Lucene search

K
DebianDebian Linux

9134 matches found

CVE
CVE
added 2016/04/12 2:59 p.m.64 views

CVE-2015-8537

app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sensitive information by viewing an Atom feed.

5.3CVSS5.3AI score0.00467EPSS
CVE
CVE
added 2017/01/23 9:59 p.m.64 views

CVE-2015-8971

Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063.

7.8CVSS7.9AI score0.01309EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.64 views

CVE-2016-1693

browser/safe_browsing/srt_field_trial_win.cc in Google Chrome before 51.0.2704.63 does not use the HTTPS service on dl.google.com to obtain the Software Removal Tool, which allows remote attackers to spoof the chrome_cleanup_tool.exe (aka CCT) file via a man-in-the-middle attack on an HTTP session.

5.3CVSS5.8AI score0.00895EPSS
CVE
CVE
added 2016/04/13 4:59 p.m.64 views

CVE-2016-2228

Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_menubar.html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via the searchfield parameter, as demonstrated by a request to xplor...

6.1CVSS5.9AI score0.00575EPSS
Web
CVE
CVE
added 2017/01/06 9:59 p.m.64 views

CVE-2016-2370

A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this vulnerability.

5.9CVSS6.2AI score0.01915EPSS
CVE
CVE
added 2017/01/06 9:59 p.m.64 views

CVE-2016-2374

An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT MultiMX message sent via the server can result in an out-of-bounds write leading to memory disclosure and code execution.

8.1CVSS8.2AI score0.02727EPSS
CVE
CVE
added 2016/06/16 6:59 p.m.64 views

CVE-2016-3062

The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.

8.8CVSS8.7AI score0.02512EPSS
CVE
CVE
added 2016/10/07 2:59 p.m.64 views

CVE-2016-7424

The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav 11.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted MP3 file.

5.5CVSS5.1AI score0.0024EPSS
CVE
CVE
added 2017/02/17 2:59 a.m.64 views

CVE-2016-9955

The SimpleSAML_XML_Validator class constructor in SimpleSAMLphp before 1.14.11 might allow remote attackers to spoof signatures on SAML 1 responses or possibly cause a denial of service (memory consumption) by leveraging improper conversion of return values to boolean.

6.3CVSS6.4AI score0.0041EPSS
CVE
CVE
added 2017/02/22 4:59 p.m.64 views

CVE-2016-9956

The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script.

7.5CVSS7.2AI score0.01886EPSS
CVE
CVE
added 2018/04/13 3:29 p.m.64 views

CVE-2017-0356

A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters.

9.8CVSS7.2AI score0.10038EPSS
CVE
CVE
added 2017/10/18 2:29 a.m.64 views

CVE-2017-15569

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list.

6.1CVSS6.2AI score0.00517EPSS
CVE
CVE
added 2017/10/18 2:29 a.m.64 views

CVE-2017-15574

In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible by using an SVG document as an attachment.

6.1CVSS6.8AI score0.00381EPSS
CVE
CVE
added 2017/11/21 2:29 p.m.64 views

CVE-2017-16664

Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation.

8.8CVSS8.8AI score0.01033EPSS
CVE
CVE
added 2018/05/09 5:29 p.m.64 views

CVE-2017-18265

Prosody before 0.10.0 allows remote attackers to cause a denial of service (application crash), related to an incompatibility with certain versions of the LuaSocket library, such as the lua-socket package from Debian stretch. The attacker needs to trigger a stream error. A crash can be observed in,...

7.5CVSS7.3AI score0.01063EPSS
CVE
CVE
added 2017/02/24 4:59 a.m.64 views

CVE-2017-6306

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "9 of 9. Directory Traversal using the filename; SanitizeFilename function in settings.c."

7.8CVSS7.3AI score0.00587EPSS
CVE
CVE
added 2017/02/24 4:59 a.m.64 views

CVE-2017-6308

An issue was discovered in tnef before 1.4.13. Several Integer Overflows, which can lead to Heap Overflows, have been identified in the functions that wrap memory allocation.

7.8CVSS7.5AI score0.00276EPSS
CVE
CVE
added 2017/06/26 7:29 a.m.64 views

CVE-2017-9929

In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:1074, which allows attackers to cause a denial of service via a crafted file.

5.5CVSS6AI score0.0044EPSS
CVE
CVE
added 2018/04/17 9:29 p.m.64 views

CVE-2018-10191

In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c::mrb_vm_exec() when handling OP_GETUPVAR in the presence of deep scope nesting, resulting in a use-after-free. An attacker that can cause Ruby code to be run can use this to possibly execute arbitrary code.

9.8CVSS9.7AI score0.01362EPSS
CVE
CVE
added 2018/03/21 8:29 p.m.64 views

CVE-2018-3710

Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution.

7.8CVSS7.9AI score0.05239EPSS
CVE
CVE
added 2019/04/10 9:29 p.m.64 views

CVE-2019-11071

SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visitors to execute arbitrary code on the host server because var_memotri is mishandled.

8.8CVSS7.7AI score0.02551EPSS
CVE
CVE
added 2020/07/15 3:15 p.m.64 views

CVE-2019-17637

In all versions of Eclipse Web Tools Platform through release 3.18 (2020-06), XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences...

7.1CVSS6.6AI score0.00165EPSS
CVE
CVE
added 2019/10/29 7:15 p.m.64 views

CVE-2019-18603

OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer.

5.9CVSS6.2AI score0.00413EPSS
CVE
CVE
added 2021/05/27 6:15 p.m.64 views

CVE-2020-22030

A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/af_afade.c in crossfade_samples_fltp, which might lead to memory corruption and other potential consequences.

8.8CVSS9.2AI score0.00485EPSS
CVE
CVE
added 2022/04/18 5:15 p.m.64 views

CVE-2020-28602

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of ...

10CVSS9.2AI score0.00408EPSS
CVE
CVE
added 2022/04/18 5:15 p.m.64 views

CVE-2020-28633

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of ...

10CVSS9.2AI score0.00408EPSS
CVE
CVE
added 2020/12/15 6:15 p.m.64 views

CVE-2020-29485

An issue was discovered in Xen 4.6 through 4.14.x. When acting upon a guest XS_RESET_WATCHES request, not all tracking information is freed. A guest can cause unbounded memory usage in oxenstored. This can lead to a system-wide DoS. Only systems using the Ocaml Xenstored implementation are vulnerab...

5.5CVSS6.4AI score0.00063EPSS
CVE
CVE
added 2021/03/04 8:15 p.m.64 views

CVE-2020-35636

A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->volume() OOB read. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to cod...

10CVSS9.3AI score0.00116EPSS
CVE
CVE
added 2021/05/06 3:15 p.m.64 views

CVE-2021-20204

A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when processing maliciously crafted dirfile databases. This degrades the confidentiality, integrity and availability of third-party software that uses libgetdata as a library. This vulnerability may lead to arb...

9.8CVSS9.8AI score0.02708EPSS
CVE
CVE
added 2021/08/18 1:15 p.m.64 views

CVE-2021-21837

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that caus...

8.8CVSS8.8AI score0.00509EPSS
CVE
CVE
added 2021/08/18 1:15 p.m.64 views

CVE-2021-21839

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that caus...

8.8CVSS8.8AI score0.00509EPSS
CVE
CVE
added 2021/08/18 1:15 p.m.64 views

CVE-2021-21857

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow ...

8.8CVSS8.8AI score0.00238EPSS
CVE
CVE
added 2021/06/11 4:15 p.m.64 views

CVE-2021-22895

Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow.

5.9CVSS5.8AI score0.00364EPSS
CVE
CVE
added 2021/09/01 3:15 p.m.64 views

CVE-2021-36050

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

9.3CVSS7.7AI score0.01262EPSS
CVE
CVE
added 2021/12/22 7:15 p.m.64 views

CVE-2021-40394

An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file...

10CVSS9.4AI score0.00556EPSS
CVE
CVE
added 2022/04/25 5:15 p.m.64 views

CVE-2022-1441

MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function diST_box_read() to read from video. In this function, it allocates a buffer str with fixed length. However, content read from bs is controllabl...

7.8CVSS7.6AI score0.00119EPSS
CVE
CVE
added 2022/08/10 6:15 a.m.64 views

CVE-2022-31780

Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.

7.5CVSS7.3AI score0.00248EPSS
CVE
CVE
added 2022/12/23 11:3 p.m.64 views

CVE-2022-43595

Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these vulnerabil...

5.9CVSS7.4AI score0.00148EPSS
CVE
CVE
added 2005/03/01 5:0 a.m.63 views

CVE-2004-0986

Iptables before 1.2.11, under certain conditions, does not properly load the required modules at system startup, which causes the firewall rules to fail to load and protect the system from remote attackers.

7.5CVSS6.3AI score0.01269EPSS
CVE
CVE
added 2005/12/12 9:3 p.m.63 views

CVE-2005-4178

Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations.

6.5CVSS7.3AI score0.01719EPSS
CVE
CVE
added 2006/04/18 8:2 p.m.63 views

CVE-2006-1753

A cron job in fcheck before 2.7.59 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

3.6CVSS6AI score0.00064EPSS
CVE
CVE
added 2007/02/26 8:28 p.m.63 views

CVE-2007-0778

The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 can generate hash collisions that cause page data to be appended to the wrong page cache, which allows remote attackers to obtain sensitive information or enable further attack vectors when ...

5.4CVSS5.7AI score0.01036EPSS
CVE
CVE
added 2019/11/13 8:15 p.m.63 views

CVE-2010-4653

An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts.

6.5CVSS6.9AI score0.00782EPSS
CVE
CVE
added 2011/08/03 12:55 a.m.63 views

CVE-2011-2818

Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to display box rendering.

6.8CVSS6.9AI score0.02962EPSS
CVE
CVE
added 2011/11/11 11:55 a.m.63 views

CVE-2011-3895

Heap-based buffer overflow in the Vorbis decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream.

7.5CVSS9.6AI score0.03439EPSS
CVE
CVE
added 2019/11/22 5:15 p.m.63 views

CVE-2012-0812

PostfixAdmin 2.3.4 has multiple XSS vulnerabilities

6.1CVSS6AI score0.00579EPSS
CVE
CVE
added 2019/12/05 7:15 p.m.63 views

CVE-2012-1105

An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner.

5.5CVSS5AI score0.00152EPSS
CVE
CVE
added 2012/09/05 11:55 p.m.63 views

CVE-2012-3527

view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature (HMAC)."

4.6CVSS7.2AI score0.02065EPSS
CVE
CVE
added 2012/07/24 7:55 p.m.63 views

CVE-2012-4048

The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump.

3.3CVSS6.2AI score0.00209EPSS
CVE
CVE
added 2013/08/28 9:55 p.m.63 views

CVE-2013-2072

Buffer overflow in the Python bindings for the xc_vcpu_setaffinity call in Xen 4.0.x, 4.1.x, and 4.2.x allows local administrators with permissions to configure VCPU affinity to cause a denial of service (memory corruption and xend toolstack crash) and possibly gain privileges via a crafted cpumap.

7.4CVSS4.3AI score0.00363EPSS
Total number of security vulnerabilities9134