Lucene search

K
DebianDebian Linux

9135 matches found

CVE
CVE
added 2024/11/10 10:15 p.m.69 views

CVE-2024-46955

An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space.

5.5CVSS6.4AI score0.00059EPSS
CVE
CVE
added 2005/08/23 4:0 a.m.68 views

CVE-2005-2459

The huft_build function in inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 returns the wrong value, which allows remote attackers to cause a denial of service (kernel crash) via a certain compressed file that leads to a null pointer dereference, a different vulnerability than CVE...

5CVSS5.9AI score0.12945EPSS
CVE
CVE
added 2006/03/15 7:6 p.m.68 views

CVE-2006-1244

Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) J...

7.6CVSS6.6AI score0.07223EPSS
CVE
CVE
added 2006/08/31 9:4 p.m.68 views

CVE-2006-4482

Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990.

9.3CVSS6.7AI score0.06787EPSS
CVE
CVE
added 2007/10/30 10:46 p.m.68 views

CVE-2007-5729

The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the MTU to the EN0_TCNT register, which triggers a heap-based buffer overflow in the slirp library, aka NE2000 "mtu" heap overflow. NOTE: some sources have used CVE-2007...

7.2CVSS7.2AI score0.00145EPSS
CVE
CVE
added 2008/08/08 7:41 p.m.68 views

CVE-2008-1945

QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004.

2.1CVSS7.3AI score0.00112EPSS
CVE
CVE
added 2008/09/24 8:37 p.m.68 views

CVE-2008-4058

The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to (1) chrome XBL and (2) chrome JS.

7.5CVSS9.8AI score0.02428EPSS
CVE
CVE
added 2019/10/31 4:15 p.m.68 views

CVE-2009-5042

python-docutils allows insecure usage of temporary files

9.1CVSS9.1AI score0.00372EPSS
CVE
CVE
added 2012/06/05 10:55 p.m.68 views

CVE-2012-1798

The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image.

6.5CVSS6.7AI score0.01412EPSS
CVE
CVE
added 2019/12/20 2:15 p.m.68 views

CVE-2012-3409

ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev which creates a possible privilege escalation

7.8CVSS7.6AI score0.00075EPSS
CVE
CVE
added 2013/03/07 3:55 p.m.68 views

CVE-2013-2486

The dissect_diagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer...

6.1CVSS5.4AI score0.01648EPSS
CVE
CVE
added 2013/07/10 10:55 a.m.68 views

CVE-2013-2867

Google Chrome before 28.0.1500.71 does not properly prevent pop-under windows, which allows remote attackers to have an unspecified impact via a crafted web site.

7.5CVSS6.2AI score0.00656EPSS
CVE
CVE
added 2013/10/02 10:35 a.m.68 views

CVE-2013-2919

Google V8, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

7.5CVSS7AI score0.02329EPSS
CVE
CVE
added 2013/05/25 3:18 a.m.68 views

CVE-2013-3559

epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed...

5CVSS6.6AI score0.05039EPSS
CVE
CVE
added 2013/06/09 9:55 p.m.68 views

CVE-2013-4078

epan/dissectors/packet-rdp.c in the RDP dissector in Wireshark 1.8.x before 1.8.8 does not validate return values during checks for data availability, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

5CVSS6.3AI score0.01429EPSS
CVE
CVE
added 2019/12/31 7:15 p.m.68 views

CVE-2013-4357

The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service.

7.5CVSS7.2AI score0.01161EPSS
CVE
CVE
added 2014/12/03 9:59 p.m.68 views

CVE-2014-9157

Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.

7.5CVSS7.6AI score0.01899EPSS
CVE
CVE
added 2015/05/20 10:59 a.m.68 views

CVE-2015-1261

android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java in Google Chrome before 43.0.2357.65 on Android does not properly restrict use of a URL's fragment identifier during construction of a page-info popup, which allows remote attackers to spoof the URL bar or deliver misleading pop...

5CVSS6AI score0.01064EPSS
CVE
CVE
added 2015/07/23 12:59 a.m.68 views

CVE-2015-1286

Cross-site scripting (XSS) vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8_context_native_handler.cc in Google Chrome before 44.0.2403.89 allows remote attackers to inject arbitrary web script or HTML by leveraging the lack of a certain V8 context res...

4.3CVSS7.2AI score0.00687EPSS
CVE
CVE
added 2015/02/19 3:59 p.m.68 views

CVE-2015-1592

Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote attackers to include and execute arbitrary local Perl files and possibly execute arbitrary code via unspecified vectors.

7.5CVSS7.5AI score0.81049EPSS
Web
CVE
CVE
added 2015/03/31 2:59 p.m.68 views

CVE-2015-2754

FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) and possibly execute arbitrary code via a crafted workbook, related to a "premature EOF."

6.8CVSS7.6AI score0.02149EPSS
CVE
CVE
added 2015/04/14 6:59 p.m.68 views

CVE-2015-2788

Multiple stack-based buffer overflows in the ib_fill_isqlda function in dbdimp.c in DBD-Firebird before 1.19 allow remote attackers to have unspecified impact via unknown vectors that trigger an error condition, related to binding octets to columns.

10CVSS7AI score0.07802EPSS
CVE
CVE
added 2015/09/28 8:59 p.m.68 views

CVE-2015-5400

Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.

6.8CVSS6.9AI score0.26156EPSS
CVE
CVE
added 2016/04/18 10:59 a.m.68 views

CVE-2016-1652

Cross-site scripting (XSS) vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS...

6.1CVSS6.2AI score0.00513EPSS
CVE
CVE
added 2016/04/18 10:59 a.m.68 views

CVE-2016-1655

Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted extension.

8.8CVSS9.2AI score0.03027EPSS
CVE
CVE
added 2016/04/13 4:59 p.m.68 views

CVE-2016-2191

The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image.

6.5CVSS6.2AI score0.02401EPSS
CVE
CVE
added 2016/06/08 3:0 p.m.68 views

CVE-2016-5108

Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file.

9.8CVSS9.6AI score0.29098EPSS
CVE
CVE
added 2017/11/17 5:29 a.m.68 views

CVE-2017-1000229

Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service.

7.8CVSS7.5AI score0.00473EPSS
CVE
CVE
added 2017/09/30 1:29 a.m.68 views

CVE-2017-14928

In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document.

5.5CVSS5.4AI score0.00291EPSS
CVE
CVE
added 2018/02/07 11:29 p.m.68 views

CVE-2017-15395

A use after free in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an ImageCapture NULL pointer dereference.

6.5CVSS7.1AI score0.01495EPSS
CVE
CVE
added 2018/02/07 11:29 p.m.68 views

CVE-2017-5132

Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka incorrect WebAssembly stack manipulation.

8.8CVSS8.3AI score0.01157EPSS
CVE
CVE
added 2017/02/24 4:59 a.m.68 views

CVE-2017-6299

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "2 of 9. Infinite Loop / DoS in the TNEFFillMapi function in lib/ytnef.c."

5.5CVSS6AI score0.00213EPSS
CVE
CVE
added 2017/03/10 10:59 a.m.68 views

CVE-2017-6800

An issue was discovered in ytnef before 1.9.2. An invalid memory access (heap-based buffer over-read) can occur during handling of LONG data types, related to MAPIPrint() in libytnef.

7.5CVSS7.4AI score0.00538EPSS
CVE
CVE
added 2018/10/04 8:29 p.m.68 views

CVE-2018-0504

Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid

6.5CVSS5.5AI score0.02146EPSS
Web
CVE
CVE
added 2018/05/24 1:29 p.m.68 views

CVE-2018-1000036

In Artifex MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file.

5.5CVSS5.3AI score0.00308EPSS
CVE
CVE
added 2018/07/20 1:29 p.m.68 views

CVE-2018-14447

trim_whitespace in lexer.l in libConfuse v3.2.1 has an out-of-bounds read.

8.8CVSS8.4AI score0.00472EPSS
CVE
CVE
added 2018/03/06 6:29 p.m.68 views

CVE-2018-7728

An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FileHandlers/TIFF_Handler.cpp mishandles a case of a zero length, leading to a heap-based buffer over-read in the MD5Update() function in third-party/zuid/interfaces/MD5.cpp.

5.5CVSS5.5AI score0.00303EPSS
CVE
CVE
added 2018/03/08 6:29 p.m.68 views

CVE-2018-7872

An invalid memory address dereference was discovered in the function getName in libming 0.4.8 for CONSTANT16 data. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

6.5CVSS7AI score0.00664EPSS
CVE
CVE
added 2019/07/18 5:15 p.m.68 views

CVE-2019-1010065

The Sleuth Kit 4.6.0 and earlier is affected by: Integer Overflow. The impact is: Opening crafted disk image triggers crash in tsk/fs/hfs_dent.c:237. The component is: Overflow in fls tool used on HFS image. Bug is in tsk/fs/hfs.c file in function hfs_cat_traverse() in lines: 952, 1062. The attack ...

6.5CVSS6.4AI score0.01178EPSS
CVE
CVE
added 2019/09/11 7:15 p.m.68 views

CVE-2019-16237

Dino before 2019-09-10 does not properly check the source of an MAM message in module/xep/0313_message_archive_management.vala.

7.5CVSS7.3AI score0.00405EPSS
CVE
CVE
added 2021/06/01 8:15 p.m.68 views

CVE-2020-22041

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_buffersrc_add_frame_flags function in buffersrc.

6.5CVSS7.4AI score0.00818EPSS
CVE
CVE
added 2021/03/04 8:15 p.m.68 views

CVE-2020-28601

A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read. An attacker can provide malicious input to trigger this vulnerability.

10CVSS9.2AI score0.00607EPSS
CVE
CVE
added 2021/08/23 2:15 a.m.68 views

CVE-2020-36478

An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certificate is considered valid. However, if the parameters do not match in any way, then the certificate s...

7.5CVSS7.3AI score0.00254EPSS
CVE
CVE
added 2021/11/09 5:15 p.m.68 views

CVE-2021-43173

In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive. This can be used to effectively stall validation. While Routinator has a configurable time-out value for RRDP co...

7.5CVSS7.4AI score0.00719EPSS
CVE
CVE
added 2022/01/10 2:10 p.m.68 views

CVE-2021-43579

A stack-based buffer overflow in image_load_bmp() in HTMLDOC

7.8CVSS7.8AI score0.05893EPSS
CVE
CVE
added 2022/09/15 4:15 p.m.68 views

CVE-2022-38850

The MPlayer Project mencoder SVN-r38374-13.0.1 is vulnerable to Divide By Zero via the function config () of llibmpcodecs/vf_scale.c.

5.5CVSS5.4AI score0.00034EPSS
CVE
CVE
added 2022/12/23 11:3 p.m.68 views

CVE-2022-41837

An out-of-bounds write vulnerability exists in the OpenImageIO::add_exif_item_to_spec functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially-crafted exif metadata can lead to stack-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

9.8CVSS9.2AI score0.00154EPSS
CVE
CVE
added 2022/12/23 11:3 p.m.68 views

CVE-2022-43598

Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This v...

8.1CVSS9.2AI score0.00221EPSS
CVE
CVE
added 2023/03/01 3:15 p.m.68 views

CVE-2023-24752

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_hevc_epel_pixels_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

5.5CVSS5.4AI score0.00028EPSS
CVE
CVE
added 2023/03/01 3:15 p.m.68 views

CVE-2023-25221

Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function in motion.cc.

7.8CVSS7.3AI score0.00031EPSS
Total number of security vulnerabilities9135