Lucene search

K
DebianDebian Linux

9127 matches found

CVE
CVE
added 2022/04/18 5:15 p.m.63 views

CVE-2020-28619

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of ...

10CVSS9.2AI score0.0032EPSS
CVE
CVE
added 2022/04/18 5:15 p.m.63 views

CVE-2020-35629

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of ...

10CVSS9.2AI score0.00383EPSS
CVE
CVE
added 2020/03/23 9:15 p.m.63 views

CVE-2020-8866

This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within add.php. The issue results from the lack of proper validation of user-s...

6.5CVSS6.5AI score0.03421EPSS
CVE
CVE
added 2021/08/18 1:15 p.m.63 views

CVE-2021-21843

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that caus...

8.8CVSS8.8AI score0.00409EPSS
CVE
CVE
added 2021/08/18 1:15 p.m.63 views

CVE-2021-21857

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow ...

8.8CVSS8.8AI score0.00311EPSS
CVE
CVE
added 2021/06/11 4:15 p.m.63 views

CVE-2021-22895

Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow.

5.9CVSS5.8AI score0.00449EPSS
CVE
CVE
added 2021/09/01 3:15 p.m.63 views

CVE-2021-36046

XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

9.3CVSS7.7AI score0.00583EPSS
CVE
CVE
added 2021/09/01 3:15 p.m.63 views

CVE-2021-36050

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

9.3CVSS7.7AI score0.01262EPSS
CVE
CVE
added 2021/09/01 3:15 p.m.63 views

CVE-2021-36052

XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

7.8CVSS7.8AI score0.04499EPSS
CVE
CVE
added 2022/11/30 6:15 a.m.63 views

CVE-2022-46338

g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, contained a udev rule to make supported device nodes world-readable and writable, allowing any process on the system to read traffic from keyboards, including sensitive data.

6.5CVSS6.2AI score0.00163EPSS
CVE
CVE
added 2023/05/26 11:15 p.m.63 views

CVE-2023-32307

Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification.Referring to GHSA-8599-x7rq-fr54 , several other potential heap-over-flow and integer-overflow in stun_parse_attr_error_code and stun_parse_attr_uint32 were found because the lack of attributes length ...

7.5CVSS7.9AI score0.00279EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.63 views

CVE-2023-40462

The ACEManagercomponent of ALEOS 4.16 and earlier does not perform inputsanitization during authentication, which could potentially resultin a Denial of Service (DoS) condition for ACEManager withoutimpairing other router functions. ACEManager recovers from theDoS condition by restarting within ten...

7.5CVSS7.4AI score0.00011EPSS
CVE
CVE
added 2000/06/02 4:0 a.m.62 views

CVE-1999-0832

Buffer overflow in NFS server on Linux allows attackers to execute commands via a long pathname.

10CVSS7.6AI score0.01236EPSS
CVE
CVE
added 2003/06/09 4:0 a.m.62 views

CVE-2003-0362

Buffer overflow in gPS before 0.10.2 may allow local users to cause a denial of service (SIGSEGV) in rgpsp via long command lines.

5CVSS6.5AI score0.00449EPSS
CVE
CVE
added 2004/12/23 5:0 a.m.62 views

CVE-2004-0564

Roaring Penguin pppoe (rp-ppoe), if installed or configured to run setuid root contrary to its design, allows local users to overwrite arbitrary files. NOTE: the developer has publicly disputed the claim that this is a vulnerability because pppoe "is NOT designed to run setuid-root." Therefore this...

2.1CVSS6.2AI score0.00072EPSS
CVE
CVE
added 2005/03/01 5:0 a.m.62 views

CVE-2004-0986

Iptables before 1.2.11, under certain conditions, does not properly load the required modules at system startup, which causes the firewall rules to fail to load and protect the system from remote attackers.

7.5CVSS6.3AI score0.01269EPSS
CVE
CVE
added 2005/04/14 4:0 a.m.62 views

CVE-2004-1176

Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.

7.5CVSS7.1AI score0.02206EPSS
CVE
CVE
added 2005/09/28 9:3 p.m.62 views

CVE-2005-2557

Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090.

4.3CVSS5.4AI score0.08432EPSS
CVE
CVE
added 2005/12/12 9:3 p.m.62 views

CVE-2005-4178

Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations.

6.5CVSS7.3AI score0.01719EPSS
CVE
CVE
added 2010/12/07 9:0 p.m.62 views

CVE-2010-4493

Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service via vectors related to the handling of mouse dragging events.

4.3CVSS8.3AI score0.01582EPSS
CVE
CVE
added 2019/11/13 8:15 p.m.62 views

CVE-2010-4653

An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts.

6.5CVSS6.9AI score0.00782EPSS
CVE
CVE
added 2019/11/14 2:15 a.m.62 views

CVE-2011-1145

The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string.

7.8CVSS7.8AI score0.00218EPSS
CVE
CVE
added 2019/11/26 10:15 p.m.62 views

CVE-2011-1934

lilo-uuid-diskid causes lilo.conf to be world-readable in lilo 23.1.

4.3CVSS4.5AI score0.00297EPSS
CVE
CVE
added 2011/08/03 12:55 a.m.62 views

CVE-2011-2818

Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to display box rendering.

6.8CVSS6.9AI score0.02962EPSS
CVE
CVE
added 2011/11/11 11:55 a.m.62 views

CVE-2011-3892

Double free vulnerability in the Theora decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream.

7.5CVSS9.3AI score0.02107EPSS
CVE
CVE
added 2011/11/11 11:55 a.m.62 views

CVE-2011-3895

Heap-based buffer overflow in the Vorbis decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream.

7.5CVSS9.6AI score0.03439EPSS
CVE
CVE
added 2012/11/24 8:55 p.m.62 views

CVE-2012-2239

Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attackers to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack, as demonstrated by reading config.php.

9.1CVSS9.2AI score0.00352EPSS
CVE
CVE
added 2019/10/31 8:15 p.m.62 views

CVE-2013-2012

autojump before 21.5.8 allows local users to gain privileges via a Trojan horse custom_install directory in the current working directory.

7.3CVSS7.1AI score0.00095EPSS
CVE
CVE
added 2013/07/10 10:55 a.m.62 views

CVE-2013-2873

Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a 404 HTTP status code during the loading of resources.

7.5CVSS7.2AI score0.00887EPSS
CVE
CVE
added 2013/05/25 3:18 a.m.62 views

CVE-2013-3557

The dissect_ber_choice function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7 does not properly initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

5CVSS6.3AI score0.0418EPSS
CVE
CVE
added 2013/10/28 10:55 p.m.62 views

CVE-2013-4391

Integer overflow in the valid_user_field function in journal/journald-native.c in systemd allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large journal data field, which triggers a heap-based buffer overflow.

7.5CVSS8AI score0.037EPSS
CVE
CVE
added 2017/03/31 4:59 p.m.62 views

CVE-2014-5008

Snoopy allows remote attackers to execute arbitrary commands.

9.8CVSS9.5AI score0.05547EPSS
CVE
CVE
added 2014/10/20 5:55 p.m.62 views

CVE-2014-5025

Cross-site scripting (XSS) vulnerability in data_sources.php in Cacti 0.8.8b allows remote authenticated users with console access to inject arbitrary web script or HTML via the name_cache parameter in a ds_edit action.

3.5CVSS6.8AI score0.00453EPSS
CVE
CVE
added 2014/10/02 2:55 p.m.62 views

CVE-2014-7155

The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involving an (1) HLT, (2) LGDT, (3) L...

5.8CVSS3.7AI score0.00782EPSS
CVE
CVE
added 2014/12/05 4:59 p.m.62 views

CVE-2014-8990

default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename.

7.5CVSS7.5AI score0.04309EPSS
CVE
CVE
added 2016/05/13 4:59 p.m.62 views

CVE-2014-9762

imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a GIF image without a colormap.

7.5CVSS7.1AI score0.02843EPSS
CVE
CVE
added 2015/02/03 4:59 p.m.62 views

CVE-2015-1381

Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors.

5CVSS6.8AI score0.02206EPSS
CVE
CVE
added 2015/04/29 8:59 p.m.62 views

CVE-2015-3026

Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request without login credentials, as demonstrated by a request to "admin/killsource?mount=/test.ogg."

5CVSS6.4AI score0.1532EPSS
Web
CVE
CVE
added 2019/11/19 5:15 p.m.62 views

CVE-2016-1000236

Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used.

4.4CVSS4.6AI score0.00539EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.62 views

CVE-2016-1693

browser/safe_browsing/srt_field_trial_win.cc in Google Chrome before 51.0.2704.63 does not use the HTTPS service on dl.google.com to obtain the Software Removal Tool, which allows remote attackers to spoof the chrome_cleanup_tool.exe (aka CCT) file via a man-in-the-middle attack on an HTTP session.

5.3CVSS5.8AI score0.00895EPSS
CVE
CVE
added 2016/04/08 2:59 p.m.62 views

CVE-2016-3153

SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function.

9.8CVSS9.7AI score0.01236EPSS
CVE
CVE
added 2016/04/25 10:59 a.m.62 views

CVE-2016-4079

epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted packet.

5.9CVSS5.4AI score0.00228EPSS
CVE
CVE
added 2016/09/21 2:25 p.m.62 views

CVE-2016-6801

Cross-site request forgery (CSRF) vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the authenticat...

8.8CVSS8.8AI score0.0036EPSS
CVE
CVE
added 2016/09/09 10:59 a.m.62 views

CVE-2016-7179

Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted packet.

5.9CVSS5.7AI score0.0033EPSS
CVE
CVE
added 2017/02/22 4:59 p.m.62 views

CVE-2016-9956

The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script.

7.5CVSS7.2AI score0.01886EPSS
CVE
CVE
added 2017/11/16 3:29 p.m.62 views

CVE-2017-15864

In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x through 3.3.18, with a crafted URL it is possible to gain information like database user and password.

8.8CVSS8.4AI score0.00423EPSS
CVE
CVE
added 2017/12/08 5:29 p.m.62 views

CVE-2017-16854

In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets.

6.5CVSS7AI score0.00302EPSS
CVE
CVE
added 2017/12/27 5:8 p.m.62 views

CVE-2017-17844

An issue was discovered in Enigmail before 1.9.9. A remote attacker can obtain cleartext content by sending an encrypted data block (that the attacker cannot directly decrypt) to a victim, and relying on the victim to automatically decrypt that block and then send it back to the attacker as quoted ...

6.5CVSS6.6AI score0.00238EPSS
CVE
CVE
added 2017/11/20 10:29 p.m.62 views

CVE-2017-2896

An exploitable out-of-bounds write vulnerability exists in the xls_mergedCells function of libxls 1.4. . A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.

8.8CVSS8AI score0.00559EPSS
Web
CVE
CVE
added 2017/03/15 2:59 p.m.62 views

CVE-2017-5938

Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name.

6.1CVSS5.9AI score0.00631EPSS
Total number of security vulnerabilities9127