Lucene search

K
DebianDebian Linux

9135 matches found

cve
cve
added 2021/08/24 2:15 p.m.70 views

CVE-2021-38714

In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code execution. The vulnerability is found in ssgLoadTGA() function in src/ssg/ssgLoadTGA.cxx file.

9.3CVSS8.8AI score0.00178EPSS
cve
cve
added 2022/02/04 11:15 p.m.70 views

CVE-2021-40403

An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. A specially-crafted pick-and-place file can exploit the missing initialization of a structure to leak memory contents. An attacker ca...

6.3CVSS5.7AI score0.00127EPSS
cve
cve
added 2021/10/13 5:15 p.m.70 views

CVE-2021-40732

XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer dereference vulnerability that could result in leaking data from certain memory locations and causing a local denial of service in the context of the current user. User interaction is required to exploit this vulnerability in th...

6.1CVSS6.2AI score0.00147EPSS
cve
cve
added 2022/07/18 12:15 a.m.70 views

CVE-2021-40874

An issue was discovered in LemonLDAP::NG (aka lemonldap-ng) 2.0.13. When using the RESTServer plug-in to operate a REST password validation service (for another LemonLDAP::NG instance, for example) and using the Kerberos authentication method combined with another method with the Combination authen...

9.8CVSS9.6AI score0.00352EPSS
cve
cve
added 2022/02/04 11:15 p.m.70 views

CVE-2022-23946

A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon GCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger ...

7.8CVSS7.7AI score0.00644EPSS
cve
cve
added 2022/09/15 4:15 p.m.70 views

CVE-2022-38851

Certain The MPlayer Project products are vulnerable to Out-of-bounds Read via function read_meta_record() of mplayer/libmpdemux/asfheader.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.

5.5CVSS5.5AI score0.00034EPSS
cve
cve
added 2022/12/23 11:3 p.m.70 views

CVE-2022-43593

A denial of service vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to null pointer dereference. An attacker can provide malicious input to trigger this vulnerability.

5.9CVSS7AI score0.00113EPSS
cve
cve
added 2000/02/04 5:0 a.m.69 views

CVE-1999-0381

super 3.11.6 and other versions have a buffer overflow in the syslog utility which allows a local user to gain root access.

7.2CVSS7.5AI score0.00145EPSS
cve
cve
added 2003/04/02 5:0 a.m.69 views

CVE-2002-0062

Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling."

7.2CVSS6.5AI score0.00203EPSS
cve
cve
added 2005/03/01 5:0 a.m.69 views

CVE-2004-1051

sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.

7.2CVSS6.8AI score0.0011EPSS
cve
cve
added 2006/08/31 9:4 p.m.69 views

CVE-2006-4482

Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990.

9.3CVSS6.7AI score0.06787EPSS
cve
cve
added 2019/11/26 3:15 a.m.69 views

CVE-2011-3617

Tahoe-LAFS v1.3.0 through v1.8.2 could allow unauthorized users to delete immutable files in some cases.

6.5CVSS6.3AI score0.00277EPSS
cve
cve
added 2013/06/05 12:55 a.m.69 views

CVE-2013-2863

Google Chrome before 27.0.1453.110 does not properly handle SSL sockets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

10CVSS7.6AI score0.03175EPSS
cve
cve
added 2013/11/13 3:55 p.m.69 views

CVE-2013-6621

Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the x-webkit-speech attribute in a text INPUT element.

7.5CVSS6.9AI score0.01481EPSS
cve
cve
added 2014/03/27 4:55 p.m.69 views

CVE-2014-2326

Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.4AI score0.01268EPSS
cve
cve
added 2014/04/23 3:55 p.m.69 views

CVE-2014-2709

lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified parameters.

7.5CVSS8.9AI score0.01868EPSS
cve
cve
added 2014/08/27 1:55 a.m.69 views

CVE-2014-3168

Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper caching associated with animation.

7.5CVSS7AI score0.01558EPSS
cve
cve
added 2014/05/16 3:55 p.m.69 views

CVE-2014-3730

The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\djangoproject.com."

4.3CVSS6.3AI score0.00988EPSS
cve
cve
added 2014/11/25 11:59 p.m.69 views

CVE-2014-9035

Cross-site scripting (XSS) vulnerability in Press This in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.5AI score0.00584EPSS
cve
cve
added 2014/11/25 11:59 p.m.69 views

CVE-2014-9036

Cross-site scripting (XSS) vulnerability in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted Cascading Style Sheets (CSS) token sequence in a post.

4.3CVSS5.4AI score0.00584EPSS
cve
cve
added 2014/11/25 11:59 p.m.69 views

CVE-2014-9037

WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.

6.8CVSS6.5AI score0.02609EPSS
cve
cve
added 2014/12/01 3:59 p.m.69 views

CVE-2014-9087

Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow.

7.5CVSS6.5AI score0.05055EPSS
cve
cve
added 2015/05/20 10:59 a.m.69 views

CVE-2015-1261

android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java in Google Chrome before 43.0.2357.65 on Android does not properly restrict use of a URL's fragment identifier during construction of a page-info popup, which allows remote attackers to spoof the URL bar or deliver misleading pop...

5CVSS6AI score0.01064EPSS
cve
cve
added 2015/07/23 12:59 a.m.69 views

CVE-2015-1286

Cross-site scripting (XSS) vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8_context_native_handler.cc in Google Chrome before 44.0.2403.89 allows remote attackers to inject arbitrary web script or HTML by leveraging the lack of a certain V8 context res...

4.3CVSS7.2AI score0.00687EPSS
cve
cve
added 2015/04/19 10:59 a.m.69 views

CVE-2015-3334

browser/ui/website_settings/website_settings.cc in Google Chrome before 42.0.2311.90 does not always display "Media: Allowed by you" in a Permissions table after the user has granted camera permission to a web site, which might make it easier for user-assisted remote attackers to obtain sensitive v...

4.3CVSS5.4AI score0.00637EPSS
cve
cve
added 2016/04/12 2:59 p.m.69 views

CVE-2015-8346

app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the time logging form.

5.3CVSS5.2AI score0.00467EPSS
cve
cve
added 2016/12/29 10:59 p.m.69 views

CVE-2016-1922

QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit Windows guests support is vulnerable to a null pointer dereference flaw. It occurs while doing I/O port write operations via hmp interface. In that, 'current_cpu' remains null, which leads to the null pointer dereference. A user o...

5.5CVSS6.7AI score0.00082EPSS
cve
cve
added 2016/04/12 3:59 p.m.69 views

CVE-2016-3166

CRLF injection vulnerability in the drupal_set_header function in Drupal 6.x before 6.38, when used with PHP before 5.1.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by leveraging a module that allows user-submitted data to appear in HTTP he...

5.9CVSS6.1AI score0.00299EPSS
cve
cve
added 2016/06/14 2:59 p.m.69 views

CVE-2016-5338

The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer.

7.8CVSS7.9AI score0.00097EPSS
cve
cve
added 2017/03/01 3:59 p.m.69 views

CVE-2016-9559

coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image.

6.5CVSS6.9AI score0.01033EPSS
cve
cve
added 2018/02/07 11:29 p.m.69 views

CVE-2017-15395

A use after free in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an ImageCapture NULL pointer dereference.

6.5CVSS7.1AI score0.01495EPSS
cve
cve
added 2017/10/18 2:29 a.m.69 views

CVE-2017-15573

In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content.

6.1CVSS6.8AI score0.00381EPSS
cve
cve
added 2018/04/24 7:29 p.m.69 views

CVE-2017-2903

An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. A...

8.8CVSS7.7AI score0.0378EPSS
cve
cve
added 2017/06/13 6:29 a.m.69 views

CVE-2017-4965

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ managemen...

6.1CVSS5.8AI score0.00825EPSS
cve
cve
added 2017/06/13 6:29 a.m.69 views

CVE-2017-4967

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ managemen...

6.1CVSS5.9AI score0.00598EPSS
cve
cve
added 2018/02/07 11:29 p.m.69 views

CVE-2017-5132

Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka incorrect WebAssembly stack manipulation.

8.8CVSS8.3AI score0.01157EPSS
cve
cve
added 2017/03/15 4:59 p.m.69 views

CVE-2017-5522

Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving WFS get feature requests.

9.8CVSS9.6AI score0.04844EPSS
cve
cve
added 2017/03/10 10:59 a.m.69 views

CVE-2017-6802

An issue was discovered in ytnef before 1.9.2. There is a potential heap-based buffer over-read on incoming Compressed RTF Streams, related to DecompressRTF() in libytnef.

7.5CVSS7.4AI score0.00797EPSS
cve
cve
added 2018/06/11 9:29 p.m.69 views

CVE-2017-7763

Default fonts on OS X display some Tibetan characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox &lt...

5.3CVSS6AI score0.00509EPSS
cve
cve
added 2017/05/08 2:29 p.m.69 views

CVE-2017-8846

The read_stream function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted archive.

5.5CVSS5.8AI score0.00515EPSS
cve
cve
added 2018/07/16 8:29 p.m.69 views

CVE-2018-10857

git-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or content from a private web server on localhost or the LAN.

7.5CVSS7.3AI score0.00384EPSS
cve
cve
added 2018/02/05 4:29 a.m.69 views

CVE-2018-6621

The decode_frame function in libavcodec/utvideodec.c in FFmpeg through 3.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file.

6.5CVSS6.1AI score0.00682EPSS
cve
cve
added 2018/03/24 9:29 p.m.69 views

CVE-2018-8971

The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users.

9.8CVSS9.1AI score0.00172EPSS
cve
cve
added 2019/05/30 11:29 p.m.69 views

CVE-2019-12483

An issue was discovered in GPAC 0.7.1. There is a heap-based buffer overflow in the function ReadGF_IPMPX_RemoveToolNotificationListener in odf/ipmpx_code.c in libgpac.a, as demonstrated by MP4Box.

7.8CVSS7.7AI score0.00263EPSS
cve
cve
added 2019/09/11 7:15 p.m.69 views

CVE-2019-16235

Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep/0280_message_carbons.vala.

7.5CVSS7.2AI score0.00304EPSS
cve
cve
added 2020/04/27 3:15 p.m.69 views

CVE-2019-18823

HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect Access Control. It is possible to use a different authentication method to submit a job than the administrator has specified. If the administrator has configured the READ or WRITE methods to include CLAIMTOB...

9.8CVSS9.4AI score0.02816EPSS
cve
cve
added 2021/08/10 9:15 p.m.69 views

CVE-2020-21676

A stack-based buffer overflow in the genpstrx_text() component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.

5.5CVSS5.6AI score0.0012EPSS
cve
cve
added 2023/08/22 7:16 p.m.69 views

CVE-2020-35357

A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6. Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected application termination or ar...

6.5CVSS6.8AI score0.00201EPSS
cve
cve
added 2020/12/18 8:15 a.m.69 views

CVE-2020-35475

In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. (The right column...

7.5CVSS7AI score0.00585EPSS
cve
cve
added 2023/01/27 5:15 a.m.69 views

CVE-2020-36659

In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093...

8.1CVSS7.5AI score0.00356EPSS
Total number of security vulnerabilities9135