Lucene search
K
DebiancveMost viewed

60161 matches found

Debian CVE
Debian CVE
•added 2018/02/26 8:0 p.m.•41 views

CVE-2018-7492

A NULL pointer dereference was found in the net/rds/rdma.c rdsrdmamap function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDSGETMR and RDSGETMRFORDEST...

5.5CVSS6.5AI score0.00676EPSS
Exploits1
Debian CVE
Debian CVE
•added 2018/01/24 10:0 p.m.•41 views

CVE-2018-1000007

libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is...

9.8CVSS7.7AI score0.08031EPSS
Exploits0
Debian CVE
Debian CVE
•added 2018/01/18 2:0 a.m.•41 views

CVE-2018-2634

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JGSS. Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

6.8CVSS6AI score0.04532EPSS
Exploits0
Debian CVE
Debian CVE
•added 2018/01/18 2:0 a.m.•41 views

CVE-2018-2599

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JNDI. Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker...

5.8CVSS5.2AI score0.04162EPSS
Exploits0
Debian CVE
Debian CVE
•added 2018/01/02 3:0 p.m.•41 views

CVE-2017-1000445

ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of service...

6.5CVSS6.9AI score0.0228EPSS
Exploits0
Debian CVE
Debian CVE
•added 2018/01/01 8:0 a.m.•41 views

CVE-2017-18008

In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in coders/pwp.c...

6.5CVSS7.4AI score0.02554EPSS
Exploits1
Debian CVE
Debian CVE
•added 2017/12/24 4:0 a.m.•41 views

CVE-2017-17886

In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service via a crafted psd image file...

6.5CVSS6.2AI score0.01081EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/12/18 8:0 a.m.•41 views

CVE-2017-17741

The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a writemmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h...

6.5CVSS7AI score0.00451EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/12/14 4:0 p.m.•41 views

CVE-2017-17530

common/help.c in Geomview 1.9.5 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: this is disputed by a third party because no untrusted input can ...

8.8CVSS8.7AI score0.01495EPSS
Exploits1
Debian CVE
Debian CVE
•added 2017/11/29 6:0 p.m.•41 views

CVE-2017-8817

The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service out-of-bounds read and application crash or possibly have unspecified other impact via a string that ends with an '' character...

9.8CVSS10AI score0.11175EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/11/24 10:0 a.m.•41 views

CVE-2017-16939

The XFRM dump policy implementation in net/xfrm/xfrmuser.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service use-after-free via a crafted SORCVBUF setsockopt system call in conjunction with XFRMMSGGETPOLICY Netlink messages...

7.8CVSS6.9AI score0.0215EPSS
Exploits3
Debian CVE
Debian CVE
•added 2017/11/22 6:0 p.m.•41 views

CVE-2017-12193

The assocarrayinsertintoterminalnode function in lib/assocarray.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a denial of service NULL pointer dereference and panic via a crafted application, as demonstrated by the keyring key type, and key...

5.5CVSS6.3AI score0.00455EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/11/07 11:0 p.m.•41 views

CVE-2017-16645

The imspcugetcdcuniondesc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service imspcuparsecdcdata out-of-bounds read and system crash or possibly have unspecified other impact via a crafted USB device...

7.2CVSS7.4AI score0.00404EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/10/29 8:0 p.m.•41 views

CVE-2017-16228

Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117...

9.8CVSS9AI score0.03394EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/10/27 7:0 p.m.•41 views

CVE-2017-13089

The http.c:skipshortbody function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then...

9.3CVSS1AI score0.79855EPSS
Exploits3
Debian CVE
Debian CVE
•added 2017/10/26 2:0 p.m.•41 views

CVE-2017-15908

In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dnspacketreadtypewindow function of the 'systemd-resolved' service and cause a DoS of the affected service...

7.5CVSS7.5AI score0.23633EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/10/04 7:0 a.m.•41 views

CVE-2017-15016

ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c...

8.8CVSS8.6AI score0.01687EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/09/26 4:0 p.m.•41 views

CVE-2017-14745

The getsyntheticsymtab functions in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, which allows remote attackers to cause a denial of service integer overflow and application crash or possib...

7.8CVSS7.8AI score0.01201EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/09/07 6:0 a.m.•41 views

CVE-2017-14173

In the function ReadTXTImage in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRangedepth+1" when "depth" is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted TXT file that claims a...

6.5CVSS6.7AI score0.01939EPSS
Exploits1
Debian CVE
Debian CVE
•added 2017/08/23 6:0 a.m.•41 views

CVE-2017-13141

In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file could trigger a memory leak in ReadOnePNGImage in coders/png.c...

6.5CVSS7.3AI score0.01241EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/08/22 6:0 a.m.•41 views

CVE-2017-13058

In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WritePCXImage in coders/pcx.c, which allows attackers to cause a denial of service via a crafted file...

6.5CVSS6.9AI score0.01524EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/08/22 6:0 a.m.•41 views

CVE-2017-13060

In ImageMagick 7.0.6-5, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file...

6.5CVSS6.9AI score0.01189EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/08/07 9:0 p.m.•41 views

CVE-2017-12664

ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePALMImage in coders/palm.c...

8.8CVSS6.5AI score0.01457EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/08/02 5:0 a.m.•41 views

CVE-2017-12140

The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafted DCM file...

7.1CVSS8AI score0.02231EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/07/23 3:0 a.m.•41 views

CVE-2017-11535

When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WritePSImage function in coders/ps.c...

6.5CVSS7.4AI score0.01663EPSS
Exploits1
Debian CVE
Debian CVE
•added 2017/07/20 12:0 a.m.•41 views

CVE-2017-9765

Integer overflow in the soapget function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denial of service stack-based buffer overflow and application crash via a large XML document, aka Devil'...

8.1CVSS8.6AI score0.21894EPSS
Exploits2
Debian CVE
Debian CVE
•added 2017/07/06 4:0 p.m.•41 views

CVE-2016-4000

Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object...

9.8CVSS9.6AI score0.0657EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/06/19 4:0 p.m.•41 views

CVE-2017-1000365

The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMITSTACK/RLIMINFINITY 1/4 of the size, but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel version...

7.8CVSS6.4AI score0.00899EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/05/25 5:0 p.m.•41 views

CVE-2016-5007

Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space...

7.5CVSS7.6AI score0.02837EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/05/22 10:0 p.m.•41 views

CVE-2017-9150

The docheck function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allowptrleaks value available for restricting the output of the printbpfinsn function, which allows local users to obtain sensitive address information via crafted bpf system calls...

5.5CVSS6.2AI score0.01261EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/05/19 2:0 p.m.•41 views

CVE-2017-9078

The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled...

8.8CVSS5.7AI score0.05142EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/04/24 7:0 p.m.•41 views

CVE-2017-3533

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker wi...

4.3CVSS4.7AI score0.0258EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/03/27 3:0 p.m.•41 views

CVE-2016-9922

The cirrusdocopy function in hw/display/cirrusvga.c in QEMU aka Quick Emulator, when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service divide-by-zero error and QEMU process crash via vectors involving blit pitch values...

5.5CVSS7AI score0.00413EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/03/24 7:0 p.m.•41 views

CVE-2016-10266

LibTIFF 4.0.7 allows remote attackers to cause a denial of service divide-by-zero error and application crash via a crafted TIFF image, related to libtiff/tifread.c:351:22...

5.5CVSS6.7AI score0.01702EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/03/23 5:0 p.m.•41 views

CVE-2016-10050

Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allows remote attackers to cause a denial of service application crash or have other unspecified impact via a crafted RLE file...

7.8CVSS6.2AI score0.02018EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/03/13 6:14 a.m.•41 views

CVE-2017-5929

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...

9.8CVSS7AI score0.07501EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/03/03 11:0 a.m.•41 views

CVE-2015-2877

Kernel Samepage Merging KSM in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection CAIN attack. NOTE: the vendor states "Basically ...

3.3CVSS6.8AI score0.00942EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/03/01 3:0 p.m.•41 views

CVE-2016-10095

Stack-based buffer overflow in the TIFFVGetField function in tifdir.c in LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7 and 4.0.8 allows remote attackers to cause a denial of service crash via a crafted TIFF file...

5.5CVSS7.3AI score0.02705EPSS
Exploits1
Debian CVE
Debian CVE
•added 2017/02/22 4:0 p.m.•41 views

CVE-2016-9377

Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service guest crash by leveraging IDT entry miscalculation...

5.5CVSS3.8AI score0.0039EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/02/15 7:0 p.m.•41 views

CVE-2016-8866

The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862...

8.8CVSS6.4AI score0.04613EPSS
Exploits1
Debian CVE
Debian CVE
•added 2017/02/06 5:0 p.m.•41 views

CVE-2017-5595

A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile, which allows an authenticated attacker to read local system files e.g., /etc/passwd in the context of the web server user www-dat...

5.5CVSS3AI score0.00434EPSS
Exploits2
Debian CVE
Debian CVE
•added 2017/01/15 2:0 a.m.•41 views

CVE-2017-5487

wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request...

5.3CVSS6.8AI score0.87299EPSS
Exploits7
Debian CVE
Debian CVE
•added 2017/01/05 2:0 a.m.•41 views

CVE-2016-7169

Directory traversal vulnerability in the FileUploadUpgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress before 4.6.1 allows remote authenticated users to access arbitrary files via a crafted urlholder parameter...

6.5CVSS5AI score0.03237EPSS
Exploits0
Debian CVE
Debian CVE
•added 2016/12/10 12:0 a.m.•41 views

CVE-2016-7170

The vmsvgafiforun function in hw/display/vmwarevga.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service out-of-bounds write and QEMU process crash via vectors related to cursor.mask and cursor.image array sizes when processing a DEFINECURSOR svga command...

4.4CVSS6.3AI score0.00402EPSS
Exploits0
Debian CVE
Debian CVE
•added 2016/11/16 4:49 a.m.•41 views

CVE-2016-7915

The hidinputfield function in drivers/hid/hid-core.c in the Linux kernel before 4.6 allows physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service out-of-bounds read by connecting a device, as demonstrated by a Logitech DJ receiver...

5.5CVSS6.4AI score0.01737EPSS
Exploits0
Debian CVE
Debian CVE
•added 2016/11/08 8:37 p.m.•41 views

CVE-2016-7382

For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer nvlddmkm.sys for Windows or nvidia.ko for Linux handler where a missing permissions check may allow users to gain access to arbitrary physical memory, leading to an...

7.8CVSS7.9AI score0.00413EPSS
Exploits0
Debian CVE
Debian CVE
•added 2016/11/04 9:0 p.m.•41 views

CVE-2016-8667

The rc4030write function in hw/dma/rc4030.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service divide-by-zero error and QEMU process crash via a large interval timer reload value...

6CVSS6AI score0.0039EPSS
Exploits0
Debian CVE
Debian CVE
•added 2016/10/30 10:0 p.m.•41 views

CVE-2016-9117

NULL Pointer Access in function imagetopnm of convert.cjp2:1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file...

6.5CVSS7.4AI score0.02216EPSS
Exploits1
Debian CVE
Debian CVE
•added 2016/10/25 2:0 p.m.•41 views

CVE-2016-5573

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5582...

8.3CVSS8.2AI score0.03255EPSS
Exploits0
Debian CVE
Debian CVE
•added 2016/10/25 2:0 p.m.•41 views

CVE-2016-5582

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5573...

9.6CVSS8.7AI score0.05437EPSS
Exploits0
Total number of security vulnerabilities5000