Lucene search

K
DebianDebian Linux

9135 matches found

CVE
CVE
added 2023/06/14 8:15 a.m.68 views

CVE-2023-30631

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. The configuration option proxy.config.http.push_method_enabled didn't function. However, by default the PUSH method is blocked in the ip_allow configuration file.This issue affects Apache Traffic Server: fr...

7.5CVSS7.3AI score0.0033EPSS
CVE
CVE
added 2004/11/03 5:0 a.m.67 views

CVE-2004-0836

Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).

10CVSS7.5AI score0.02726EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.67 views

CVE-2005-0005

Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.

7.5CVSS7.8AI score0.03499EPSS
CVE
CVE
added 2006/08/21 9:4 p.m.67 views

CVE-2006-4093

Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on PowerPC PPC970 systems allows local users to cause a denial of service (crash) related to the "HID0 attention enable on PPC970 at boot time."

4.9CVSS7AI score0.00062EPSS
CVE
CVE
added 2006/11/22 1:7 a.m.67 views

CVE-2006-5868

Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image.

9.3CVSS6.2AI score0.01166EPSS
CVE
CVE
added 2007/02/16 7:28 p.m.67 views

CVE-2007-0897

Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return ...

7.5CVSS7.3AI score0.04977EPSS
CVE
CVE
added 2007/09/18 9:17 p.m.67 views

CVE-2007-2834

Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of me...

9.3CVSS7.7AI score0.12957EPSS
CVE
CVE
added 2008/06/24 7:41 p.m.67 views

CVE-2008-2725

Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the "...

7.8CVSS7AI score
CVE
CVE
added 2008/10/15 8:8 p.m.67 views

CVE-2008-4582

Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive informat...

4.3CVSS9.3AI score0.3558EPSS
Web
CVE
CVE
added 2008/12/22 3:30 p.m.67 views

CVE-2008-5701

Array index error in arch/mips/kernel/scall64-o32.S in the Linux kernel before 2.6.28-rc8 on 64-bit MIPS platforms allows local users to cause a denial of service (system crash) via an o32 syscall with a small syscall number, which leads to an attempted read operation outside the bounds of the sysc...

4.7CVSS5.7AI score0.0006EPSS
CVE
CVE
added 2009/06/08 1:0 a.m.67 views

CVE-2009-1962

Xfig, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the (1) xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID], (7) xfig-print[PID], (8) xfig-export[PID].err, (9) xfig-batch[PID], (10...

4.4CVSS6.3AI score0.00091EPSS
CVE
CVE
added 2010/07/28 8:0 p.m.67 views

CVE-2010-2901

The rendering implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

10CVSS9.1AI score0.01549EPSS
CVE
CVE
added 2011/01/20 7:0 p.m.67 views

CVE-2011-0495

Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary ...

6CVSS7.6AI score0.00573EPSS
CVE
CVE
added 2011/02/10 7:0 p.m.67 views

CVE-2011-0983

Google Chrome before 9.0.597.94 does not properly handle anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

7.5CVSS8.7AI score0.01845EPSS
CVE
CVE
added 2011/08/03 12:55 a.m.67 views

CVE-2011-2359

Google Chrome before 13.0.782.107 does not properly track line boxes during rendering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

6.8CVSS7AI score0.03596EPSS
CVE
CVE
added 2012/11/11 1:0 p.m.67 views

CVE-2012-4564

ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow.

6.8CVSS8.7AI score0.2646EPSS
CVE
CVE
added 2015/01/08 1:59 a.m.67 views

CVE-2012-6684

Cross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI.

4.3CVSS7.5AI score0.00441EPSS
CVE
CVE
added 2013/08/21 12:17 p.m.67 views

CVE-2013-2905

The SharedMemory::Create function in memory/shared_memory_posix.cc in Google Chrome before 29.0.1547.57 uses weak permissions under /dev/shm/, which allows attackers to obtain sensitive information via direct access to a POSIX shared-memory file.

5CVSS5.3AI score0.00135EPSS
CVE
CVE
added 2013/05/25 3:18 a.m.67 views

CVE-2013-3560

The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

5CVSS6.3AI score0.0345EPSS
CVE
CVE
added 2019/11/04 1:15 p.m.67 views

CVE-2013-4412

slim has NULL pointer dereference when using crypt() method from glibc 2.17

7.5CVSS7.5AI score0.00938EPSS
CVE
CVE
added 2014/01/16 12:17 p.m.67 views

CVE-2013-6646

Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the shutting down of a w...

7.5CVSS7AI score0.01763EPSS
CVE
CVE
added 2014/07/20 11:12 a.m.67 views

CVE-2014-3162

Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.125 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

5CVSS6.8AI score0.00436EPSS
CVE
CVE
added 2014/11/25 11:59 p.m.67 views

CVE-2014-9039

wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message.

4.3CVSS6.4AI score0.01704EPSS
CVE
CVE
added 2015/04/01 2:59 p.m.67 views

CVE-2014-9713

The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors.

4CVSS6AI score0.00142EPSS
CVE
CVE
added 2015/04/24 5:59 p.m.67 views

CVE-2015-3417

Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references...

6.8CVSS8.8AI score0.01017EPSS
CVE
CVE
added 2015/08/05 10:59 a.m.67 views

CVE-2015-3439

Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript functions via the target parameter, as demons...

4.3CVSS5.7AI score0.01357EPSS
CVE
CVE
added 2018/02/21 4:29 p.m.67 views

CVE-2015-5316

The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6, when EAP-pwd is enabled in a network configuration profile, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an EAP-pwd Confirm message followed ...

5.9CVSS5.5AI score0.02056EPSS
CVE
CVE
added 2017/01/06 9:59 p.m.67 views

CVE-2016-2373

A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or user can send an invalid mood to trigger this vulnerability.

5.9CVSS6.2AI score0.01915EPSS
CVE
CVE
added 2016/04/07 11:59 p.m.67 views

CVE-2016-2851

Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.

9.8CVSS9.7AI score0.23058EPSS
CVE
CVE
added 2016/04/25 10:59 a.m.67 views

CVE-2016-4085

Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a packet.

5.9CVSS6.6AI score0.00652EPSS
CVE
CVE
added 2016/05/20 2:59 p.m.67 views

CVE-2016-4348

The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document.

7.5CVSS7.1AI score0.03078EPSS
CVE
CVE
added 2016/09/09 10:59 a.m.67 views

CVE-2016-7176

epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0.6 calls snprintf with one of its input buffers as the output buffer, which allows remote attackers to cause a denial of service (copy overlap and application crash) via a crafted packet.

5.9CVSS5.5AI score0.00506EPSS
CVE
CVE
added 2017/09/03 8:29 p.m.67 views

CVE-2017-14120

unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory.

7.5CVSS7.5AI score0.00532EPSS
CVE
CVE
added 2017/09/18 12:29 a.m.67 views

CVE-2017-14528

The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service (use-after-free after an invalid call to TIFFSetField, a...

6.5CVSS6.2AI score0.00776EPSS
CVE
CVE
added 2017/09/30 1:29 a.m.67 views

CVE-2017-14926

In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document.

5.5CVSS5.4AI score0.00291EPSS
CVE
CVE
added 2018/01/10 9:29 a.m.67 views

CVE-2017-18026

Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary commands (through the Mercurial adapter) via vectors involving a branch whose name begins with a --config...

8.8CVSS8.9AI score0.00787EPSS
CVE
CVE
added 2018/03/15 7:29 p.m.67 views

CVE-2017-18236

An issue was discovered in Exempi before 2.4.4. The ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted .asf file.

5.5CVSS5.7AI score0.01138EPSS
CVE
CVE
added 2018/04/09 8:29 p.m.67 views

CVE-2017-2826

An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy, resulting in information disclosure. An attacker can make requests fro...

4.3CVSS3.9AI score0.00262EPSS
CVE
CVE
added 2018/04/24 7:29 p.m.67 views

CVE-2017-2902

An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. A...

8.8CVSS7.7AI score0.01064EPSS
CVE
CVE
added 2017/04/12 11:59 p.m.67 views

CVE-2017-7746

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-slsk.c by adding checks for the remaining length.

7.5CVSS7.4AI score0.02045EPSS
CVE
CVE
added 2018/04/10 9:29 p.m.67 views

CVE-2018-3838

An exploitable information vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds read on the heap, resulting in information disclosure. An attacker can display a specially crafted image to...

6.5CVSS6.7AI score0.00447EPSS
CVE
CVE
added 2019/01/09 7:29 p.m.67 views

CVE-2018-6084

Insufficiently sanitized distributed objects in Updater in Google Chrome on macOS prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via an executable file.

7.8CVSS7.8AI score0.0013EPSS
Web
CVE
CVE
added 2018/02/23 9:29 p.m.67 views

CVE-2018-7435

An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the freexl::destroy_cell function.

8.8CVSS8.5AI score0.01006EPSS
CVE
CVE
added 2019/05/30 11:29 p.m.67 views

CVE-2019-12481

An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in the function GetESD at isomedia/track.c in libgpac.a, as demonstrated by MP4Box.

5.5CVSS5.5AI score0.00272EPSS
CVE
CVE
added 2019/08/15 5:15 p.m.67 views

CVE-2019-13220

Use of uninitialized stack variables in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file.

7.1CVSS6.7AI score0.00141EPSS
CVE
CVE
added 2019/09/17 12:15 p.m.67 views

CVE-2019-16378

OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be relevant to the origin of an e-mail message.

9.8CVSS9.2AI score0.00509EPSS
CVE
CVE
added 2020/05/20 2:15 p.m.67 views

CVE-2020-13230

In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs).

4.3CVSS5.1AI score0.00799EPSS
CVE
CVE
added 2021/05/27 7:15 p.m.67 views

CVE-2020-22027

A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2 in deflate16 at libavfilter/vf_neighbor.c, which might lead to memory corruption and other potential consequences.

8.8CVSS9.2AI score0.004EPSS
CVE
CVE
added 2022/04/18 5:15 p.m.67 views

CVE-2020-28612

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of ...

10CVSS9.2AI score0.00318EPSS
CVE
CVE
added 2022/04/18 5:15 p.m.67 views

CVE-2020-28620

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of ...

10CVSS9.2AI score0.00341EPSS
Total number of security vulnerabilities9135