Lucene search

K
DebianDebian Linux

9135 matches found

cve
cve
added 2023/10/09 5:15 a.m.71 views

CVE-2023-45364

An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1. Deleted revision existence is leaked due to incorrect permissions being checked. This reveals that a given revision ID belonged to the given page title, and its timestamp,...

5.3CVSS5.3AI score0.00072EPSS
cve
cve
added 2023/11/11 1:15 a.m.71 views

CVE-2023-46849

Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.

7.5CVSS8AI score0.00311EPSS
cve
cve
added 2024/04/04 9:15 a.m.71 views

CVE-2024-26781

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix possible deadlock in subflow diag Syzbot and Eric reported a lockdep splat in the subflow diag: WARNING: possible circular locking dependency detected6.8.0-rc4-syzkaller-00212-g40b9385dd8e6 #0 Not tainted syz-executor.2/...

5.5CVSS6.3AI score0.00011EPSS
cve
cve
added 2000/10/13 4:0 a.m.70 views

CVE-2000-0511

CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service via a CGI POST request.

5CVSS7AI score0.00763EPSS
cve
cve
added 2004/09/28 4:0 a.m.70 views

CVE-2004-0643

Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code.

4.6CVSS9.3AI score0.00132EPSS
cve
cve
added 2005/08/04 4:0 a.m.70 views

CVE-2005-2456

Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c in Linux kernel 2.6 allows local users to cause a denial of service (oops or deadlock) and possibly execute arbitrary code via a p->dir value that is larger than XFRM_POLICY_OUT, which is used as an index in the sock->s...

5.5CVSS6.8AI score0.00116EPSS
cve
cve
added 2007/06/11 10:30 p.m.70 views

CVE-2007-2875

Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file.

2.1CVSS5.5AI score0.00094EPSS
cve
cve
added 2011/07/11 8:55 p.m.70 views

CVE-2011-1526

ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FT...

6.5CVSS4.6AI score0.00228EPSS
cve
cve
added 2019/11/14 3:15 a.m.70 views

CVE-2011-1930

In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP options.

10CVSS9.5AI score0.28991EPSS
Web
cve
cve
added 2014/02/05 7:55 p.m.70 views

CVE-2011-4613

The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY.

4.6CVSS6AI score0.00067EPSS
cve
cve
added 2012/09/07 10:55 p.m.70 views

CVE-2012-4388

The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to impr...

4.3CVSS6.3AI score0.09113EPSS
cve
cve
added 2019/11/27 7:15 p.m.70 views

CVE-2013-2625

An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified

6.5CVSS6.5AI score0.00179EPSS
cve
cve
added 2013/06/05 12:55 a.m.70 views

CVE-2013-2862

Skia, as used in Google Chrome before 27.0.1453.110, does not properly handle GPU acceleration, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

7.5CVSS7AI score0.00622EPSS
cve
cve
added 2013/07/31 1:20 p.m.70 views

CVE-2013-2884

Use-after-free vulnerability in the DOM implementation in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to improper tracking of which document owns an Attr object.

7.5CVSS7AI score0.00887EPSS
cve
cve
added 2014/01/16 12:17 p.m.70 views

CVE-2013-6645

Use-after-free vulnerability in the OnWindowRemovingFromRootWindow function in content/browser/web_contents/web_contents_view_aura.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows user-assisted remote attackers to cause a denial of service or p...

6.8CVSS7AI score0.01406EPSS
cve
cve
added 2015/02/08 11:59 a.m.70 views

CVE-2014-9666

The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact v...

6.8CVSS7.9AI score0.01778EPSS
cve
cve
added 2015/03/31 2:59 p.m.70 views

CVE-2014-9706

The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree.

7.5CVSS7.4AI score0.02765EPSS
cve
cve
added 2016/05/13 4:59 p.m.70 views

CVE-2014-9763

imlib2 before 1.4.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted PNM file.

7.5CVSS7AI score0.01896EPSS
cve
cve
added 2015/05/01 10:59 a.m.70 views

CVE-2015-1250

Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.135 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

7.5CVSS6.8AI score0.01097EPSS
cve
cve
added 2016/04/13 5:59 p.m.70 views

CVE-2015-3146

The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet.

7.5CVSS7AI score0.02391EPSS
cve
cve
added 2015/07/22 1:59 a.m.70 views

CVE-2015-4652

epan/dissectors/packet-gsm_a_dtap.c in the GSM DTAP dissector in Wireshark 1.12.x before 1.12.6 does not properly validate digit characters, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the de_emerg_num_list and de_bcd_num functions...

4.3CVSS5.2AI score0.00421EPSS
cve
cve
added 2018/01/29 8:29 p.m.70 views

CVE-2016-10711

Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751.

9.8CVSS9.1AI score0.0177EPSS
cve
cve
added 2016/01/12 8:59 p.m.70 views

CVE-2016-1232

The mod_dialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack.

7.5CVSS7AI score0.00708EPSS
cve
cve
added 2016/04/18 10:59 a.m.70 views

CVE-2016-1659

Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

10CVSS9.2AI score0.02365EPSS
cve
cve
added 2016/06/05 11:59 p.m.70 views

CVE-2016-1692

WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet download has an incorrect MIME type, which allows remote attackers to bypass the Same Origin Policy via a...

5.3CVSS5.9AI score0.00748EPSS
cve
cve
added 2016/06/05 11:59 p.m.70 views

CVE-2016-1702

The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted serialized data.

6.5CVSS6.7AI score0.0142EPSS
cve
cve
added 2017/01/06 9:59 p.m.70 views

CVE-2016-2367

An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for an avatar which will trigger an out-of-bounds rea...

5.9CVSS6.1AI score0.0191EPSS
cve
cve
added 2016/08/07 4:59 p.m.70 views

CVE-2016-4029

WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via a crafted address.

8.6CVSS8.1AI score0.00473EPSS
cve
cve
added 2016/09/02 2:59 p.m.70 views

CVE-2016-5107

The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors.

6CVSS6.8AI score0.00071EPSS
cve
cve
added 2016/11/17 5:59 a.m.70 views

CVE-2016-9374

In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly tracked the state of a signature variable.

5.9CVSS5.8AI score0.01217EPSS
cve
cve
added 2018/03/21 8:29 p.m.70 views

CVE-2017-0915

Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution.

9.8CVSS8.8AI score0.014EPSS
cve
cve
added 2018/04/24 7:29 p.m.70 views

CVE-2017-12105

An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c applies a particular object modifier to a Mesh. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context o...

8.8CVSS7.7AI score0.01231EPSS
cve
cve
added 2017/09/26 1:29 a.m.70 views

CVE-2017-14737

A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key.

5.5CVSS5.2AI score0.00052EPSS
cve
cve
added 2017/10/18 2:29 a.m.70 views

CVE-2017-15568

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/application_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of issue history.

6.1CVSS6.7AI score0.00517EPSS
cve
cve
added 2018/02/03 3:29 p.m.70 views

CVE-2017-18123

The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs.

9.3CVSS8.3AI score0.00354EPSS
Web
cve
cve
added 2018/04/24 7:29 p.m.70 views

CVE-2017-2899

An exploitable integer overflow exists in the TIFF loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.tif' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. ...

8.8CVSS7.7AI score0.01064EPSS
cve
cve
added 2017/06/21 3:29 p.m.70 views

CVE-2017-9780

In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the world...

7.8CVSS7.4AI score0.00105EPSS
cve
cve
added 2018/07/16 8:29 p.m.70 views

CVE-2018-12584

The ConnectionBase::preparseNewBytes function in resip/stack/ConnectionBase.cxx in reSIProcate through 1.10.2 allows remote attackers to cause a denial of service (buffer overflow) or possibly execute arbitrary code when TLS communication is enabled.

9.8CVSS9.7AI score0.36775EPSS
cve
cve
added 2018/09/07 2:29 p.m.70 views

CVE-2018-16657

In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with an invalid Via header causes a segmentation fault and crashes Kamailio. The reason is missing input validation in the crcitt_string_array core function for calculating a CRC hash for To tags. (An additional error is present...

9.8CVSS9.1AI score0.00274EPSS
cve
cve
added 2018/12/18 10:29 p.m.70 views

CVE-2018-19790

An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the _failure_path input field of login forms, an attacker can work around the redirection target restrictio...

6.1CVSS6.2AI score0.00474EPSS
cve
cve
added 2020/07/27 11:15 p.m.70 views

CVE-2020-12460

OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\0' byte over...

9.8CVSS9.6AI score0.14593EPSS
cve
cve
added 2020/10/07 6:15 p.m.70 views

CVE-2020-26880

Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable.

7.8CVSS7.5AI score0.00043EPSS
cve
cve
added 2022/04/18 5:15 p.m.70 views

CVE-2020-28618

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of ...

10CVSS9.2AI score0.00341EPSS
cve
cve
added 2021/03/04 8:15 p.m.70 views

CVE-2020-28636

A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->twin() An attacker can provide malicious input to trigger this vulnerability.

10CVSS9.2AI score0.00792EPSS
cve
cve
added 2020/12/15 6:15 p.m.70 views

CVE-2020-29486

An issue was discovered in Xen through 4.14.x. Nodes in xenstore have an ownership. In oxenstored, a owner could give a node away. However, node ownership has quota implications. Any guest can run another guest out of quota, or create an unbounded number of nodes owned by dom0, thus running xenstor...

6CVSS6.7AI score0.00061EPSS
cve
cve
added 2020/12/18 8:15 a.m.70 views

CVE-2020-35479

MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language::translateBlockExpiry itself does not escape in all code paths. For example, the return of Language::userTimeAndDate is is always unsafe for HTML in a month value. This affects MediaWiki 1.12.0 and later.

6.1CVSS6.3AI score0.01035EPSS
cve
cve
added 2022/09/01 6:15 p.m.70 views

CVE-2020-35530

In LibRaw, there is an out-of-bounds write vulnerability within the "new_node()" function (libraw\src\x3f\x3f_utils_patched.cpp) that can be triggered via a crafted X3F file.

5.5CVSS5.4AI score0.00022EPSS
cve
cve
added 2021/09/08 4:15 p.m.70 views

CVE-2021-21897

A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. A specially-crafted .dxf file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

8.8CVSS8.7AI score0.01931EPSS
cve
cve
added 2021/11/24 1:15 a.m.70 views

CVE-2021-28708

PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assig...

8.8CVSS8.5AI score0.00087EPSS
cve
cve
added 2021/08/23 1:15 p.m.70 views

CVE-2021-3693

LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.

9.6CVSS9AI score0.01759EPSS
Total number of security vulnerabilities9135