Lucene search

K
DebianDebian Linux

9134 matches found

CVE
CVE
added 2017/01/06 9:59 p.m.65 views

CVE-2016-4323

A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can provide an invalid filename for a splash image trigge...

5.8CVSS5.5AI score0.03481EPSS
CVE
CVE
added 2016/05/06 5:59 p.m.65 views

CVE-2016-4422

The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth might allow context-dependent attackers to bypass authentication or gain privileges via a system user account.

10CVSS9.4AI score0.00524EPSS
CVE
CVE
added 2018/04/13 4:29 p.m.65 views

CVE-2017-0364

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link.

6.1CVSS6.3AI score0.0022EPSS
CVE
CVE
added 2017/10/18 2:29 a.m.65 views

CVE-2017-15577

Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive information.

7.5CVSS7.8AI score0.00537EPSS
CVE
CVE
added 2017/10/27 4:29 p.m.65 views

CVE-2017-15924

In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the add_server, build_config, and construct_command_line functions.

7.8CVSS7.7AI score0.00451EPSS
CVE
CVE
added 2018/01/04 5:29 p.m.65 views

CVE-2017-1665

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133559.

5.9CVSS6.2AI score0.00142EPSS
CVE
CVE
added 2017/12/06 12:29 a.m.65 views

CVE-2017-17432

OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value.

7.8CVSS7.3AI score0.01235EPSS
CVE
CVE
added 2017/12/13 10:29 p.m.65 views

CVE-2017-17669

There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack.

5.5CVSS6.1AI score0.00167EPSS
CVE
CVE
added 2017/03/17 9:59 a.m.65 views

CVE-2017-6960

An issue was discovered in apng2gif 1.7. There is an integer overflow resulting in a heap-based buffer over-read, related to the load_apng function and the imagesize variable.

7.5CVSS7.4AI score0.00358EPSS
CVE
CVE
added 2017/05/23 9:29 p.m.65 views

CVE-2017-8312

Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file.

5.5CVSS5.8AI score0.00338EPSS
CVE
CVE
added 2017/11/15 8:29 a.m.65 views

CVE-2017-8811

The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTML mangling attacks.

6.1CVSS7.4AI score0.00293EPSS
CVE
CVE
added 2017/11/15 8:29 a.m.65 views

CVE-2017-8815

The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules.

7.5CVSS8.5AI score0.00409EPSS
CVE
CVE
added 2018/06/26 4:29 p.m.65 views

CVE-2018-1000528

GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting (XSS) vulnerability in change password form (html/password.php, #308) that can result in injection of arbitrary web script or HTML. This attack appear to be exploitable via the victim must op...

6.1CVSS6.2AI score0.00485EPSS
CVE
CVE
added 2018/04/22 5:29 a.m.65 views

CVE-2018-10289

In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file.

5.5CVSS5.2AI score0.00239EPSS
CVE
CVE
added 2018/06/19 5:29 a.m.65 views

CVE-2018-12565

An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load() instead of yaml.safe_load() when parsing user data, remote code execution can occur.

8.8CVSS8.9AI score0.02631EPSS
CVE
CVE
added 2018/11/11 5:29 a.m.65 views

CVE-2018-19141

Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to conduct an XSS attack via a modified URL because user and customer preferences are mishandled.

4.8CVSS5.2AI score0.00269EPSS
CVE
CVE
added 2020/05/27 6:15 p.m.65 views

CVE-2020-10936

Sympa before 6.2.56 allows privilege escalation.

7.8CVSS7.6AI score0.00105EPSS
CVE
CVE
added 2020/04/15 4:15 p.m.65 views

CVE-2020-11729

An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. Long-term session cookies, uses to provide long-term session continuity, are not generated securely, enabling a brute-force attack that may be successful.

9.8CVSS9.1AI score0.00472EPSS
CVE
CVE
added 2020/06/17 4:15 p.m.65 views

CVE-2020-14396

An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference.

7.5CVSS7.3AI score0.01068EPSS
CVE
CVE
added 2022/04/18 5:15 p.m.65 views

CVE-2020-28625

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of ...

10CVSS9.2AI score0.00318EPSS
CVE
CVE
added 2022/04/18 5:15 p.m.65 views

CVE-2020-28628

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of ...

10CVSS9.2AI score0.00318EPSS
CVE
CVE
added 2022/04/18 5:15 p.m.65 views

CVE-2020-28629

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of ...

10CVSS9.2AI score0.00318EPSS
CVE
CVE
added 2021/04/28 7:15 a.m.65 views

CVE-2021-31865

Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments.

5.3CVSS5.3AI score0.00391EPSS
CVE
CVE
added 2021/11/11 10:15 p.m.65 views

CVE-2021-3910

OctoRPKI crashes when encountering a repository that returns an invalid ROA (just an encoded NUL (\0) character).

7.5CVSS5.8AI score0.00502EPSS
CVE
CVE
added 2022/08/30 7:15 a.m.65 views

CVE-2021-46837

res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrenc...

6.5CVSS6.3AI score0.02295EPSS
CVE
CVE
added 2022/08/25 3:15 p.m.65 views

CVE-2022-22728

A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack.

7.5CVSS7.5AI score0.0169EPSS
CVE
CVE
added 2022/09/19 9:15 p.m.65 views

CVE-2022-28201

An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite recursion, because a bare local interwiki is mishandled for the mainpage message.

4.4CVSS5.6AI score0.00037EPSS
CVE
CVE
added 2022/09/15 3:15 p.m.65 views

CVE-2022-38855

Certain The MPlayer Project products are vulnerable to Buffer Overflow via function gen_sh_video () of mplayer/libmpdemux/demux_mov.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.

5.5CVSS5.5AI score0.00036EPSS
CVE
CVE
added 2022/09/15 3:15 p.m.65 views

CVE-2022-38865

Certain The MPlayer Project products are vulnerable to Divide By Zero via the function demux_avi_read_packet of libmpdemux/demux_avi.c. This affects mplyer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.

5.5CVSS5.5AI score0.00034EPSS
CVE
CVE
added 2022/12/23 11:3 p.m.65 views

CVE-2022-41999

A denial of service vulnerability exists in the DDS native tile reading functionality of OpenImageIO Project OpenImageIO v2.3.19.0 and v2.4.4.2. A specially-crafted .dds can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability.

7.5CVSS8AI score0.00132EPSS
CVE
CVE
added 2024/02/11 3:15 a.m.65 views

CVE-2024-25714

In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. (The fix uses gnutls_memcmp, which has constant-time execution.)

9.8CVSS6.5AI score0.00144EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.64 views

CVE-1999-0373

Buffer overflow in the "Super" utility in Debian GNU/Linux, and other operating systems, allows local users to execute commands as root.

7.2CVSS7.4AI score0.00084EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.64 views

CVE-2000-0508

rpc.lockd in Red Hat Linux 6.1 and 6.2 allows remote attackers to cause a denial of service via a malformed request.

5CVSS7.4AI score0.06568EPSS
CVE
CVE
added 2008/09/04 5:41 p.m.64 views

CVE-2007-6716

fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test.

5.5CVSS5.1AI score0.00042EPSS
CVE
CVE
added 2008/05/29 4:32 p.m.64 views

CVE-2008-2137

The (1) sparc_mmap_check function in arch/sparc/kernel/sys_sparc.c and the (2) sparc64_mmap_check function in arch/sparc64/kernel/sys_sparc.c, in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3, omit some virtual-address range (aka span) checks when the mmap MAP_FIXED bit is not set, w...

4.4CVSS5.8AI score0.00088EPSS
CVE
CVE
added 2008/06/24 7:41 p.m.64 views

CVE-2008-2663

Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-20...

10CVSS7.2AI score0.04012EPSS
CVE
CVE
added 2010/12/22 1:0 a.m.64 views

CVE-2010-4578

Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 do not properly perform cursor handling, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale pointers."

7.5CVSS8.7AI score0.01771EPSS
CVE
CVE
added 2012/07/22 4:55 p.m.64 views

CVE-2012-2751

ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform ot...

4.3CVSS5.7AI score0.01759EPSS
CVE
CVE
added 2019/12/30 8:15 p.m.64 views

CVE-2012-5476

Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value.

5.5CVSS5.6AI score0.00146EPSS
CVE
CVE
added 2013/07/10 10:55 a.m.64 views

CVE-2013-2869

Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted JPEG2000 image.

4.3CVSS6AI score0.00686EPSS
CVE
CVE
added 2013/05/25 3:18 a.m.64 views

CVE-2013-3557

The dissect_ber_choice function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7 does not properly initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

5CVSS6.3AI score0.0418EPSS
CVE
CVE
added 2014/01/16 12:17 p.m.64 views

CVE-2013-6644

Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

7.5CVSS6.9AI score0.01698EPSS
CVE
CVE
added 2014/12/03 6:59 p.m.64 views

CVE-2014-8104

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.

6.8CVSS5.9AI score0.01465EPSS
CVE
CVE
added 2014/11/19 6:59 p.m.64 views

CVE-2014-8594

The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer dereference) by leveraging hardware emulation services for HVM guests using Hardware Assisted Pagi...

5.4CVSS5.3AI score0.01876EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.64 views

CVE-2014-9656

The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font.

7.5CVSS7.8AI score0.01793EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.64 views

CVE-2014-9662

cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted OTF font.

7.5CVSS7.9AI score0.02738EPSS
CVE
CVE
added 2015/02/03 4:59 p.m.64 views

CVE-2015-1382

parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header.

5CVSS6.3AI score0.02206EPSS
CVE
CVE
added 2017/09/13 4:29 p.m.64 views

CVE-2015-2750

Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence.

6.1CVSS6.1AI score0.00638EPSS
CVE
CVE
added 2015/04/08 6:59 p.m.64 views

CVE-2015-2782

Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ARJ archive.

7.5CVSS7.9AI score0.05446EPSS
CVE
CVE
added 2015/11/06 9:59 p.m.64 views

CVE-2015-7762

rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network.

5CVSS6AI score0.00472EPSS
Total number of security vulnerabilities9134