Lucene search

K
DebianDebian Linux

9127 matches found

CVE
CVE
added 2018/01/19 8:29 a.m.69 views

CVE-2018-5786

In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the get_fileinfo function (lrzip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file.

5.5CVSS5.8AI score0.00301EPSS
CVE
CVE
added 2018/02/05 4:29 a.m.69 views

CVE-2018-6621

The decode_frame function in libavcodec/utvideodec.c in FFmpeg through 3.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file.

6.5CVSS6.1AI score0.00682EPSS
CVE
CVE
added 2018/03/24 9:29 p.m.69 views

CVE-2018-8971

The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users.

9.8CVSS9.1AI score0.00172EPSS
CVE
CVE
added 2019/09/11 7:15 p.m.69 views

CVE-2019-16235

Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep/0280_message_carbons.vala.

7.5CVSS7.2AI score0.00167EPSS
CVE
CVE
added 2019/10/31 2:15 p.m.69 views

CVE-2019-18422

An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. Interrupts are unconditionally unmasked in exception handlers. When an exception occurs on an ARM system which is handled wit...

8.8CVSS9.3AI score0.03766EPSS
CVE
CVE
added 2020/07/27 11:15 p.m.69 views

CVE-2020-12460

OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\0' byte over...

9.8CVSS9.6AI score0.24331EPSS
CVE
CVE
added 2021/08/10 9:15 p.m.69 views

CVE-2020-21676

A stack-based buffer overflow in the genpstrx_text() component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.

5.5CVSS5.6AI score0.0012EPSS
CVE
CVE
added 2022/04/18 5:15 p.m.69 views

CVE-2020-28618

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of ...

10CVSS9.2AI score0.0032EPSS
CVE
CVE
added 2020/12/18 8:15 a.m.69 views

CVE-2020-35475

In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. (The right column...

7.5CVSS7AI score0.00585EPSS
CVE
CVE
added 2021/11/24 1:15 a.m.69 views

CVE-2021-28708

PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assig...

8.8CVSS8.5AI score0.00087EPSS
CVE
CVE
added 2021/08/24 2:15 p.m.69 views

CVE-2021-38714

In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code execution. The vulnerability is found in ssgLoadTGA() function in src/ssg/ssgLoadTGA.cxx file.

9.3CVSS8.8AI score0.00178EPSS
CVE
CVE
added 2022/02/04 11:15 p.m.69 views

CVE-2021-40403

An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. A specially-crafted pick-and-place file can exploit the missing initialization of a structure to leak memory contents. An attacker ca...

6.3CVSS5.7AI score0.00127EPSS
CVE
CVE
added 2022/04/15 2:15 p.m.69 views

CVE-2022-28041

stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.

6.5CVSS6.4AI score0.0081EPSS
CVE
CVE
added 2022/09/15 3:15 p.m.69 views

CVE-2022-38863

Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mp_getbits() of libmpdemux/mpeg_hdr.c which affects mencoder and mplayer. This affects mecoder SVN-r38374-13.0.1 and mplayer SVN-r38374-13.0.1.

5.5CVSS5.5AI score0.00044EPSS
CVE
CVE
added 2024/11/10 10:15 p.m.69 views

CVE-2024-46955

An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space.

5.5CVSS6.4AI score0.00061EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.68 views

CVE-1999-0381

super 3.11.6 and other versions have a buffer overflow in the syslog utility which allows a local user to gain root access.

7.2CVSS7.5AI score0.00145EPSS
CVE
CVE
added 2004/09/28 4:0 a.m.68 views

CVE-2004-0643

Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code.

4.6CVSS9.3AI score0.00132EPSS
CVE
CVE
added 2005/08/04 4:0 a.m.68 views

CVE-2005-2456

Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c in Linux kernel 2.6 allows local users to cause a denial of service (oops or deadlock) and possibly execute arbitrary code via a p->dir value that is larger than XFRM_POLICY_OUT, which is used as an index in the sock->s...

5.5CVSS6.8AI score0.00116EPSS
Web
CVE
CVE
added 2005/08/23 4:0 a.m.68 views

CVE-2005-2459

The huft_build function in inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 returns the wrong value, which allows remote attackers to cause a denial of service (kernel crash) via a certain compressed file that leads to a null pointer dereference, a different vulnerability than CVE...

5CVSS5.9AI score0.12945EPSS
CVE
CVE
added 2005/09/26 7:3 p.m.68 views

CVE-2005-3055

Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial of service (kernel OOPS) via a userspace process that issues a USB Request Block (URB) to a USB device and terminates before the URB is finished, which leads to a stale pointer reference.

2.1CVSS4.9AI score0.0009EPSS
CVE
CVE
added 2006/03/15 7:6 p.m.68 views

CVE-2006-1244

Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) J...

7.6CVSS6.6AI score0.07223EPSS
CVE
CVE
added 2007/10/30 10:46 p.m.68 views

CVE-2007-5729

The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the MTU to the EN0_TCNT register, which triggers a heap-based buffer overflow in the slirp library, aka NE2000 "mtu" heap overflow. NOTE: some sources have used CVE-2007...

7.2CVSS7.2AI score0.00145EPSS
CVE
CVE
added 2013/06/05 12:55 a.m.68 views

CVE-2013-2863

Google Chrome before 27.0.1453.110 does not properly handle SSL sockets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

10CVSS7.6AI score0.03175EPSS
CVE
CVE
added 2013/07/10 10:55 a.m.68 views

CVE-2013-2867

Google Chrome before 28.0.1500.71 does not properly prevent pop-under windows, which allows remote attackers to have an unspecified impact via a crafted web site.

7.5CVSS6.2AI score0.00656EPSS
CVE
CVE
added 2013/10/02 10:35 a.m.68 views

CVE-2013-2919

Google V8, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

7.5CVSS7AI score0.02329EPSS
CVE
CVE
added 2013/06/09 9:55 p.m.68 views

CVE-2013-4078

epan/dissectors/packet-rdp.c in the RDP dissector in Wireshark 1.8.x before 1.8.8 does not validate return values during checks for data availability, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

5CVSS6.3AI score0.01429EPSS
CVE
CVE
added 2019/12/31 7:15 p.m.68 views

CVE-2013-4357

The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service.

7.5CVSS7.2AI score0.01161EPSS
CVE
CVE
added 2014/03/27 4:55 p.m.68 views

CVE-2014-2326

Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.4AI score0.01268EPSS
Web
CVE
CVE
added 2014/11/25 11:59 p.m.68 views

CVE-2014-9037

WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.

6.8CVSS6.5AI score0.02609EPSS
CVE
CVE
added 2014/12/01 3:59 p.m.68 views

CVE-2014-9087

Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow.

7.5CVSS6.5AI score0.05055EPSS
CVE
CVE
added 2015/04/19 10:59 a.m.68 views

CVE-2015-1246

Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5CVSS6.2AI score0.0303EPSS
CVE
CVE
added 2015/04/19 10:59 a.m.68 views

CVE-2015-1249

Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.90 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

7.5CVSS6.8AI score0.01732EPSS
CVE
CVE
added 2015/05/01 10:59 a.m.68 views

CVE-2015-1250

Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.135 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

7.5CVSS6.8AI score0.01097EPSS
CVE
CVE
added 2015/04/14 6:59 p.m.68 views

CVE-2015-2788

Multiple stack-based buffer overflows in the ib_fill_isqlda function in dbdimp.c in DBD-Firebird before 1.19 allow remote attackers to have unspecified impact via unknown vectors that trigger an error condition, related to binding octets to columns.

10CVSS7AI score0.07802EPSS
CVE
CVE
added 2015/07/22 1:59 a.m.68 views

CVE-2015-4652

epan/dissectors/packet-gsm_a_dtap.c in the GSM DTAP dissector in Wireshark 1.12.x before 1.12.6 does not properly validate digit characters, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the de_emerg_num_list and de_bcd_num functions...

4.3CVSS5.2AI score0.00421EPSS
CVE
CVE
added 2015/09/28 8:59 p.m.68 views

CVE-2015-5400

Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.

6.8CVSS6.9AI score0.26156EPSS
CVE
CVE
added 2016/04/18 10:59 a.m.68 views

CVE-2016-1652

Cross-site scripting (XSS) vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS...

6.1CVSS6.2AI score0.00513EPSS
CVE
CVE
added 2016/04/18 10:59 a.m.68 views

CVE-2016-1655

Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted extension.

8.8CVSS9.2AI score0.03027EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.68 views

CVE-2016-1702

The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted serialized data.

6.5CVSS6.7AI score0.0142EPSS
CVE
CVE
added 2016/12/29 10:59 p.m.68 views

CVE-2016-1922

QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit Windows guests support is vulnerable to a null pointer dereference flaw. It occurs while doing I/O port write operations via hmp interface. In that, 'current_cpu' remains null, which leads to the null pointer dereference. A user o...

5.5CVSS6.7AI score0.00082EPSS
CVE
CVE
added 2016/04/13 4:59 p.m.68 views

CVE-2016-2191

The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image.

6.5CVSS6.2AI score0.02401EPSS
CVE
CVE
added 2018/07/30 2:29 p.m.68 views

CVE-2016-9597

It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.

7.5CVSS7AI score0.01327EPSS
CVE
CVE
added 2017/11/17 5:29 a.m.68 views

CVE-2017-1000229

Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service.

7.8CVSS7.5AI score0.00473EPSS
CVE
CVE
added 2018/02/07 11:29 p.m.68 views

CVE-2017-15395

A use after free in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an ImageCapture NULL pointer dereference.

6.5CVSS7.1AI score0.01495EPSS
CVE
CVE
added 2018/02/07 11:29 p.m.68 views

CVE-2017-5132

Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka incorrect WebAssembly stack manipulation.

8.8CVSS8.3AI score0.01157EPSS
CVE
CVE
added 2017/05/08 2:29 p.m.68 views

CVE-2017-8846

The read_stream function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted archive.

5.5CVSS5.8AI score0.00515EPSS
CVE
CVE
added 2018/07/20 1:29 p.m.68 views

CVE-2018-14447

trim_whitespace in lexer.l in libConfuse v3.2.1 has an out-of-bounds read.

8.8CVSS8.4AI score0.00469EPSS
CVE
CVE
added 2018/03/06 6:29 p.m.68 views

CVE-2018-7728

An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FileHandlers/TIFF_Handler.cpp mishandles a case of a zero length, leading to a heap-based buffer over-read in the MD5Update() function in third-party/zuid/interfaces/MD5.cpp.

5.5CVSS5.5AI score0.00303EPSS
CVE
CVE
added 2018/03/08 6:29 p.m.68 views

CVE-2018-7872

An invalid memory address dereference was discovered in the function getName in libming 0.4.8 for CONSTANT16 data. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

6.5CVSS7AI score0.00664EPSS
CVE
CVE
added 2019/07/18 5:15 p.m.68 views

CVE-2019-1010065

The Sleuth Kit 4.6.0 and earlier is affected by: Integer Overflow. The impact is: Opening crafted disk image triggers crash in tsk/fs/hfs_dent.c:237. The component is: Overflow in fls tool used on HFS image. Bug is in tsk/fs/hfs.c file in function hfs_cat_traverse() in lines: 952, 1062. The attack ...

6.5CVSS6.4AI score0.01178EPSS
Total number of security vulnerabilities9127