Lucene search

K
DebianDebian Linux

9127 matches found

CVE
CVE
added 2019/05/30 11:29 p.m.68 views

CVE-2019-12483

An issue was discovered in GPAC 0.7.1. There is a heap-based buffer overflow in the function ReadGF_IPMPX_RemoveToolNotificationListener in odf/ipmpx_code.c in libgpac.a, as demonstrated by MP4Box.

7.8CVSS7.7AI score0.00263EPSS
CVE
CVE
added 2019/09/11 7:15 p.m.68 views

CVE-2019-16237

Dino before 2019-09-10 does not properly check the source of an MAM message in module/xep/0313_message_archive_management.vala.

7.5CVSS7.3AI score0.00405EPSS
CVE
CVE
added 2020/04/27 3:15 p.m.68 views

CVE-2019-18823

HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect Access Control. It is possible to use a different authentication method to submit a job than the administrator has specified. If the administrator has configured the READ or WRITE methods to include CLAIMTOB...

9.8CVSS9.4AI score0.02816EPSS
CVE
CVE
added 2021/06/01 8:15 p.m.68 views

CVE-2020-22041

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_buffersrc_add_frame_flags function in buffersrc.

6.5CVSS7.4AI score0.00818EPSS
CVE
CVE
added 2021/03/04 8:15 p.m.68 views

CVE-2020-28601

A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read. An attacker can provide malicious input to trigger this vulnerability.

10CVSS9.2AI score0.00607EPSS
CVE
CVE
added 2023/08/22 7:16 p.m.68 views

CVE-2020-35357

A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6. Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected application termination or ar...

6.5CVSS6.8AI score0.00201EPSS
CVE
CVE
added 2021/12/16 5:15 a.m.68 views

CVE-2021-45098

An issue was discovered in Suricata before 6.0.4. It is possible to bypass/evade any HTTP-based signature by faking an RST TCP packet with random TCP options of the md5header from the client side. After the three-way handshake, it's possible to inject an RST ACK with a random TCP md5header option. ...

7.5CVSS7.4AI score0.00545EPSS
CVE
CVE
added 2022/08/10 6:15 a.m.68 views

CVE-2022-25763

Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache poison attacks. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.

7.5CVSS7.3AI score0.0027EPSS
CVE
CVE
added 2022/09/15 4:15 p.m.68 views

CVE-2022-38850

The MPlayer Project mencoder SVN-r38374-13.0.1 is vulnerable to Divide By Zero via the function config () of llibmpcodecs/vf_scale.c.

5.5CVSS5.4AI score0.00034EPSS
CVE
CVE
added 2023/03/01 3:15 p.m.68 views

CVE-2023-24752

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_hevc_epel_pixels_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

5.5CVSS5.4AI score0.00022EPSS
CVE
CVE
added 2023/06/14 8:15 a.m.68 views

CVE-2023-30631

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. The configuration option proxy.config.http.push_method_enabled didn't function. However, by default the PUSH method is blocked in the ip_allow configuration file.This issue affects Apache Traffic Server: fr...

7.5CVSS7.3AI score0.0033EPSS
CVE
CVE
added 2007/06/11 10:30 p.m.67 views

CVE-2007-2875

Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file.

2.1CVSS5.5AI score0.00094EPSS
CVE
CVE
added 2008/10/15 8:8 p.m.67 views

CVE-2008-4582

Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive informat...

4.3CVSS9.3AI score0.3558EPSS
CVE
CVE
added 2008/12/22 3:30 p.m.67 views

CVE-2008-5701

Array index error in arch/mips/kernel/scall64-o32.S in the Linux kernel before 2.6.28-rc8 on 64-bit MIPS platforms allows local users to cause a denial of service (system crash) via an o32 syscall with a small syscall number, which leads to an attempted read operation outside the bounds of the sysc...

4.7CVSS5.7AI score0.0006EPSS
CVE
CVE
added 2019/10/31 4:15 p.m.67 views

CVE-2009-5042

python-docutils allows insecure usage of temporary files

9.1CVSS9.1AI score0.00372EPSS
CVE
CVE
added 2010/07/28 8:0 p.m.67 views

CVE-2010-2901

The rendering implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

10CVSS9.1AI score0.01549EPSS
CVE
CVE
added 2011/02/10 7:0 p.m.67 views

CVE-2011-0983

Google Chrome before 9.0.597.94 does not properly handle anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

7.5CVSS8.7AI score0.01845EPSS
CVE
CVE
added 2019/12/20 2:15 p.m.67 views

CVE-2012-3409

ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev which creates a possible privilege escalation

7.8CVSS7.6AI score0.00075EPSS
CVE
CVE
added 2012/11/11 1:0 p.m.67 views

CVE-2012-4564

ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow.

6.8CVSS8.7AI score0.2646EPSS
CVE
CVE
added 2015/01/08 1:59 a.m.67 views

CVE-2012-6684

Cross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI.

4.3CVSS7.5AI score0.00441EPSS
CVE
CVE
added 2013/03/07 3:55 p.m.67 views

CVE-2013-2486

The dissect_diagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer...

6.1CVSS5.4AI score0.01648EPSS
CVE
CVE
added 2013/08/21 12:17 p.m.67 views

CVE-2013-2905

The SharedMemory::Create function in memory/shared_memory_posix.cc in Google Chrome before 29.0.1547.57 uses weak permissions under /dev/shm/, which allows attackers to obtain sensitive information via direct access to a POSIX shared-memory file.

5CVSS5.3AI score0.00135EPSS
CVE
CVE
added 2013/05/25 3:18 a.m.67 views

CVE-2013-3560

The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

5CVSS6.3AI score0.0345EPSS
CVE
CVE
added 2019/11/04 1:15 p.m.67 views

CVE-2013-4412

slim has NULL pointer dereference when using crypt() method from glibc 2.17

7.5CVSS7.5AI score0.00938EPSS
CVE
CVE
added 2014/01/16 12:17 p.m.67 views

CVE-2013-6646

Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the shutting down of a w...

7.5CVSS7AI score0.01763EPSS
CVE
CVE
added 2014/07/20 11:12 a.m.67 views

CVE-2014-3162

Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.125 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

5CVSS6.8AI score0.00436EPSS
CVE
CVE
added 2014/11/25 11:59 p.m.67 views

CVE-2014-9039

wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message.

4.3CVSS6.4AI score0.01704EPSS
CVE
CVE
added 2014/12/03 9:59 p.m.67 views

CVE-2014-9157

Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.

7.5CVSS7.6AI score0.01899EPSS
CVE
CVE
added 2015/05/20 10:59 a.m.67 views

CVE-2015-1261

android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java in Google Chrome before 43.0.2357.65 on Android does not properly restrict use of a URL's fragment identifier during construction of a page-info popup, which allows remote attackers to spoof the URL bar or deliver misleading pop...

5CVSS6AI score0.01064EPSS
CVE
CVE
added 2015/02/19 3:59 p.m.67 views

CVE-2015-1592

Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote attackers to include and execute arbitrary local Perl files and possibly execute arbitrary code via unspecified vectors.

7.5CVSS7.5AI score0.81049EPSS
Web
CVE
CVE
added 2015/03/31 2:59 p.m.67 views

CVE-2015-2754

FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) and possibly execute arbitrary code via a crafted workbook, related to a "premature EOF."

6.8CVSS7.6AI score0.02149EPSS
CVE
CVE
added 2015/04/24 5:59 p.m.67 views

CVE-2015-3417

Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references...

6.8CVSS8.8AI score0.01017EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.67 views

CVE-2016-1692

WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet download has an incorrect MIME type, which allows remote attackers to bypass the Same Origin Policy via a...

5.3CVSS5.9AI score0.00748EPSS
CVE
CVE
added 2017/01/06 9:59 p.m.67 views

CVE-2016-2373

A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or user can send an invalid mood to trigger this vulnerability.

5.9CVSS6.2AI score0.01448EPSS
Web
CVE
CVE
added 2016/05/20 2:59 p.m.67 views

CVE-2016-4348

The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document.

7.5CVSS7.1AI score0.03078EPSS
CVE
CVE
added 2016/06/08 3:0 p.m.67 views

CVE-2016-5108

Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file.

9.8CVSS9.6AI score0.29098EPSS
CVE
CVE
added 2017/09/03 8:29 p.m.67 views

CVE-2017-14120

unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory.

7.5CVSS7.5AI score0.00532EPSS
CVE
CVE
added 2017/09/30 1:29 a.m.67 views

CVE-2017-14928

In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document.

5.5CVSS5.4AI score0.00291EPSS
CVE
CVE
added 2017/12/27 5:8 p.m.67 views

CVE-2017-17854

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic.

7.8CVSS7.6AI score0.00077EPSS
CVE
CVE
added 2018/03/15 7:29 p.m.67 views

CVE-2017-18236

An issue was discovered in Exempi before 2.4.4. The ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted .asf file.

5.5CVSS5.7AI score0.00173EPSS
CVE
CVE
added 2018/04/24 7:29 p.m.67 views

CVE-2017-2902

An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. A...

8.8CVSS7.7AI score0.01064EPSS
CVE
CVE
added 2017/03/10 10:59 a.m.67 views

CVE-2017-6800

An issue was discovered in ytnef before 1.9.2. An invalid memory access (heap-based buffer over-read) can occur during handling of LONG data types, related to MAPIPrint() in libytnef.

7.5CVSS7.4AI score0.00538EPSS
CVE
CVE
added 2018/10/04 8:29 p.m.67 views

CVE-2018-0504

Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid

6.5CVSS5.5AI score0.02146EPSS
Web
CVE
CVE
added 2018/05/24 1:29 p.m.67 views

CVE-2018-1000036

In Artifex MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file.

5.5CVSS5.3AI score0.00308EPSS
CVE
CVE
added 2018/04/10 9:29 p.m.67 views

CVE-2018-3838

An exploitable information vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds read on the heap, resulting in information disclosure. An attacker can display a specially crafted image to...

6.5CVSS6.7AI score0.00447EPSS
CVE
CVE
added 2018/02/23 9:29 p.m.67 views

CVE-2018-7435

An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the freexl::destroy_cell function.

8.8CVSS8.5AI score0.0106EPSS
CVE
CVE
added 2019/05/30 11:29 p.m.67 views

CVE-2019-12481

An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in the function GetESD at isomedia/track.c in libgpac.a, as demonstrated by MP4Box.

5.5CVSS5.5AI score0.00272EPSS
CVE
CVE
added 2019/08/15 5:15 p.m.67 views

CVE-2019-13220

Use of uninitialized stack variables in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file.

7.1CVSS6.7AI score0.00141EPSS
CVE
CVE
added 2021/05/27 7:15 p.m.67 views

CVE-2020-22027

A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2 in deflate16 at libavfilter/vf_neighbor.c, which might lead to memory corruption and other potential consequences.

8.8CVSS9.2AI score0.004EPSS
CVE
CVE
added 2022/04/18 5:15 p.m.67 views

CVE-2020-28612

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of ...

10CVSS9.2AI score0.00299EPSS
Total number of security vulnerabilities9127