Lucene search
K
DebiancveMost viewed

60198 matches found

Debian CVE
Debian CVE
•added 2018/06/05 1:0 p.m.•40 views

CVE-2018-1000200

The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dereference which can result in an out of memory OOM killing of large mlocked processes. The issue arises from an oom killed process's final thread calling exitmmap, which calls munlockvmapagesall for mlocked vmas.This can happen...

5.5CVSS6.6AI score0.00493EPSS
Exploits0
Debian CVE
Debian CVE
•added 2018/05/18 7:0 p.m.•40 views

CVE-2018-11251

In ImageMagick 7.0.7-23 Q16 x8664 2018-01-24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service application crash in SetGrayscaleImage in MagickCore/quantize.c via a crafted SUN image file...

6.5CVSS7.1AI score0.0215EPSS
Exploits1
Debian CVE
Debian CVE
•added 2018/05/10 7:0 p.m.•40 views

CVE-2018-1115

Removed by vendor...

9.1CVSS6.8AI score0.04042EPSS
Exploits0
Debian CVE
Debian CVE
•added 2018/04/29 9:0 p.m.•40 views

CVE-2018-10549

Removed by vendor...

8.8CVSS8.7AI score0.0725EPSS
Exploits0
Debian CVE
Debian CVE
•added 2018/04/06 1:0 p.m.•40 views

CVE-2018-1272

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application server A receives input from a remote client, and then uses that input to make a...

7.5CVSS7.3AI score0.02831EPSS
Exploits0
Debian CVE
Debian CVE
•added 2018/03/27 3:0 a.m.•40 views

CVE-2017-18250

An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LogOpenCLBuildFailure in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file...

6.5CVSS6.2AI score0.01377EPSS
Exploits0
Debian CVE
Debian CVE
•added 2018/03/14 6:0 p.m.•40 views

CVE-2018-1000122

A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage...

9.1CVSS9.7AI score0.09393EPSS
Exploits0
Debian CVE
Debian CVE
•added 2018/03/14 6:0 p.m.•40 views

CVE-2018-1000120

A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse...

9.8CVSS9.7AI score0.12058EPSS
Exploits0
Debian CVE
Debian CVE
•added 2018/03/12 9:0 p.m.•40 views

CVE-2016-9953

The verifycertificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service crash, or possibly have unspecified other impact via a wildcard...

9.8CVSS10AI score0.01831EPSS
Exploits0
Debian CVE
Debian CVE
•added 2018/03/06 8:0 p.m.•40 views

CVE-2018-7170

ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an...

5.3CVSS7.3AI score0.02759EPSS
Exploits0
Debian CVE
Debian CVE
•added 2018/03/01 10:0 p.m.•40 views

CVE-2017-6927

Removed by vendor...

6.1CVSS7.2AI score0.01705EPSS
Exploits0
Debian CVE
Debian CVE
•added 2018/03/01 7:0 p.m.•40 views

CVE-2017-9268

In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong project for permissions, allowing authenticated users to cause operations on projects where they did not have permissions leading to denial of service resource consumption...

6.5CVSS5.5AI score0.00612EPSS
Exploits0
Debian CVE
Debian CVE
•added 2018/02/16 9:0 p.m.•40 views

CVE-2018-1049

In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to...

5.9CVSS5.7AI score0.0726EPSS
Exploits0
Debian CVE
Debian CVE
•added 2018/02/13 7:0 p.m.•40 views

CVE-2018-6952

A double free exists in the anotherhunk function in pch.c in GNU patch through 2.7.6...

7.5CVSS6.2AI score0.08411EPSS
Exploits0
Debian CVE
Debian CVE
•added 2018/01/31 10:0 p.m.•40 views

CVE-2017-16913

The "stubrecvcmdsubmit" function drivers/usb/usbip/stubrx.c in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMDSUBMIT packets allows attackers to cause a denial of service arbitrary memory allocation via a specially crafted USB over IP packet...

7.1CVSS6.6AI score0.0397EPSS
Exploits0
Debian CVE
Debian CVE
•added 2018/01/29 5:0 a.m.•40 views

CVE-2017-18078

systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protectedhardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks...

7.8CVSS5.9AI score0.01085EPSS
Exploits3
Debian CVE
Debian CVE
•added 2018/01/26 7:0 p.m.•40 views

CVE-2018-5750

The acpismbushcadd function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call...

5.5CVSS6.5AI score0.00499EPSS
Exploits0
Debian CVE
Debian CVE
•added 2018/01/18 2:0 a.m.•40 views

CVE-2018-2690

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBo...

8.6CVSS8.9AI score0.00531EPSS
Exploits0
Debian CVE
Debian CVE
•added 2018/01/05 7:0 p.m.•40 views

CVE-2018-5247

In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c...

6.5CVSS6.7AI score0.02083EPSS
Exploits1
Debian CVE
Debian CVE
•added 2017/12/24 4:0 a.m.•40 views

CVE-2017-17885

In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allows attackers to cause a denial of service via a crafted PICT image file...

6.5CVSS6.9AI score0.01385EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/12/20 11:0 p.m.•40 views

CVE-2017-17807

The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the requestkey system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search...

3.3CVSS6AI score0.0042EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/12/11 2:0 a.m.•40 views

CVE-2017-17499

ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp...

9.8CVSS6.5AI score0.03306EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/12/07 7:0 p.m.•40 views

CVE-2017-1000410

The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. B...

7.5CVSS7.9AI score0.04252EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/11/23 9:0 p.m.•40 views

CVE-2017-16931

parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name...

9.8CVSS8.6AI score0.04278EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/11/18 6:0 p.m.•40 views

CVE-2017-16882

Removed by vendor...

7.8CVSS7.8AI score0.00311EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/11/15 9:0 p.m.•40 views

CVE-2017-15102

The towerprobe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users who are physically proximate for inserting a crafted USB device to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer...

6.9CVSS6.9AI score0.00391EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/11/05 10:0 p.m.•40 views

CVE-2017-16546

The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service use of uninitialized data or invalid memory allocation or possibly have unspecified other impact via a...

8.8CVSS6.9AI score0.02201EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/11/04 1:0 a.m.•40 views

CVE-2017-16538

drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service general protection fault and system crash or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timin...

7.2CVSS7.5AI score0.00397EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/10/30 7:0 p.m.•40 views

CVE-2013-4366

http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification...

9.8CVSS8.9AI score0.0218EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/10/26 12:0 a.m.•40 views

CVE-2017-15906

The processopen function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files...

5.3CVSS6.6AI score0.03359EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/10/19 5:0 p.m.•40 views

CVE-2017-10357

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

5.3CVSS5.8AI score0.03305EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/10/19 5:0 p.m.•40 views

CVE-2017-10285

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: RMI. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

9.6CVSS7.6AI score0.03143EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/09/25 4:0 p.m.•40 views

CVE-2017-14729

The getsyntheticsymtab functions in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have...

7.8CVSS8.1AI score0.02264EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/09/19 1:0 p.m.•40 views

CVE-2017-12616

Removed by vendor...

7.5CVSS6.9AI score0.708EPSS
Exploits4
Debian CVE
Debian CVE
•added 2017/09/17 7:0 p.m.•40 views

CVE-2017-14505

DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 mishandles certain NULL arrays, which allows attackers to perform Denial of Service NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c by providing a crafted Image File as input...

6.5CVSS7.3AI score0.01485EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/09/07 6:0 a.m.•40 views

CVE-2017-14174

In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal due to lack of an EOF End of File check might cause huge CPU consumption. When a crafted PSD file, which claims a large "length" field in the header but does not contain sufficient backing data, is provided, the loop over...

7.1CVSS6.3AI score0.02249EPSS
Exploits1
Debian CVE
Debian CVE
•added 2017/08/23 6:0 a.m.•40 views

CVE-2017-13142

In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files...

6.5CVSS7.4AI score0.01811EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/08/23 6:0 a.m.•40 views

CVE-2017-13146

In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function in coders/mat.c...

8.8CVSS6AI score0.01268EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/08/22 6:0 a.m.•40 views

CVE-2017-13061

In ImageMagick 7.0.6-5, a length-validation vulnerability was found in the function ReadPSDLayersInternal in coders/psd.c, which allows attackers to cause a denial of service ReadPSDImage memory exhaustion via a crafted file...

6.5CVSS6.9AI score0.01524EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/08/19 6:0 p.m.•40 views

CVE-2017-10662

The sanitycheckrawsuper function in fs/f2fs/super.c in the Linux kernel before 4.11.1 does not validate the segment count, which allows local users to gain privileges via unspecified vectors...

7.8CVSS5.5AI score0.00465EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/08/08 3:0 p.m.•40 views

CVE-2017-10096

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

9.6CVSS8.3AI score0.02555EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/08/08 3:0 p.m.•40 views

CVE-2017-10109

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker...

5.3CVSS5.9AI score0.03114EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/08/08 3:0 p.m.•40 views

CVE-2017-10115

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JCE. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with networ...

7.5CVSS7AI score0.02737EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/08/07 9:0 p.m.•40 views

CVE-2017-12665

ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePICTImage in coders/pict.c...

8.8CVSS6.8AI score0.01457EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/08/07 8:0 p.m.•40 views

CVE-2015-7691

The cryptoxmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service crash via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750...

7.5CVSS7.8AI score0.07103EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/08/07 8:0 p.m.•40 views

CVE-2015-7692

The cryptoxmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service crash. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750...

7.5CVSS7.8AI score0.07336EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/07/26 7:0 p.m.•40 views

CVE-2017-9727

The gxttfReaderRead function in base/gxttfb.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash or possibly have unspecified other impact via a crafted document...

7.8CVSS8.3AI score0.02529EPSS
Exploits1
Debian CVE
Debian CVE
•added 2017/07/26 8:0 a.m.•40 views

CVE-2017-11613

In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, tdimagelength is not checked. The value of tdimagelength can be directly controlled by an input file. In the...

6.5CVSS7.4AI score0.02748EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/07/23 3:0 a.m.•40 views

CVE-2017-11526

The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service large loop and CPU consumption via a crafted file...

7.1CVSS7AI score0.02915EPSS
Exploits0
Debian CVE
Debian CVE
•added 2017/07/02 3:0 a.m.•40 views

CVE-2017-10790

The asn1checkidentifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1node structure. It may lead to a remote denial of service attack...

7.5CVSS7.5AI score0.0499EPSS
Exploits1
Total number of security vulnerabilities5000