Lucene search

K
DebianDebian Linux

9127 matches found

CVE
CVE
added 2021/12/22 7:15 p.m.64 views

CVE-2021-40394

An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file...

10CVSS9.4AI score0.00556EPSS
CVE
CVE
added 2022/04/25 5:15 p.m.64 views

CVE-2022-1441

MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function diST_box_read() to read from video. In this function, it allocates a buffer str with fixed length. However, content read from bs is controllabl...

7.8CVSS7.6AI score0.00165EPSS
CVE
CVE
added 2022/08/10 6:15 a.m.64 views

CVE-2022-31780

Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.

7.5CVSS7.3AI score0.00248EPSS
CVE
CVE
added 2022/11/01 1:15 p.m.64 views

CVE-2022-42324

Oxenstored 32->31 bit integer truncation issues Integers in Ocaml are 63 or 31 bits of signed precision. The Ocaml Xenbus library takes a C uint32_t out of the ring and casts it directly to an Ocaml integer. In 64-bit Ocaml builds this is fine, but in 32-bit builds, it truncates off the most sig...

5.5CVSS6.6AI score0.00021EPSS
CVE
CVE
added 2022/12/23 11:3 p.m.64 views

CVE-2022-43595

Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these vulnerabil...

5.9CVSS7.4AI score0.0013EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.63 views

CVE-1999-0373

Buffer overflow in the "Super" utility in Debian GNU/Linux, and other operating systems, allows local users to execute commands as root.

7.2CVSS7.4AI score0.00084EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.63 views

CVE-2000-0508

rpc.lockd in Red Hat Linux 6.1 and 6.2 allows remote attackers to cause a denial of service via a malformed request.

5CVSS7.4AI score0.06568EPSS
CVE
CVE
added 2005/07/18 4:0 a.m.63 views

CVE-2005-1689

Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions.

9.8CVSS9.7AI score0.55203EPSS
CVE
CVE
added 2005/10/21 1:2 a.m.63 views

CVE-2005-3274

Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 before 2.4.32-pre2, when running on SMP systems, allows local users to cause a denial of service (null dereference) by causing a connection timer to expire while the connection table is being flushed before the appropriate lock i...

4.7CVSS5.5AI score0.00126EPSS
CVE
CVE
added 2006/04/18 8:2 p.m.63 views

CVE-2006-1753

A cron job in fcheck before 2.7.59 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

3.6CVSS6AI score0.00064EPSS
CVE
CVE
added 2008/06/24 7:41 p.m.63 views

CVE-2008-2663

Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-20...

10CVSS7.2AI score0.04012EPSS
CVE
CVE
added 2019/11/22 5:15 p.m.63 views

CVE-2012-0812

PostfixAdmin 2.3.4 has multiple XSS vulnerabilities

6.1CVSS6AI score0.00579EPSS
CVE
CVE
added 2019/12/05 7:15 p.m.63 views

CVE-2012-1105

An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner.

5.5CVSS5AI score0.00152EPSS
CVE
CVE
added 2012/09/05 11:55 p.m.63 views

CVE-2012-3527

view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature (HMAC)."

4.6CVSS7.2AI score0.02065EPSS
CVE
CVE
added 2012/07/24 7:55 p.m.63 views

CVE-2012-4048

The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump.

3.3CVSS6.2AI score0.00209EPSS
CVE
CVE
added 2013/08/28 9:55 p.m.63 views

CVE-2013-2072

Buffer overflow in the Python bindings for the xc_vcpu_setaffinity call in Xen 4.0.x, 4.1.x, and 4.2.x allows local administrators with permissions to configure VCPU affinity to cause a denial of service (memory corruption and xend toolstack crash) and possibly gain privileges via a crafted cpumap.

7.4CVSS4.3AI score0.00363EPSS
CVE
CVE
added 2013/06/05 12:55 a.m.63 views

CVE-2013-2858

Use-after-free vulnerability in the HTML5 Audio implementation in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5CVSS7AI score0.0061EPSS
CVE
CVE
added 2013/06/05 12:55 a.m.63 views

CVE-2013-2859

Google Chrome before 27.0.1453.110 allows remote attackers to bypass the Same Origin Policy and trigger namespace pollution via unspecified vectors.

7.5CVSS6.2AI score0.00119EPSS
CVE
CVE
added 2013/06/09 9:55 p.m.63 views

CVE-2013-4082

The vwr_read function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.8 does not validate the relationship between a record length and a trailer length, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) vi...

5CVSS8.9AI score0.01535EPSS
CVE
CVE
added 2014/03/14 3:55 p.m.63 views

CVE-2013-6475

Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers a heap-based buffer overflow.

6.8CVSS7.5AI score0.05196EPSS
CVE
CVE
added 2014/01/28 2:30 p.m.63 views

CVE-2013-6649

Use-after-free vulnerability in the RenderSVGImage::paint function in core/rendering/svg/RenderSVGImage.cpp in Blink, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a zero-size SVG i...

7.5CVSS7AI score0.00926EPSS
CVE
CVE
added 2014/11/05 11:55 a.m.63 views

CVE-2014-8542

libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted JV data.

7.5CVSS9.2AI score0.0152EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.63 views

CVE-2014-9662

cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted OTF font.

7.5CVSS7.9AI score0.02738EPSS
CVE
CVE
added 2015/02/03 4:59 p.m.63 views

CVE-2015-1382

parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header.

5CVSS6.3AI score0.02206EPSS
CVE
CVE
added 2017/09/13 4:29 p.m.63 views

CVE-2015-2750

Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence.

6.1CVSS6.1AI score0.00638EPSS
CVE
CVE
added 2015/04/08 6:59 p.m.63 views

CVE-2015-2782

Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ARJ archive.

7.5CVSS7.9AI score0.05446EPSS
CVE
CVE
added 2015/11/02 7:59 p.m.63 views

CVE-2015-5291

Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) ex...

6.8CVSS8.4AI score0.01704EPSS
CVE
CVE
added 2017/01/23 9:59 p.m.63 views

CVE-2015-8971

Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063.

7.8CVSS7.9AI score0.01309EPSS
CVE
CVE
added 2019/11/05 2:15 p.m.63 views

CVE-2016-1000002

gdm3 3.14.2 and possibly later has an information leak before screen lock

2.4CVSS3.7AI score0.0016EPSS
CVE
CVE
added 2017/08/31 8:29 p.m.63 views

CVE-2016-10510

Cross-site scripting (XSS) vulnerability in the Security component of Kohana before 3.3.6 allows remote attackers to inject arbitrary web script or HTML by bypassing the strip_image_tags protection mechanism in system/classes/Kohana/Security.php.

6.1CVSS5.9AI score0.00669EPSS
CVE
CVE
added 2017/01/06 9:59 p.m.63 views

CVE-2016-2370

A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this vulnerability.

5.9CVSS6.2AI score0.01915EPSS
CVE
CVE
added 2016/06/16 6:59 p.m.63 views

CVE-2016-3062

The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.

8.8CVSS8.7AI score0.02449EPSS
CVE
CVE
added 2016/06/01 10:59 p.m.63 views

CVE-2016-4423

The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username stored in a session, which allows remote attackers ...

7.5CVSS7.2AI score0.01435EPSS
CVE
CVE
added 2018/03/21 8:29 p.m.63 views

CVE-2017-0917

Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting.

6.1CVSS6AI score0.0008EPSS
CVE
CVE
added 2017/10/16 4:29 a.m.63 views

CVE-2017-15371

There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.

5.5CVSS5.4AI score0.00321EPSS
CVE
CVE
added 2017/10/18 2:29 a.m.63 views

CVE-2017-15569

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list.

6.1CVSS6.2AI score0.00517EPSS
CVE
CVE
added 2017/10/18 2:29 a.m.63 views

CVE-2017-15570

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data.

6.1CVSS6.8AI score0.00517EPSS
CVE
CVE
added 2017/11/21 2:29 p.m.63 views

CVE-2017-16664

Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation.

8.8CVSS8.8AI score0.01033EPSS
CVE
CVE
added 2017/11/23 6:29 a.m.63 views

CVE-2017-16927

The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager in xrdp through 0.9.4 uses an untrusted integer as a write length, which allows local users to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted in...

8.4CVSS7.7AI score0.00124EPSS
CVE
CVE
added 2017/12/06 12:29 a.m.63 views

CVE-2017-17432

OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value.

7.8CVSS7.3AI score0.01235EPSS
CVE
CVE
added 2018/04/24 7:29 p.m.63 views

CVE-2017-2905

An exploitable integer overflow exists in the bmp loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.bmp' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. A...

8.8CVSS7.7AI score0.01064EPSS
CVE
CVE
added 2018/04/24 7:29 p.m.63 views

CVE-2017-2906

An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the applicat...

8.8CVSS7.7AI score0.01064EPSS
CVE
CVE
added 2017/11/15 8:29 a.m.63 views

CVE-2017-8812

MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline.

5.3CVSS6.9AI score0.00798EPSS
CVE
CVE
added 2018/06/26 4:29 p.m.63 views

CVE-2018-1000550

The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. This attack appear to be exploitable via HTTP GET/POST request. This vu...

9.8CVSS8.5AI score0.00474EPSS
CVE
CVE
added 2018/03/21 8:29 p.m.63 views

CVE-2018-3710

Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution.

7.8CVSS7.9AI score0.05239EPSS
CVE
CVE
added 2018/02/23 9:29 p.m.63 views

CVE-2018-7438

An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the parse_unicode_string function.

8.8CVSS8.5AI score0.00701EPSS
CVE
CVE
added 2019/10/08 1:15 a.m.63 views

CVE-2019-17349

An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a LoadExcl or StoreExcl operation.

5.5CVSS6.8AI score0.00142EPSS
CVE
CVE
added 2021/05/27 6:15 p.m.63 views

CVE-2020-22030

A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/af_afade.c in crossfade_samples_fltp, which might lead to memory corruption and other potential consequences.

8.8CVSS9.2AI score0.00485EPSS
CVE
CVE
added 2022/04/18 5:15 p.m.63 views

CVE-2020-28602

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of ...

10CVSS9.2AI score0.00383EPSS
CVE
CVE
added 2022/04/18 5:15 p.m.63 views

CVE-2020-28605

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of ...

10CVSS9.2AI score0.00383EPSS
Total number of security vulnerabilities9127