Lucene search

K
DebianDebian Linux

9127 matches found

CVE
CVE
added 2022/04/18 5:15 p.m.67 views

CVE-2020-28620

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of ...

10CVSS9.2AI score0.0032EPSS
CVE
CVE
added 2022/04/18 5:15 p.m.67 views

CVE-2020-28631

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of ...

10CVSS9.2AI score0.00299EPSS
CVE
CVE
added 2020/12/10 8:15 a.m.67 views

CVE-2020-29668

Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.

4.3CVSS4.3AI score0.01086EPSS
CVE
CVE
added 2021/08/23 2:15 a.m.67 views

CVE-2020-36478

An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certificate is considered valid. However, if the parameters do not match in any way, then the certificate s...

7.5CVSS7.3AI score0.00254EPSS
CVE
CVE
added 2023/01/27 5:15 a.m.67 views

CVE-2020-36659

In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093...

8.1CVSS7.5AI score0.00366EPSS
CVE
CVE
added 2021/08/18 1:15 p.m.67 views

CVE-2021-21845

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stsc” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer ...

8.8CVSS8.8AI score0.00303EPSS
CVE
CVE
added 2022/01/04 3:15 p.m.67 views

CVE-2021-3842

nltk is vulnerable to Inefficient Regular Expression Complexity

7.5CVSS7.4AI score0.0033EPSS
CVE
CVE
added 2022/01/10 2:10 p.m.67 views

CVE-2021-43579

A stack-based buffer overflow in image_load_bmp() in HTMLDOC

7.8CVSS7.8AI score0.01315EPSS
CVE
CVE
added 2022/12/23 11:3 p.m.67 views

CVE-2022-41837

An out-of-bounds write vulnerability exists in the OpenImageIO::add_exif_item_to_spec functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially-crafted exif metadata can lead to stack-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

9.8CVSS9.2AI score0.00135EPSS
CVE
CVE
added 2022/11/01 1:15 p.m.67 views

CVE-2022-42313

Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service ...

6.5CVSS7AI score0.00046EPSS
CVE
CVE
added 2022/12/23 11:3 p.m.67 views

CVE-2022-43598

Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This v...

8.1CVSS9.2AI score0.00182EPSS
CVE
CVE
added 2023/01/14 1:15 a.m.67 views

CVE-2023-23589

The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.

6.5CVSS6.2AI score0.00169EPSS
CVE
CVE
added 2023/03/01 3:15 p.m.67 views

CVE-2023-25221

Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function in motion.cc.

7.8CVSS7.3AI score0.00035EPSS
CVE
CVE
added 2024/04/04 9:15 a.m.67 views

CVE-2024-26781

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix possible deadlock in subflow diag Syzbot and Eric reported a lockdep splat in the subflow diag: WARNING: possible circular locking dependency detected6.8.0-rc4-syzkaller-00212-g40b9385dd8e6 #0 Not tainted syz-executor.2/...

5.5CVSS6.3AI score0.00011EPSS
CVE
CVE
added 2004/12/06 5:0 a.m.66 views

CVE-2004-0456

Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly other versions allows remote web sites to execute arbitrary code via a long HTTP Location header.

7.6CVSS7.7AI score0.01293EPSS
CVE
CVE
added 2004/08/06 4:0 a.m.66 views

CVE-2004-0522

Gallery 1.4.3 and earlier allows remote attackers to bypass authentication and obtain Gallery administrator privileges.

10CVSS6.6AI score0.00545EPSS
CVE
CVE
added 2005/03/01 5:0 a.m.66 views

CVE-2004-1052

Buffer overflow in the getnickuserhost function in BNC 2.8.9, and possibly other versions, allows remote IRC servers to execute arbitrary code via an IRC server response that contains many (1) ! (exclamation) or (2) @ (at sign) characters.

10CVSS7.7AI score0.01472EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.66 views

CVE-2005-0005

Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.

7.5CVSS7.8AI score0.03499EPSS
CVE
CVE
added 2006/04/14 10:2 a.m.66 views

CVE-2006-1531

Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the ...

7.5CVSS7.4AI score0.30625EPSS
CVE
CVE
added 2006/08/21 9:4 p.m.66 views

CVE-2006-4093

Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on PowerPC PPC970 systems allows local users to cause a denial of service (crash) related to the "HID0 attention enable on PPC970 at boot time."

4.9CVSS7AI score0.00062EPSS
CVE
CVE
added 2006/11/22 1:7 a.m.66 views

CVE-2006-5868

Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image.

9.3CVSS6.2AI score0.01166EPSS
CVE
CVE
added 2007/02/16 7:28 p.m.66 views

CVE-2007-0897

Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return ...

7.5CVSS7.3AI score0.04977EPSS
CVE
CVE
added 2007/12/18 12:46 a.m.66 views

CVE-2007-6418

The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the MySQL dspam database password in a command line argument, which might allow local users to read the password by listing the process and its arguments.

2.1CVSS6.2AI score0.00057EPSS
CVE
CVE
added 2008/08/08 7:41 p.m.66 views

CVE-2008-1945

QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004.

2.1CVSS7.3AI score0.00112EPSS
Web
CVE
CVE
added 2008/06/24 7:41 p.m.66 views

CVE-2008-2725

Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the "...

7.8CVSS7AI score0.04012EPSS
CVE
CVE
added 2008/09/11 1:13 a.m.66 views

CVE-2008-3912

libclamav in ClamAV before 0.94 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an out-of-memory condition.

5CVSS5.9AI score0.02924EPSS
CVE
CVE
added 2008/09/24 8:37 p.m.66 views

CVE-2008-4058

The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to (1) chrome XBL and (2) chrome JS.

7.5CVSS9.8AI score0.04454EPSS
CVE
CVE
added 2008/09/29 5:17 p.m.66 views

CVE-2008-4302

fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a failure of the add_to_page_cache_lru function, and subsequently attempts to unlock a page that was not locked, which allows local users to cause a denial of service (kernel BUG and system crash), as d...

5.5CVSS5.1AI score0.00147EPSS
CVE
CVE
added 2009/06/08 1:0 a.m.66 views

CVE-2009-1962

Xfig, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the (1) xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID], (7) xfig-print[PID], (8) xfig-export[PID].err, (9) xfig-batch[PID], (10...

4.4CVSS6.3AI score0.00091EPSS
CVE
CVE
added 2010/10/21 7:0 p.m.66 views

CVE-2010-4040

Google Chrome before 7.0.517.41 does not properly handle animated GIF images, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted image.

7.8CVSS8.6AI score0.00599EPSS
CVE
CVE
added 2011/01/14 5:0 p.m.66 views

CVE-2011-0482

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of anchors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document.

4.3CVSS9.2AI score0.0327EPSS
CVE
CVE
added 2011/01/20 7:0 p.m.66 views

CVE-2011-0495

Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary ...

6CVSS7.6AI score0.00573EPSS
CVE
CVE
added 2011/08/03 12:55 a.m.66 views

CVE-2011-2359

Google Chrome before 13.0.782.107 does not properly track line boxes during rendering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

6.8CVSS7AI score0.03596EPSS
CVE
CVE
added 2012/04/22 6:55 p.m.66 views

CVE-2012-0216

The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS)...

4.4CVSS5.5AI score0.00052EPSS
CVE
CVE
added 2012/06/05 10:55 p.m.66 views

CVE-2012-1798

The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image.

6.5CVSS6.7AI score0.01412EPSS
CVE
CVE
added 2013/06/05 12:55 a.m.66 views

CVE-2013-2860

Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving access to a database API by a worker process.

7.5CVSS7AI score0.0061EPSS
CVE
CVE
added 2013/07/10 10:55 a.m.66 views

CVE-2013-2870

Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote servers to execute arbitrary code via crafted response traffic after a URL request.

9.3CVSS7.2AI score0.01324EPSS
CVE
CVE
added 2013/08/21 12:17 p.m.66 views

CVE-2013-2900

The FilePath::ReferencesParent function in files/file_path.cc in Google Chrome before 29.0.1547.57 on Windows does not properly handle pathname components composed entirely of . (dot) and whitespace characters, which allows remote attackers to conduct directory traversal attacks via a crafted direc...

7.5CVSS6AI score0.01726EPSS
CVE
CVE
added 2013/08/21 12:17 p.m.66 views

CVE-2013-2904

Use-after-free vulnerability in the Document::finishedParsing function in core/dom/Document.cpp in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via an onload event that changes an IFRAME element s...

7.5CVSS7AI score0.01018EPSS
CVE
CVE
added 2019/11/04 8:15 p.m.66 views

CVE-2013-4251

The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories.

7.8CVSS7.3AI score0.00086EPSS
CVE
CVE
added 2014/08/13 4:57 a.m.66 views

CVE-2014-3165

Use-after-free vulnerability in modules/websockets/WorkerThreadableWebSocketChannel.cpp in the Web Sockets implementation in Blink, as used in Google Chrome before 36.0.1985.143, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger ...

7.5CVSS7AI score0.01215EPSS
CVE
CVE
added 2014/08/27 1:55 a.m.66 views

CVE-2014-3169

Use-after-free vulnerability in core/dom/ContainerNode.cpp in the DOM implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging script execution that occurs before notification ...

7.5CVSS7.1AI score0.03248EPSS
CVE
CVE
added 2015/04/01 2:59 p.m.66 views

CVE-2014-9713

The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors.

4CVSS6AI score0.00142EPSS
CVE
CVE
added 2015/07/23 12:59 a.m.66 views

CVE-2015-1286

Cross-site scripting (XSS) vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8_context_native_handler.cc in Google Chrome before 44.0.2403.89 allows remote attackers to inject arbitrary web script or HTML by leveraging the lack of a certain V8 context res...

4.3CVSS7.2AI score0.00687EPSS
CVE
CVE
added 2015/03/31 2:59 p.m.66 views

CVE-2015-2753

FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) or possibly execute arbitrary code via a crafted sector in a workbook.

6.8CVSS7.8AI score0.01918EPSS
CVE
CVE
added 2015/08/05 10:59 a.m.66 views

CVE-2015-3439

Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript functions via the target parameter, as demons...

4.3CVSS5.7AI score0.01357EPSS
CVE
CVE
added 2020/01/15 5:15 p.m.66 views

CVE-2015-5230

The DNS packet parsing/generation code in PowerDNS (aka pdns) Authoritative Server 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via crafted query packets.

7.5CVSS7.2AI score0.00177EPSS
CVE
CVE
added 2018/02/21 4:29 p.m.66 views

CVE-2015-5316

The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6, when EAP-pwd is enabled in a network configuration profile, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an EAP-pwd Confirm message followed ...

5.9CVSS5.5AI score0.02056EPSS
CVE
CVE
added 2016/02/12 5:59 a.m.66 views

CVE-2016-2326

Integer overflow in the asf_write_packet function in libavformat/asfenc.c in FFmpeg before 2.8.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PTS (aka presentation timestamp) value in a .mov file.

8.8CVSS8.8AI score0.01072EPSS
CVE
CVE
added 2016/04/07 11:59 p.m.66 views

CVE-2016-2851

Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.

9.8CVSS9.7AI score0.23058EPSS
Web
Total number of security vulnerabilities9127