Lucene search

K
DebianDebian Linux

9134 matches found

CVE
CVE
added 2013/06/05 12:55 a.m.63 views

CVE-2013-2858

Use-after-free vulnerability in the HTML5 Audio implementation in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5CVSS7AI score0.0061EPSS
CVE
CVE
added 2013/06/05 12:55 a.m.63 views

CVE-2013-2859

Google Chrome before 27.0.1453.110 allows remote attackers to bypass the Same Origin Policy and trigger namespace pollution via unspecified vectors.

7.5CVSS6.2AI score0.00119EPSS
CVE
CVE
added 2013/06/09 9:55 p.m.63 views

CVE-2013-4082

The vwr_read function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.8 does not validate the relationship between a record length and a trailer length, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) vi...

5CVSS8.9AI score0.01535EPSS
CVE
CVE
added 2014/03/14 3:55 p.m.63 views

CVE-2013-6475

Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers a heap-based buffer overflow.

6.8CVSS7.5AI score0.05196EPSS
CVE
CVE
added 2014/01/28 2:30 p.m.63 views

CVE-2013-6649

Use-after-free vulnerability in the RenderSVGImage::paint function in core/rendering/svg/RenderSVGImage.cpp in Blink, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a zero-size SVG i...

7.5CVSS7AI score0.00926EPSS
CVE
CVE
added 2014/10/02 2:55 p.m.63 views

CVE-2014-7155

The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involving an (1) HLT, (2) LGDT, (3) L...

5.8CVSS3.7AI score0.00782EPSS
CVE
CVE
added 2014/11/05 11:55 a.m.63 views

CVE-2014-8542

libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted JV data.

7.5CVSS9.2AI score0.0152EPSS
CVE
CVE
added 2015/02/03 4:59 p.m.63 views

CVE-2015-1381

Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors.

5CVSS6.8AI score0.02206EPSS
CVE
CVE
added 2015/04/29 8:59 p.m.63 views

CVE-2015-3026

Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request without login credentials, as demonstrated by a request to "admin/killsource?mount=/test.ogg."

5CVSS6.4AI score0.1532EPSS
Web
CVE
CVE
added 2015/11/02 7:59 p.m.63 views

CVE-2015-5291

Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) ex...

6.8CVSS8.4AI score0.01704EPSS
CVE
CVE
added 2019/11/05 2:15 p.m.63 views

CVE-2016-1000002

gdm3 3.14.2 and possibly later has an information leak before screen lock

2.4CVSS3.7AI score0.0016EPSS
CVE
CVE
added 2017/08/31 8:29 p.m.63 views

CVE-2016-10510

Cross-site scripting (XSS) vulnerability in the Security component of Kohana before 3.3.6 allows remote attackers to inject arbitrary web script or HTML by bypassing the strip_image_tags protection mechanism in system/classes/Kohana/Security.php.

6.1CVSS5.9AI score0.00669EPSS
CVE
CVE
added 2016/04/25 10:59 a.m.63 views

CVE-2016-4079

epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted packet.

5.9CVSS5.4AI score0.00228EPSS
CVE
CVE
added 2016/06/01 10:59 p.m.63 views

CVE-2016-4423

The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username stored in a session, which allows remote attackers ...

7.5CVSS7.2AI score0.01435EPSS
CVE
CVE
added 2016/09/21 2:25 p.m.63 views

CVE-2016-6801

Cross-site request forgery (CSRF) vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the authenticat...

8.8CVSS8.8AI score0.0036EPSS
CVE
CVE
added 2016/09/09 10:59 a.m.63 views

CVE-2016-7179

Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted packet.

5.9CVSS5.7AI score0.00678EPSS
CVE
CVE
added 2018/03/21 8:29 p.m.63 views

CVE-2017-0917

Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting.

6.1CVSS6AI score0.0008EPSS
CVE
CVE
added 2017/10/16 4:29 a.m.63 views

CVE-2017-15371

There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.

5.5CVSS5.4AI score0.00321EPSS
CVE
CVE
added 2017/10/18 2:29 a.m.63 views

CVE-2017-15570

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data.

6.1CVSS6.8AI score0.00517EPSS
CVE
CVE
added 2017/11/23 6:29 a.m.63 views

CVE-2017-16927

The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager in xrdp through 0.9.4 uses an untrusted integer as a write length, which allows local users to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted in...

8.4CVSS7.7AI score0.00124EPSS
CVE
CVE
added 2018/04/24 7:29 p.m.63 views

CVE-2017-2905

An exploitable integer overflow exists in the bmp loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.bmp' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. A...

8.8CVSS7.7AI score0.01064EPSS
CVE
CVE
added 2018/04/24 7:29 p.m.63 views

CVE-2017-2906

An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the applicat...

8.8CVSS7.7AI score0.01064EPSS
CVE
CVE
added 2017/11/15 8:29 a.m.63 views

CVE-2017-8812

MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline.

5.3CVSS6.9AI score0.00798EPSS
CVE
CVE
added 2018/06/26 4:29 p.m.63 views

CVE-2018-1000550

The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. This attack appear to be exploitable via HTTP GET/POST request. This vu...

9.8CVSS8.5AI score0.00474EPSS
CVE
CVE
added 2019/02/06 11:29 p.m.63 views

CVE-2018-20762

GPAC version 0.7.1 and earlier has a buffer overflow vulnerability in the cat_multiple_files function in applications/mp4box/fileimport.c when MP4Box is used for a local directory containing crafted filenames.

7.8CVSS7.7AI score0.0032EPSS
CVE
CVE
added 2018/02/23 9:29 p.m.63 views

CVE-2018-7438

An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the parse_unicode_string function.

8.8CVSS8.5AI score0.00665EPSS
CVE
CVE
added 2021/04/06 8:15 a.m.63 views

CVE-2019-25026

Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting.

5.3CVSS5.5AI score0.00435EPSS
CVE
CVE
added 2022/04/18 5:15 p.m.63 views

CVE-2020-28605

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of ...

10CVSS9.2AI score0.00408EPSS
CVE
CVE
added 2022/04/18 5:15 p.m.63 views

CVE-2020-28619

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of ...

10CVSS9.2AI score0.00341EPSS
CVE
CVE
added 2022/04/18 5:15 p.m.63 views

CVE-2020-35629

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of ...

10CVSS9.2AI score0.00408EPSS
CVE
CVE
added 2022/04/18 5:15 p.m.63 views

CVE-2020-35630

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of ...

10CVSS9.2AI score0.00408EPSS
CVE
CVE
added 2020/03/23 9:15 p.m.63 views

CVE-2020-8866

This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within add.php. The issue results from the lack of proper validation of user-s...

6.5CVSS6.5AI score0.03533EPSS
CVE
CVE
added 2021/08/25 7:15 p.m.63 views

CVE-2021-21834

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when decoding the atom for the “co64” FOURCC can cause an integer overflow due to unchecked arithmetic resulting in ...

8.8CVSS8.6AI score0.0021EPSS
CVE
CVE
added 2021/08/18 1:15 p.m.63 views

CVE-2021-21843

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that caus...

8.8CVSS8.8AI score0.00232EPSS
CVE
CVE
added 2021/08/25 7:15 p.m.63 views

CVE-2021-21849

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the “tfra” FOURCC code due to unchecked arit...

8.8CVSS8.6AI score0.00418EPSS
CVE
CVE
added 2021/09/01 3:15 p.m.63 views

CVE-2021-36046

XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

9.3CVSS7.7AI score0.00583EPSS
CVE
CVE
added 2021/09/01 3:15 p.m.63 views

CVE-2021-36052

XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

7.8CVSS7.8AI score0.04499EPSS
CVE
CVE
added 2021/11/11 10:15 p.m.63 views

CVE-2021-3908

OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end.

7.5CVSS6.4AI score0.00286EPSS
CVE
CVE
added 2022/08/24 4:15 p.m.63 views

CVE-2021-4214

A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service.

5.5CVSS6.9AI score0.00078EPSS
CVE
CVE
added 2023/05/03 12:16 p.m.63 views

CVE-2022-43681

An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT s...

6.5CVSS6.8AI score0.00159EPSS
CVE
CVE
added 2022/11/30 6:15 a.m.63 views

CVE-2022-46338

g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, contained a udev rule to make supported device nodes world-readable and writable, allowing any process on the system to read traffic from keyboards, including sensitive data.

6.5CVSS6.2AI score0.00249EPSS
CVE
CVE
added 2023/05/26 11:15 p.m.63 views

CVE-2023-32307

Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification.Referring to GHSA-8599-x7rq-fr54 , several other potential heap-over-flow and integer-overflow in stun_parse_attr_error_code and stun_parse_attr_uint32 were found because the lack of attributes length ...

7.5CVSS7.9AI score0.00388EPSS
CVE
CVE
added 2023/07/05 9:15 p.m.63 views

CVE-2023-35936

Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Starting in version 1.13 and prior to version 3.1.4, Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing a specially crafted ...

6.1CVSS5.9AI score0.00034EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.63 views

CVE-2023-40462

The ACEManagercomponent of ALEOS 4.16 and earlier does not perform inputsanitization during authentication, which could potentially resultin a Denial of Service (DoS) condition for ACEManager withoutimpairing other router functions. ACEManager recovers from theDoS condition by restarting within ten...

7.5CVSS7.4AI score0.00011EPSS
CVE
CVE
added 2000/06/02 4:0 a.m.62 views

CVE-1999-0832

Buffer overflow in NFS server on Linux allows attackers to execute commands via a long pathname.

10CVSS7.6AI score0.01236EPSS
CVE
CVE
added 2003/06/09 4:0 a.m.62 views

CVE-2003-0362

Buffer overflow in gPS before 0.10.2 may allow local users to cause a denial of service (SIGSEGV) in rgpsp via long command lines.

5CVSS6.5AI score0.00449EPSS
CVE
CVE
added 2004/12/23 5:0 a.m.62 views

CVE-2004-0564

Roaring Penguin pppoe (rp-ppoe), if installed or configured to run setuid root contrary to its design, allows local users to overwrite arbitrary files. NOTE: the developer has publicly disputed the claim that this is a vulnerability because pppoe "is NOT designed to run setuid-root." Therefore this...

2.1CVSS6.2AI score0.00072EPSS
CVE
CVE
added 2005/04/14 4:0 a.m.62 views

CVE-2004-1176

Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.

7.5CVSS7.1AI score0.02206EPSS
CVE
CVE
added 2005/09/28 9:3 p.m.62 views

CVE-2005-2557

Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090.

4.3CVSS5.4AI score0.08432EPSS
CVE
CVE
added 2007/01/19 2:28 a.m.62 views

CVE-2006-6942

Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the newname parameter to db_o...

6.8CVSS5.6AI score0.01921EPSS
Total number of security vulnerabilities9134