Lucene search
K
DebiancveMost viewed

60169 matches found

Debian CVE
Debian CVE
•added 2019/04/25 2:41 p.m.•42 views

CVE-2019-3900

An infinite loop issue was found in the vhostnet kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handlerx. It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stal...

7.7CVSS7AI score0.04425EPSS
Exploits0
Debian CVE
Debian CVE
•added 2019/02/05 12:0 a.m.•42 views

CVE-2019-7395

In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c...

7.5CVSS6.1AI score0.03431EPSS
Exploits1
Debian CVE
Debian CVE
•added 2018/12/26 8:0 p.m.•42 views

CVE-2018-19871

An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption...

6.5CVSS7.8AI score0.01859EPSS
Exploits0
Debian CVE
Debian CVE
•added 2018/10/29 1:0 p.m.•42 views

CVE-2018-0735

The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j Affected 1.1.0-1.1.0i. Fixed in OpenSSL 1.1.1a Affected 1.1.1...

5.9CVSS6.1AI score0.04763EPSS
Exploits0
Debian CVE
Debian CVE
•added 2018/10/03 10:0 p.m.•42 views

CVE-2018-17972

An issue was discovered in the procpidstack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents...

5.5CVSS6.7AI score0.0035EPSS
Exploits0
Debian CVE
Debian CVE
•added 2018/08/29 1:0 p.m.•42 views

CVE-2018-8004

There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server ATS. This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users...

6.5CVSS6.7AI score0.06308EPSS
Exploits0
Debian CVE
Debian CVE
•added 2018/07/18 1:0 p.m.•42 views

CVE-2018-2952

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Concurrency. Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated...

4.3CVSS4.6AI score0.04184EPSS
Exploits0
Debian CVE
Debian CVE
•added 2018/07/10 2:0 p.m.•42 views

CVE-2018-1129

A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel ar...

6.5CVSS7.5AI score0.01902EPSS
Exploits0
Debian CVE
Debian CVE
•added 2018/07/10 2:0 p.m.•42 views

CVE-2018-10888

A flaw was found in libgit2 before version 0.27.3. A missing check in gitdeltaapply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service...

6.5CVSS6.8AI score0.01848EPSS
Exploits0
Debian CVE
Debian CVE
•added 2018/04/23 9:0 p.m.•42 views

CVE-2016-9601

ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2decodegrayscaleimage function which is used to decode halftone segments in a JBIG2 image. A document PostScript or PDF with an embedded, specially crafted, jbig2 image could trigge...

5.5CVSS6.7AI score0.01813EPSS
Exploits0
Debian CVE
Debian CVE
•added 2018/04/13 4:0 p.m.•42 views

CVE-2017-0366

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration...

5.4CVSS6.8AI score0.01342EPSS
Exploits1
Debian CVE
Debian CVE
•added 2018/04/06 1:0 p.m.•42 views

CVE-2018-1271

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources e.g. CSS, JS, images. When static resources are served from a file system on Windows as opposed to the classpath, or...

5.9CVSS7.6AI score0.35681EPSS
Exploits1
Debian CVE
Debian CVE
•added 2018/03/30 8:0 a.m.•42 views

CVE-2018-9133

ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions coders/tiff.c, which results in a hang tens of minutes with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file...

6.5CVSS7.7AI score0.03277EPSS
Exploits1
Debian CVE
Debian CVE
•added 2018/03/07 8:0 a.m.•42 views

CVE-2017-18221

The munlockpagevec function in mm/mlock.c in the Linux kernel before 4.11.4 allows local users to cause a denial of service NRMLOCK accounting corruption via crafted use of mlockall and munlockall system calls...

5.5CVSS5.9AI score0.00499EPSS
Exploits0
Debian CVE
Debian CVE
•added 2018/03/01 8:0 p.m.•42 views

CVE-2017-18211

In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function saveBinaryCLProgram in magick/opencl.c because a program-lookup result is not checked, related to CacheOpenCLKernel...

9.8CVSS7.8AI score0.04112EPSS
Exploits0
Debian CVE
Debian CVE
•added 2018/03/01 6:0 p.m.•42 views

CVE-2018-7584

Removed by vendor...

9.8CVSS8.7AI score0.87883EPSS
Exploits3
Debian CVE
Debian CVE
•added 2018/02/19 11:0 p.m.•42 views

CVE-2018-7253

The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service heap-based buffer over-read or possibly overwrite the heap via a maliciously crafted DSDIFF file...

7.8CVSS7.8AI score0.02923EPSS
Exploits1
Debian CVE
Debian CVE
•added 2018/02/14 5:0 p.m.•42 views

CVE-2017-18187

In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the sslparseclientpskidentity function in library/sslsrv.c...

9.8CVSS9.7AI score0.03175EPSS
Exploits0
Debian CVE
Debian CVE
•added 2018/01/31 2:0 p.m.•42 views

CVE-2017-15698

When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates th...

5.9CVSS6.2AI score0.03594EPSS
Exploits0
Debian CVE
Debian CVE
•added 2018/01/09 7:0 p.m.•42 views

CVE-2017-15129

A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function getnetnsbyid in net/core/netnamespace.c does not check for the net::count value after it has found a peer network in netnsids idr, which could lead to double free and memory...

4.9CVSS6.9AI score0.00357EPSS
Exploits0
Debian CVE
Debian CVE
•added 2018/01/04 1:0 p.m.•42 views

CVE-2017-5753

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis...

5.6CVSS7.7AI score0.93838EPSS
Exploits9
Debian CVE
Debian CVE
•added 2017/12/25 9:0 p.m.•42 views

CVE-2017-13870

An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote...

8.8CVSS9.3AI score0.024EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/12/20 11:0 p.m.•42 views

CVE-2017-17806

The HMAC implementation crypto/hmac.c in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AFALG-based hash interface CONFIGCRYPTOUSERAPIHASH and the SHA-3 hash algorithm CONFIGCRYPTOSHA3 to caus...

7.8CVSS6.4AI score0.00561EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/12/18 1:0 a.m.•42 views

CVE-2017-16997

elf/dl-load.c in the GNU C Library aka glibc or libc6 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged setuid or ATSECURE program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillinrpath...

9.3CVSS8.2AI score0.02698EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/12/02 6:0 a.m.•42 views

CVE-2017-17095

tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service TIFFSetupStrips heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted TIFF file...

8.8CVSS8.3AI score0.10639EPSS
Exploits1
Debian CVE
Debian CVE
•added 2017/11/15 8:0 a.m.•42 views

CVE-2017-16829

The bfdelfparsegnuproperties function in elf-properties.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service out-of-bounds read and application crash or possibl...

7.8CVSS6.6AI score0.01792EPSS
Exploits1
Debian CVE
Debian CVE
•added 2017/11/04 1:0 a.m.•42 views

CVE-2017-16537

The imonprobe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact via a crafted USB device...

7.2CVSS7.5AI score0.00397EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/10/24 6:0 p.m.•42 views

CVE-2016-10517

networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol but commonly occur when an attack triggers an HTTP request to the Redis TCP port...

7.4CVSS7.5AI score0.02147EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/10/19 10:0 p.m.•42 views

CVE-2017-15649

net/packet/afpacket.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packetfanout data structures, because of a race condition involving fanoutadd and packetdobind that leads to a use-after-free, a different vulnerabili...

7.8CVSS7AI score0.0097EPSS
Exploits4
Debian CVE
Debian CVE
•added 2017/10/12 8:0 a.m.•42 views

CVE-2017-15281

ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised values."...

8.8CVSS9AI score0.02725EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/10/04 1:0 a.m.•42 views

CVE-2017-1000111

Linux kernel: heap out-of-bounds in AFPACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packetsetring. Previously with PACKETVERSION. This time with PACKETRESERVE. The solution...

7.8CVSS7.3AI score0.00374EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/10/04 1:0 a.m.•42 views

CVE-2017-1000101

curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a...

6.5CVSS7.1AI score0.03875EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/09/25 9:0 p.m.•42 views

CVE-2015-5327

Out-of-bounds memory read in the x509decodetime function in x509certparser.c in Linux kernels 4.3-rc1 and after...

6.5CVSS6.8AI score0.01631EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/08/31 4:0 p.m.•42 views

CVE-2017-14063

Async Http Client aka async-http-client before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL CVE-2016-8624 and Oracle Java 8 java.net.URL...

7.5CVSS7.5AI score0.03046EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/08/25 7:0 a.m.•42 views

CVE-2017-13693

The acpidscreateoperands function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism in the kerne...

5.5CVSS6.3AI score0.00439EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/08/18 12:0 p.m.•42 views

CVE-2017-12937

The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read...

8.8CVSS8.8AI score0.02305EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/08/08 3:0 p.m.•42 views

CVE-2017-10090

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protoco...

9.6CVSS8.2AI score0.02555EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/07/27 9:0 p.m.•42 views

CVE-2016-2161

In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to modauthdigest can cause the server to crash, and each instance continues to crash even for subsequently valid requests...

7.5CVSS7.5AI score0.20952EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/07/20 12:0 a.m.•42 views

CVE-2017-9765

Integer overflow in the soapget function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denial of service stack-based buffer overflow and application crash via a large XML document, aka Devil'...

8.1CVSS8.6AI score0.21894EPSS
Exploits2
Debian CVE
Debian CVE
•added 2017/07/17 1:0 a.m.•42 views

CVE-2017-11352

In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9144...

6.5CVSS7.3AI score0.01843EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/06/20 1:0 a.m.•42 views

CVE-2017-7668

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows apfindtoken to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to...

7.5CVSS8AI score0.57472EPSS
Exploits1
Debian CVE
Debian CVE
•added 2017/05/24 3:0 p.m.•42 views

CVE-2017-9225

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigencunicodegetcasefoldcodesbystr occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in...

9.8CVSS7.8AI score0.0308EPSS
Exploits1
Debian CVE
Debian CVE
•added 2017/05/19 2:0 p.m.•42 views

CVE-2017-9078

The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled...

8.8CVSS5.7AI score0.05142EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/05/10 4:0 p.m.•42 views

CVE-2017-8890

The inetcskclonelock function in net/ipv4/inetconnectionsock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service double free or possibly have unspecified other impact by leveraging use of the accept system call...

7.8CVSS7.2AI score0.01372EPSS
Exploits5
Debian CVE
Debian CVE
•added 2017/04/24 7:0 p.m.•42 views

CVE-2017-3526

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with...

7.1CVSS6AI score0.03311EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/04/04 4:54 a.m.•42 views

CVE-2016-10229

udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSGPEEK flag...

10CVSS8AI score0.12791EPSS
Exploits1
Debian CVE
Debian CVE
•added 2017/03/29 8:0 p.m.•42 views

CVE-2017-7308

The packetsetring function in net/packet/afpacket.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service integer signedness error and out-of-bounds write, or gain privileges if the CAPNETRAW capability is held...

7.8CVSS6.7AI score0.17827EPSS
Exploits17
Debian CVE
Debian CVE
•added 2017/03/03 4:0 p.m.•42 views

CVE-2016-7409

The dbclient and server in Dropbear SSH before 2016.74, when compiled with DEBUGTRACE, allows local users to read process memory via the -v argument, related to a failed remote ident...

5.5CVSS5.6AI score0.00452EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/03/01 8:0 p.m.•42 views

CVE-2017-6353

net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service invalid unlock and double free via a multithreaded application. NOTE: this vulnerability exists because...

5.5CVSS6.5AI score0.00374EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/02/14 6:30 a.m.•42 views

CVE-2017-5967

The time subsystem in the Linux kernel through 4.9.9, when CONFIGTIMERSTATS is enabled, allows local users to discover real PID values as distinguished from PID values inside a PID namespace by reading the /proc/timerlist file, related to the printtimer function in kernel/time/timerlist.c and the...

4CVSS5.5AI score0.00334EPSS
Exploits0
Total number of security vulnerabilities5000