Lucene search

K
DebianDebian Linux

9127 matches found

CVE
CVE
added 2022/09/15 4:15 p.m.70 views

CVE-2022-38851

Certain The MPlayer Project products are vulnerable to Out-of-bounds Read via function read_meta_record() of mplayer/libmpdemux/asfheader.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.

5.5CVSS5.5AI score0.00034EPSS
CVE
CVE
added 2022/12/30 11:15 p.m.70 views

CVE-2022-42259

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service.

5.5CVSS6AI score0.00036EPSS
CVE
CVE
added 2022/12/23 11:3 p.m.70 views

CVE-2022-43593

A denial of service vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to null pointer dereference. An attacker can provide malicious input to trigger this vulnerability.

5.9CVSS7AI score0.001EPSS
CVE
CVE
added 2023/11/11 1:15 a.m.70 views

CVE-2023-46849

Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.

7.5CVSS8AI score0.00311EPSS
CVE
CVE
added 2024/05/05 8:15 p.m.70 views

CVE-2024-34509

dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.

5.3CVSS6.8AI score0.00113EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.69 views

CVE-2002-0062

Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling."

7.2CVSS6.5AI score0.00203EPSS
CVE
CVE
added 2005/03/01 5:0 a.m.69 views

CVE-2004-1051

sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.

7.2CVSS6.8AI score0.0011EPSS
CVE
CVE
added 2005/08/16 4:0 a.m.69 views

CVE-2005-2555

Linux kernel 2.6.x does not properly restrict socket policy access to users with the CAP_NET_ADMIN capability, which could allow local users to conduct unauthorized activities via (1) ipv4/ip_sockglue.c and (2) ipv6/ipv6_sockglue.c.

4.6CVSS5.3AI score0.00093EPSS
CVE
CVE
added 2006/05/30 7:2 p.m.69 views

CVE-2006-2661

ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference.

5CVSS6.1AI score0.10345EPSS
CVE
CVE
added 2007/04/06 1:19 a.m.69 views

CVE-2007-0956

The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.

10CVSS9.6AI score0.9135EPSS
CVE
CVE
added 2009/06/08 1:0 a.m.69 views

CVE-2009-1961

The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local users to cause a denial of service (prevention of file creation and removal) via a series of splice...

4.7CVSS4.4AI score0.00133EPSS
CVE
CVE
added 2011/07/11 8:55 p.m.69 views

CVE-2011-1526

ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FT...

6.5CVSS4.6AI score0.00228EPSS
CVE
CVE
added 2019/11/26 3:15 a.m.69 views

CVE-2011-3617

Tahoe-LAFS v1.3.0 through v1.8.2 could allow unauthorized users to delete immutable files in some cases.

6.5CVSS6.3AI score0.00277EPSS
CVE
CVE
added 2011/12/08 11:55 a.m.69 views

CVE-2011-4539

dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet.

5CVSS6.2AI score0.32265EPSS
CVE
CVE
added 2014/02/05 7:55 p.m.69 views

CVE-2011-4613

The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY.

4.6CVSS6AI score0.00072EPSS
CVE
CVE
added 2012/07/25 10:42 a.m.69 views

CVE-2012-3571

ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier.

6.1CVSS6.3AI score0.22137EPSS
Web
CVE
CVE
added 2012/09/07 10:55 p.m.69 views

CVE-2012-4388

The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to impr...

4.3CVSS6.3AI score0.09113EPSS
Web
CVE
CVE
added 2013/01/03 1:55 a.m.69 views

CVE-2012-5653

The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 allows remote authenticated users to bypass the protection mechanism and execute arbitrary PHP code via a null byte in a file name.

6CVSS7AI score0.0077EPSS
CVE
CVE
added 2013/11/13 3:55 p.m.69 views

CVE-2013-6621

Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the x-webkit-speech attribute in a text INPUT element.

7.5CVSS6.9AI score0.01481EPSS
CVE
CVE
added 2014/04/23 3:55 p.m.69 views

CVE-2014-2709

lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified parameters.

7.5CVSS8.9AI score0.01868EPSS
CVE
CVE
added 2014/08/27 1:55 a.m.69 views

CVE-2014-3168

Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper caching associated with animation.

7.5CVSS7AI score0.01558EPSS
CVE
CVE
added 2014/05/16 3:55 p.m.69 views

CVE-2014-3730

The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\djangoproject.com."

4.3CVSS6.3AI score0.00988EPSS
CVE
CVE
added 2014/11/25 11:59 p.m.69 views

CVE-2014-9035

Cross-site scripting (XSS) vulnerability in Press This in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.5AI score0.00584EPSS
CVE
CVE
added 2014/11/25 11:59 p.m.69 views

CVE-2014-9036

Cross-site scripting (XSS) vulnerability in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted Cascading Style Sheets (CSS) token sequence in a post.

4.3CVSS5.4AI score0.00584EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.69 views

CVE-2014-9666

The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact v...

6.8CVSS7.9AI score0.01778EPSS
CVE
CVE
added 2015/03/31 2:59 p.m.69 views

CVE-2014-9706

The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree.

7.5CVSS7.4AI score0.02765EPSS
CVE
CVE
added 2017/09/19 3:29 p.m.69 views

CVE-2015-1854

389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.

7.5CVSS7.1AI score0.00432EPSS
CVE
CVE
added 2015/04/19 10:59 a.m.69 views

CVE-2015-3334

browser/ui/website_settings/website_settings.cc in Google Chrome before 42.0.2311.90 does not always display "Media: Allowed by you" in a Permissions table after the user has granted camera permission to a web site, which might make it easier for user-assisted remote attackers to obtain sensitive v...

4.3CVSS5.4AI score0.00637EPSS
CVE
CVE
added 2016/04/12 2:59 p.m.69 views

CVE-2015-8346

app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the time logging form.

5.3CVSS5.2AI score0.00467EPSS
CVE
CVE
added 2018/01/29 8:29 p.m.69 views

CVE-2016-10711

Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751.

9.8CVSS9.1AI score0.0177EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.69 views

CVE-2016-1685

core/fxge/ge/fx_ge_text.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, miscalculates certain index values, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.

6.5CVSS6.5AI score0.01451EPSS
CVE
CVE
added 2017/01/06 9:59 p.m.69 views

CVE-2016-2367

An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for an avatar which will trigger an out-of-bounds rea...

5.9CVSS6.1AI score0.01445EPSS
Web
CVE
CVE
added 2016/08/07 4:59 p.m.69 views

CVE-2016-4029

WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via a crafted address.

8.6CVSS8.1AI score0.00473EPSS
CVE
CVE
added 2016/06/14 2:59 p.m.69 views

CVE-2016-5338

The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer.

7.8CVSS7.9AI score0.00097EPSS
CVE
CVE
added 2016/11/17 5:59 a.m.69 views

CVE-2016-9374

In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly tracked the state of a signature variable.

5.9CVSS5.8AI score0.01217EPSS
CVE
CVE
added 2017/03/01 3:59 p.m.69 views

CVE-2016-9559

coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image.

6.5CVSS6.9AI score0.01033EPSS
CVE
CVE
added 2017/10/18 2:29 a.m.69 views

CVE-2017-15573

In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content.

6.1CVSS6.8AI score0.00381EPSS
CVE
CVE
added 2017/12/27 5:8 p.m.69 views

CVE-2017-17852

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of 32-bit ALU ops.

7.8CVSS7.4AI score0.00123EPSS
CVE
CVE
added 2017/12/27 5:8 p.m.69 views

CVE-2017-17857

The check_stack_boundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of invalid variable stack read operations.

7.8CVSS7.4AI score0.00071EPSS
CVE
CVE
added 2018/04/24 7:29 p.m.69 views

CVE-2017-2899

An exploitable integer overflow exists in the TIFF loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.tif' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. ...

8.8CVSS7.7AI score0.01064EPSS
CVE
CVE
added 2018/04/24 7:29 p.m.69 views

CVE-2017-2903

An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. A...

8.8CVSS7.7AI score0.0378EPSS
CVE
CVE
added 2018/04/24 7:29 p.m.69 views

CVE-2017-2904

An exploitable integer overflow exists in the RADIANCE loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.hdr' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the applicati...

8.8CVSS7.7AI score0.01064EPSS
CVE
CVE
added 2017/06/13 6:29 a.m.69 views

CVE-2017-4965

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ managemen...

6.1CVSS5.8AI score0.00825EPSS
CVE
CVE
added 2017/06/13 6:29 a.m.69 views

CVE-2017-4967

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ managemen...

6.1CVSS5.9AI score0.00598EPSS
CVE
CVE
added 2017/03/15 4:59 p.m.69 views

CVE-2017-5522

Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving WFS get feature requests.

9.8CVSS9.6AI score0.04844EPSS
CVE
CVE
added 2017/03/10 10:59 a.m.69 views

CVE-2017-6802

An issue was discovered in ytnef before 1.9.2. There is a potential heap-based buffer over-read on incoming Compressed RTF Streams, related to DecompressRTF() in libytnef.

7.5CVSS7.4AI score0.00797EPSS
CVE
CVE
added 2019/03/27 8:29 p.m.69 views

CVE-2017-7655

In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vulnerability was found in the Mosquitto library which could lead to crashes for those applications using the library.

7.5CVSS7.3AI score0.00654EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.69 views

CVE-2017-7763

Default fonts on OS X display some Tibetan characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox &lt...

5.3CVSS6AI score0.00509EPSS
CVE
CVE
added 2018/07/16 8:29 p.m.69 views

CVE-2018-10857

git-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or content from a private web server on localhost or the LAN.

7.5CVSS7.3AI score0.00384EPSS
CVE
CVE
added 2018/09/07 2:29 p.m.69 views

CVE-2018-16657

In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with an invalid Via header causes a segmentation fault and crashes Kamailio. The reason is missing input validation in the crcitt_string_array core function for calculating a CRC hash for To tags. (An additional error is present...

9.8CVSS9.1AI score0.00274EPSS
Total number of security vulnerabilities9127