0
Debian CVE
Debian CVE
added 2012/01/06 1:0 a.m.45 views

CVE-2012-0390

The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related...

4.3CVSS8.3AI score0.0123EPSS
Exploits0
Debian CVE
Debian CVE
added 2011/11/08 11:0 a.m.45 views

CVE-2011-4415

The appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service memory consumption or NULL...

1.2CVSS6.4AI score0.031EPSS
Exploits4
Debian CVE
Debian CVE
added 2011/04/10 1:29 a.m.45 views

CVE-2011-1675

mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMITFSIZE value, a related issue to CVE-2011-1089...

3.3CVSS3.9AI score0.00404EPSS
Exploits0
Debian CVE
Debian CVE
added 2010/12/06 10:0 p.m.45 views

CVE-2008-7270

OpenSSL before 0.9.8j, when SSLOPNETSCAPEREUSECIPHERCHANGEBUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a...

4.3CVSS8.2AI score0.03426EPSS
Exploits0
Debian CVE
Debian CVE
added 2010/11/09 8:0 p.m.45 views

CVE-2010-4221

Multiple stack-based buffer overflows in the prnetiotelnetgets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a 1 FTP or 2 FTPS server...

10CVSS9.5AI score0.91303EPSS
Exploits10
Debian CVE
Debian CVE
added 2010/08/05 6:0 p.m.45 views

CVE-2010-2791

modproxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in...

5CVSS5.5AI score0.08284EPSS
Exploits1
Debian CVE
Debian CVE
added 2009/06/10 2:0 p.m.45 views

CVE-2009-1690

Removed by vendor...

9.3CVSS6.6AI score0.06618EPSS
Exploits2
Debian CVE
Debian CVE
added 2008/01/25 12:0 a.m.45 views

CVE-2008-0455

Cross-site scripting XSS vulnerability in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by...

4.3CVSS5.5AI score0.6477EPSS
Exploits1
Debian CVE
Debian CVE
added 2007/03/04 10:0 p.m.45 views

CVE-2007-0774

Stack-based buffer overflow in the mapuritoworker function native/common/jkuriworkermap.c in modjk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a...

7.5CVSS7.7AI score0.81513EPSS
Exploits8
Debian CVE
Debian CVE
added 2006/08/30 1:0 a.m.45 views

CVE-2006-4447

X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit...

7.2CVSS6.4AI score0.00434EPSS
Exploits0
Debian CVE
Debian CVE
added 2005/05/14 4:0 a.m.45 views

CVE-2005-1545

Integer overflow in the ELF parser in HT Editor before 0.8.0 allows remote attackers to execute arbitrary code via a crafted ELF file, which leads to a heap-based buffer overflow...

5.1CVSS7.6AI score0.02208EPSS
Exploits0
Debian CVE
Debian CVE
added 2004/09/24 4:0 a.m.45 views

CVE-2004-0811

Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration...

7.5CVSS6.3AI score0.06813EPSS
Exploits1
Debian CVE
Debian CVE
added 2004/09/01 4:0 a.m.45 views

CVE-2002-1220

BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service termination due to assertion failure via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size...

5CVSS6.2AI score0.096EPSS
Exploits0
Debian CVE
Debian CVE
added 1976/01/01 12:0 a.m.45 views

CVE-2022-3529

Removed by vendor...

7AI score
Exploits0
Debian CVE
Debian CVE
added 2024/10/09 12:0 a.m.44 views

CVE-2023-45359

An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-toc-toggle-button-label is not escaped, but should be, because the line param can have markup...

6.5CVSS5.3AI score0.00289EPSS
Exploits0
Debian CVE
Debian CVE
added 2024/08/07 3:14 p.m.44 views

CVE-2024-42248

In the Linux kernel, the following vulnerability has been resolved: tty: serial: ma35d1: Add a NULL check for ofnode The pdev-dev.ofnode can be NULL if the "serial" node is absent. Add a NULL check to return an error in such cases...

5.5CVSS4.8AI score0.00211EPSS
Exploits0
Debian CVE
Debian CVE
added 2024/07/09 12:2 p.m.44 views

CVE-2024-3596

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response Access-Accept, Access-Reject, or Access-Challenge to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature...

9CVSS8.4AI score0.14859EPSS
Exploits2
Debian CVE
Debian CVE
added 2024/05/01 5:27 a.m.44 views

CVE-2024-26981

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix OOB in nilfssetdetype The size of the nilfstypebymode array in the fs/nilfs2/dir.c file is defined as "SIFMT SSHIFT", but the nilfssetdetype function, which uses this array, specifies the index to read from the array ...

7.8CVSS7.2AI score0.00271EPSS
Exploits0
Debian CVE
Debian CVE
added 2024/04/04 7:19 p.m.44 views

CVE-2023-38709

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58...

7.3CVSS6.9AI score0.03914EPSS
Exploits0
Debian CVE
Debian CVE
added 2024/03/16 4:40 a.m.44 views

CVE-2024-22259

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF...

8.1CVSS6.1AI score0.02573EPSS
Exploits1
Debian CVE
Debian CVE
added 2024/02/17 1:50 a.m.44 views

CVE-2024-20925

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated...

3.1CVSS4AI score0.00553EPSS
Exploits0
Debian CVE
Debian CVE
added 2024/01/30 9:14 p.m.44 views

CVE-2024-1077

Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a malicious file. Chromium security severity: High...

8.8CVSS9.4AI score0.0093EPSS
Exploits0
Debian CVE
Debian CVE
added 2024/01/21 10:1 a.m.44 views

CVE-2023-6531

A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unixstreamreadgeneric on the socket that the SKB is queued on...

7CVSS7.3AI score0.00222EPSS
Exploits0
Debian CVE
Debian CVE
added 2024/01/15 8:2 p.m.44 views

CVE-2024-0565

An out-of-bounds memory read flaw was found in receiveencryptedstandard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service...

7.4CVSS6.7AI score0.01982EPSS
Exploits0
Debian CVE
Debian CVE
added 2024/01/15 7:1 p.m.44 views

CVE-2024-0562

A use-after-free flaw was found in the Linux Kernel. When a disk is removed, bdiunregister is called to stop further write-back and waits for associated delayed work to complete. However, wbinodewritebackend may schedule bandwidth estimation work after this has completed, which can result in the...

7.8CVSS7.4AI score0.00254EPSS
Exploits0
Debian CVE
Debian CVE
added 2024/01/08 6:16 p.m.44 views

CVE-2021-3600

It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code...

7.8CVSS6.8AI score0.00282EPSS
Exploits0
Debian CVE
Debian CVE
added 2024/01/04 1:56 a.m.44 views

CVE-2024-0223

Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.2AI score0.10114EPSS
Exploits0
Debian CVE
Debian CVE
added 2023/12/25 12:0 a.m.44 views

CVE-2023-51781

An issue was discovered in the Linux kernel before 6.6.8. atalkioctl in net/appletalk/ddp.c has a use-after-free because of an atalkrecvmsg race condition...

7CVSS7.3AI score0.0031EPSS
Exploits0
Debian CVE
Debian CVE
added 2023/11/21 2:28 p.m.44 views

CVE-2023-6209

Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox 120, Firefox ESR 115.5.0, and Thunderbird 115.5...

6.5CVSS8.2AI score0.01406EPSS
Exploits0
Debian CVE
Debian CVE
added 2023/11/10 4:57 p.m.44 views

CVE-2023-4949

An attacker with local access to a system either through a disk or external drive can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation...

8.1CVSS7.1AI score0.00241EPSS
Exploits0
Debian CVE
Debian CVE
added 2023/11/01 5:14 p.m.44 views

CVE-2023-5859

Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted local HTML page. Chromium security severity: Low...

4.3CVSS6.1AI score0.00619EPSS
Exploits0
Debian CVE
Debian CVE
added 2023/10/19 9:18 p.m.44 views

CVE-2023-45818

Removed by vendor...

6.1CVSS6.2AI score0.0062EPSS
Exploits0
Debian CVE
Debian CVE
added 2023/10/10 5:17 p.m.44 views

CVE-2023-42794

Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, in progress refactoring that exposed a potential denial of service on Windows if a web application opened ...

5.9CVSS6.7AI score0.01854EPSS
Exploits0
Total number of security vulnerabilities5000