Lucene search

K
DebianDebian Linux

9135 matches found

CVE
CVE
added 2019/07/10 3:15 p.m.66 views

CVE-2019-12467

MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.

5.3CVSS5.7AI score0.00336EPSS
CVE
CVE
added 2019/05/30 11:29 p.m.66 views

CVE-2019-12482

An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in the function gf_isom_get_original_format_type at isomedia/drm_sample.c in libgpac.a, as demonstrated by MP4Box.

7.5CVSS7.3AI score0.00552EPSS
CVE
CVE
added 2019/06/28 11:15 p.m.66 views

CVE-2019-13031

LemonLDAP::NG before 1.9.20 has an XML External Entity (XXE) issue when submitting a notification to the notification server. By default, the notification server is not enabled and has a "deny all" rule.

8.1CVSS7.9AI score0.00323EPSS
CVE
CVE
added 2019/10/08 1:15 a.m.66 views

CVE-2019-17345

An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest.

6.5CVSS6.2AI score0.00076EPSS
CVE
CVE
added 2019/10/08 1:15 a.m.66 views

CVE-2019-17349

An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a LoadExcl or StoreExcl operation.

5.5CVSS6.8AI score0.00142EPSS
CVE
CVE
added 2019/02/09 3:29 a.m.66 views

CVE-2019-7653

The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in this directory, as demonstrated by rdf2dot. This issue is specific to use of the debian/scripts direct...

9.8CVSS9.1AI score0.00714EPSS
CVE
CVE
added 2020/03/24 8:15 p.m.66 views

CVE-2020-10941

Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.

5.9CVSS5.5AI score0.00575EPSS
CVE
CVE
added 2021/08/10 9:15 p.m.66 views

CVE-2020-21675

A stack-based buffer overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ptk format.

5.5CVSS5.9AI score0.00109EPSS
CVE
CVE
added 2022/04/18 5:15 p.m.66 views

CVE-2020-28604

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of ...

10CVSS9.2AI score0.00408EPSS
CVE
CVE
added 2022/04/18 5:15 p.m.66 views

CVE-2020-28606

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of ...

10CVSS9.2AI score0.00408EPSS
CVE
CVE
added 2022/04/18 5:15 p.m.66 views

CVE-2020-28609

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of ...

10CVSS9.2AI score0.00398EPSS
CVE
CVE
added 2022/04/18 5:15 p.m.66 views

CVE-2020-28610

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of ...

10CVSS9.2AI score0.00408EPSS
CVE
CVE
added 2022/04/18 5:15 p.m.66 views

CVE-2020-28617

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of ...

10CVSS9.2AI score0.00348EPSS
CVE
CVE
added 2020/12/18 8:15 a.m.66 views

CVE-2020-35477

MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the "Change visibility of selected log entries" checkbox (or a tags checkbox) next to it, there i...

5.3CVSS5.9AI score0.00665EPSS
Web
CVE
CVE
added 2022/09/01 6:15 p.m.66 views

CVE-2020-35531

In LibRaw, an out-of-bounds read vulnerability exists within the get_huffman_diff() function (libraw\src\x3f\x3f_utils_patched.cpp) when reading data from an image file.

5.5CVSS5.3AI score0.00022EPSS
CVE
CVE
added 2021/03/04 8:15 p.m.66 views

CVE-2020-35628

A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->incident_sface. An attacker can provide malicious input to trigger this vulnerability.

10CVSS9.2AI score0.00593EPSS
CVE
CVE
added 2021/08/30 6:15 p.m.66 views

CVE-2020-35635

A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() store_sm_boundary_item() Sloop_of OOB read. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which ...

10CVSS9.1AI score0.00172EPSS
CVE
CVE
added 2021/08/18 1:15 p.m.66 views

CVE-2021-21847

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stts” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer ...

8.8CVSS8.8AI score0.00198EPSS
CVE
CVE
added 2021/08/18 1:15 p.m.66 views

CVE-2021-21855

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow ...

8.8CVSS8.8AI score0.00519EPSS
CVE
CVE
added 2021/11/05 6:15 p.m.66 views

CVE-2021-35368

OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname.

9.8CVSS9.2AI score0.00384EPSS
CVE
CVE
added 2022/08/10 6:15 a.m.66 views

CVE-2022-31778

Improper Input Validation vulnerability in handling the Transfer-Encoding header of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 8.0.0 to 9.0.2.

7.5CVSS7.3AI score0.00113EPSS
CVE
CVE
added 2022/11/01 1:15 p.m.66 views

CVE-2022-42311

Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service ...

6.5CVSS7AI score0.00045EPSS
CVE
CVE
added 2022/11/01 1:15 p.m.66 views

CVE-2022-42324

Oxenstored 32->31 bit integer truncation issues Integers in Ocaml are 63 or 31 bits of signed precision. The Ocaml Xenbus library takes a C uint32_t out of the ring and casts it directly to an Ocaml integer. In 64-bit Ocaml builds this is fine, but in 32-bit builds, it truncates off the most sig...

5.5CVSS6.6AI score0.00021EPSS
CVE
CVE
added 2022/12/23 11:3 p.m.66 views

CVE-2022-43597

Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This v...

8.1CVSS9.2AI score0.00367EPSS
CVE
CVE
added 2022/12/23 11:3 p.m.66 views

CVE-2022-43601

Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability a...

8.1CVSS9.1AI score0.0034EPSS
CVE
CVE
added 2023/03/01 3:15 p.m.66 views

CVE-2023-24757

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_unweighted_pred_16_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

5.5CVSS5.4AI score0.00021EPSS
CVE
CVE
added 2024/06/07 4:15 a.m.66 views

CVE-2024-37384

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via list columns from user preferences.

6.1CVSS6.1AI score0.00217EPSS
CVE
CVE
added 2025/02/26 10:15 p.m.66 views

CVE-2024-55581

When AdaCore Ada Web Server 25.0.0 is linked with GnuTLS, the default behaviour of AWS.Client is vulnerable to a man-in-the-middle attack because of lack of verification of an HTTPS server's certificate (unless the using program specifies a TLS configuration).

7.4CVSS7.3AI score0.00042EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.65 views

CVE-1999-0405

A buffer overflow in lsof allows local users to obtain root privilege.

7.2CVSS7.1AI score0.0018EPSS
CVE
CVE
added 2003/06/09 4:0 a.m.65 views

CVE-2003-0358

Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges via a long -s command line option.

4.6CVSS6.4AI score0.00227EPSS
CVE
CVE
added 2005/07/18 4:0 a.m.65 views

CVE-2005-1689

Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions.

9.8CVSS9.7AI score0.55203EPSS
CVE
CVE
added 2005/10/21 1:2 a.m.65 views

CVE-2005-3274

Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 before 2.4.32-pre2, when running on SMP systems, allows local users to cause a denial of service (null dereference) by causing a connection timer to expire while the connection table is being flushed before the appropriate lock i...

4.7CVSS5.5AI score0.00126EPSS
CVE
CVE
added 2007/05/02 5:19 p.m.65 views

CVE-2007-1366

QEMU 0.8.2 allows local users to crash a virtual machine via the divisor operand to the aam instruction, as demonstrated by "aam 0x0," which triggers a divide-by-zero error.

2.1CVSS5.7AI score0.00088EPSS
CVE
CVE
added 2007/10/11 10:17 a.m.65 views

CVE-2007-5365

Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum ...

7.2CVSS7.8AI score0.41631EPSS
CVE
CVE
added 2009/03/30 4:30 p.m.65 views

CVE-2009-0115

The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows...

7.8CVSS7.4AI score0.00084EPSS
CVE
CVE
added 2010/03/31 6:0 p.m.65 views

CVE-2010-1187

The Transparent Inter-Process Communication (TIPC) functionality in Linux kernel 2.6.16-rc1 through 2.6.33, and possibly other versions, allows local users to cause a denial of service (kernel OOPS) by sending datagrams through AF_TIPC before entering network mode, which triggers a NULL pointer der...

4.9CVSS6.3AI score0.00066EPSS
CVE
CVE
added 2010/12/07 9:0 p.m.65 views

CVE-2010-4492

Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animations.

7.5CVSS9.2AI score0.01918EPSS
CVE
CVE
added 2012/06/02 3:55 p.m.65 views

CVE-2012-2947

chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call o...

2.6CVSS6.3AI score0.04301EPSS
CVE
CVE
added 2019/12/02 6:15 p.m.65 views

CVE-2012-4576

FreeBSD: Input Validation Flaw allows local users to gain elevated privileges

7.8CVSS7.5AI score0.00101EPSS
CVE
CVE
added 2013/08/21 12:17 p.m.65 views

CVE-2013-2902

Use-after-free vulnerability in the XSLT ProcessingInstruction implementation in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to an applyXSLTransform call involving (1) an HTML...

7.5CVSS6.9AI score0.00887EPSS
CVE
CVE
added 2017/03/31 4:59 p.m.65 views

CVE-2014-5008

Snoopy allows remote attackers to execute arbitrary commands.

9.8CVSS9.5AI score0.05547EPSS
CVE
CVE
added 2016/06/07 2:6 p.m.65 views

CVE-2014-9746

The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix function in type42/t42parse.c, and (4) ps_parser_load_field function in psaux/psobjs.c in FreeType before 2.5.4 do not check return values, which allows remote att...

9.8CVSS9.5AI score0.00847EPSS
CVE
CVE
added 2016/04/13 3:59 p.m.65 views

CVE-2015-0861

model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write to arbitrary fields via a sequence of records.

4.3CVSS4.3AI score0.00251EPSS
CVE
CVE
added 2017/09/13 4:29 p.m.65 views

CVE-2015-2749

Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.

6.1CVSS6.2AI score0.00521EPSS
CVE
CVE
added 2016/04/14 2:59 p.m.65 views

CVE-2015-5343

Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which...

8CVSS7.9AI score0.24978EPSS
CVE
CVE
added 2015/11/19 8:59 p.m.65 views

CVE-2015-7984

Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd param...

6.8CVSS6.6AI score0.01484EPSS
Web
CVE
CVE
added 2015/11/02 7:59 p.m.65 views

CVE-2015-8036

Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly han...

6.8CVSS8AI score0.01704EPSS
CVE
CVE
added 2019/02/17 4:29 p.m.65 views

CVE-2016-10742

Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter.

6.1CVSS6.6AI score0.00421EPSS
CVE
CVE
added 2016/01/22 3:59 p.m.65 views

CVE-2016-1572

mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid.

8.4CVSS8AI score0.00053EPSS
CVE
CVE
added 2017/04/21 8:59 p.m.65 views

CVE-2016-2347

Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive.

7.8CVSS7.7AI score0.00447EPSS
Total number of security vulnerabilities9135