Lucene search

K
DebianDebian Linux

9134 matches found

CVE
CVE
added 2010/12/07 9:0 p.m.62 views

CVE-2010-4493

Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service via vectors related to the handling of mouse dragging events.

4.3CVSS8.3AI score0.01582EPSS
CVE
CVE
added 2019/11/14 2:15 a.m.62 views

CVE-2011-1145

The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string.

7.8CVSS7.8AI score0.00218EPSS
CVE
CVE
added 2019/11/26 10:15 p.m.62 views

CVE-2011-1934

lilo-uuid-diskid causes lilo.conf to be world-readable in lilo 23.1.

4.3CVSS4.5AI score0.00297EPSS
CVE
CVE
added 2011/08/03 12:55 a.m.62 views

CVE-2011-2800

Google Chrome before 13.0.782.107 allows remote attackers to obtain potentially sensitive information about client-side redirect targets via a crafted web site.

4.3CVSS5.5AI score0.01071EPSS
CVE
CVE
added 2011/11/11 11:55 a.m.62 views

CVE-2011-3892

Double free vulnerability in the Theora decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream.

7.5CVSS9.3AI score0.02107EPSS
CVE
CVE
added 2012/11/24 8:55 p.m.62 views

CVE-2012-2239

Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attackers to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack, as demonstrated by reading config.php.

9.1CVSS9.2AI score0.00352EPSS
CVE
CVE
added 2019/10/31 8:15 p.m.62 views

CVE-2013-2012

autojump before 21.5.8 allows local users to gain privileges via a Trojan horse custom_install directory in the current working directory.

7.3CVSS7.1AI score0.00095EPSS
CVE
CVE
added 2013/07/10 10:55 a.m.62 views

CVE-2013-2873

Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a 404 HTTP status code during the loading of resources.

7.5CVSS7.2AI score0.00887EPSS
CVE
CVE
added 2013/10/28 10:55 p.m.62 views

CVE-2013-4391

Integer overflow in the valid_user_field function in journal/journald-native.c in systemd allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large journal data field, which triggers a heap-based buffer overflow.

7.5CVSS8AI score0.037EPSS
CVE
CVE
added 2014/10/20 5:55 p.m.62 views

CVE-2014-5025

Cross-site scripting (XSS) vulnerability in data_sources.php in Cacti 0.8.8b allows remote authenticated users with console access to inject arbitrary web script or HTML via the name_cache parameter in a ds_edit action.

3.5CVSS6.8AI score0.00453EPSS
CVE
CVE
added 2014/12/05 4:59 p.m.62 views

CVE-2014-8990

default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename.

7.5CVSS7.5AI score0.04309EPSS
CVE
CVE
added 2016/05/13 4:59 p.m.62 views

CVE-2014-9762

imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a GIF image without a colormap.

7.5CVSS7.1AI score0.02843EPSS
CVE
CVE
added 2019/11/19 5:15 p.m.62 views

CVE-2016-1000236

Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used.

4.4CVSS4.6AI score0.00539EPSS
CVE
CVE
added 2018/10/24 9:29 p.m.62 views

CVE-2016-10729

An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root.

7.8CVSS7.7AI score0.00213EPSS
CVE
CVE
added 2016/04/08 2:59 p.m.62 views

CVE-2016-3153

SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function.

9.8CVSS9.7AI score0.01236EPSS
CVE
CVE
added 2017/11/16 3:29 p.m.62 views

CVE-2017-15864

In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x through 3.3.18, with a crafted URL it is possible to gain information like database user and password.

8.8CVSS8.4AI score0.00423EPSS
CVE
CVE
added 2017/12/08 5:29 p.m.62 views

CVE-2017-16854

In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets.

6.5CVSS7AI score0.00302EPSS
CVE
CVE
added 2017/12/27 5:8 p.m.62 views

CVE-2017-17844

An issue was discovered in Enigmail before 1.9.9. A remote attacker can obtain cleartext content by sending an encrypted data block (that the attacker cannot directly decrypt) to a victim, and relying on the victim to automatically decrypt that block and then send it back to the attacker as quoted ...

6.5CVSS6.6AI score0.00238EPSS
CVE
CVE
added 2017/11/20 10:29 p.m.62 views

CVE-2017-2896

An exploitable out-of-bounds write vulnerability exists in the xls_mergedCells function of libxls 1.4. . A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.

8.8CVSS8AI score0.00559EPSS
CVE
CVE
added 2017/03/15 2:59 p.m.62 views

CVE-2017-5938

Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name.

6.1CVSS5.9AI score0.00631EPSS
CVE
CVE
added 2018/05/05 2:29 a.m.62 views

CVE-2018-10753

Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

9.8CVSS9.8AI score0.00956EPSS
CVE
CVE
added 2018/06/19 5:29 a.m.62 views

CVE-2018-12564

An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and valid yaml.

6.5CVSS6.4AI score0.00325EPSS
CVE
CVE
added 2018/06/29 2:29 p.m.62 views

CVE-2018-13005

An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read in isomedia/box_code_base.c has a heap-based buffer over-read.

9.8CVSS9.3AI score0.00593EPSS
CVE
CVE
added 2019/02/06 11:29 p.m.62 views

CVE-2018-20763

In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because of missing szLineConv bounds checking.

7.8CVSS7.6AI score0.00253EPSS
CVE
CVE
added 2019/09/16 1:15 p.m.62 views

CVE-2018-21015

AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. There is "cfg_new->AVCLevelIndication = cfg->AVCLevelIndication;" but cfg could be NULL.

6.5CVSS6.2AI score0.00867EPSS
CVE
CVE
added 2018/01/27 9:29 p.m.62 views

CVE-2018-6359

The decompileIF function (util/decompile.c) in libming through 0.4.8 is vulnerable to a use-after-free, which may allow attackers to cause a denial of service or unspecified other impact via a crafted SWF file.

8.8CVSS8.2AI score0.00983EPSS
CVE
CVE
added 2018/02/09 6:29 a.m.62 views

CVE-2018-6869

In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

6.5CVSS5.5AI score0.01067EPSS
CVE
CVE
added 2018/02/23 9:29 p.m.62 views

CVE-2018-7436

An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a pointer dereference of the parse_SST function.

8.8CVSS8.5AI score0.00771EPSS
CVE
CVE
added 2018/03/27 4:29 p.m.62 views

CVE-2018-8763

Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS via the dn parameter to the templates/3rdParty/pla/htdocs/cmd.php URI or the template parameter to the templates/3rdParty/pla/htdocs/cmd.php?cmd=rename_form URI.

6.1CVSS6AI score0.00447EPSS
Web
CVE
CVE
added 2019/09/11 7:15 p.m.62 views

CVE-2019-16236

Dino before 2019-09-10 does not check roster push authorization in module/roster/module.vala.

7.5CVSS7.3AI score0.00778EPSS
CVE
CVE
added 2019/12/12 2:15 p.m.62 views

CVE-2019-18345

A reflected XSS issue was discovered in DAViCal through 1.1.8. It echoes the action parameter without encoding. If a user visits an attacker-supplied link, the attacker can view all data the attacked user can view, as well as perform all actions in the name of the user. If the user is an administra...

9.3CVSS8.8AI score0.01088EPSS
CVE
CVE
added 2022/04/18 5:15 p.m.62 views

CVE-2020-28615

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of ...

10CVSS9.2AI score0.00341EPSS
CVE
CVE
added 2022/04/18 5:15 p.m.62 views

CVE-2020-28623

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of ...

10CVSS9.2AI score0.00341EPSS
CVE
CVE
added 2022/04/18 5:15 p.m.62 views

CVE-2020-28632

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of ...

10CVSS9.2AI score0.00318EPSS
CVE
CVE
added 2021/04/06 8:15 a.m.62 views

CVE-2020-36306

Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field.

6.1CVSS6AI score0.00339EPSS
CVE
CVE
added 2021/09/01 3:15 p.m.62 views

CVE-2021-36045

XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victi...

4.3CVSS3.5AI score0.00614EPSS
CVE
CVE
added 2021/09/01 3:15 p.m.62 views

CVE-2021-36055

XMP Toolkit SDK versions 2020.1 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

9.3CVSS7.6AI score0.00995EPSS
CVE
CVE
added 2021/11/09 5:15 p.m.62 views

CVE-2021-43174

NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. This encoding can be used by an RRDP repository to cause an out-of-memory crash in these versions of Routinator. RRDP uses XML which allows arbitrary amounts of white...

7.5CVSS7.6AI score0.00719EPSS
CVE
CVE
added 2022/08/10 6:15 a.m.62 views

CVE-2022-31779

Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.

7.5CVSS7.3AI score0.00121EPSS
CVE
CVE
added 2005/04/14 4:0 a.m.61 views

CVE-2004-1005

Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.

7.5CVSS6.5AI score0.01111EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.61 views

CVE-2005-0211

Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter.

7.5CVSS7.6AI score0.41519EPSS
CVE
CVE
added 2006/12/20 1:28 a.m.61 views

CVE-2006-6500

Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by setting the CSS cursor to certain images that cause an i...

6.8CVSS7.7AI score0.37533EPSS
CVE
CVE
added 2008/08/08 7:41 p.m.61 views

CVE-2008-3535

Off-by-one error in the iov_iter_advance function in mm/filemap.c in the Linux kernel before 2.6.27-rc2 allows local users to cause a denial of service (system crash) via a certain sequence of file I/O operations with readv and writev, as demonstrated by testcases/kernel/fs/ftest/ftest03 from the L...

4.9CVSS4.9AI score0.00047EPSS
CVE
CVE
added 2019/11/12 10:15 p.m.61 views

CVE-2010-3440

babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and unpacking dictionary files, allowing a local attacker to overwrite arbitrary files.

5.5CVSS5.4AI score0.00072EPSS
CVE
CVE
added 2011/02/10 7:0 p.m.61 views

CVE-2011-0984

Google Chrome before 9.0.597.94 does not properly handle plug-ins, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5CVSS6.2AI score0.01759EPSS
CVE
CVE
added 2019/12/05 9:15 p.m.61 views

CVE-2012-1115

A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php.

6.1CVSS5.7AI score0.0084EPSS
CVE
CVE
added 2012/09/18 6:55 p.m.61 views

CVE-2012-1183

Stack-based buffer overflow in the milliwatt_generate function in the Miliwatt application in Asterisk 1.4.x before 1.4.44, 1.6.x before 1.6.2.23, 1.8.x before 1.8.10.1, and 10.x before 10.2.1, when the o option is used and the internal_timing option is off, allows remote attackers to cause a denia...

4.3CVSS6.8AI score0.00219EPSS
CVE
CVE
added 2013/07/10 10:55 a.m.61 views

CVE-2013-2876

browser/extensions/api/tabs/tabs_api.cc in Google Chrome before 28.0.1500.71 does not properly enforce restrictions on the capture of screenshots by extensions, which allows remote attackers to obtain sensitive information about the content of a previous page via vectors involving an interstitial p...

5CVSS5.4AI score0.00354EPSS
CVE
CVE
added 2013/07/10 10:55 a.m.61 views

CVE-2013-2879

Google Chrome before 28.0.1500.71 does not properly determine the circumstances in which a renderer process can be considered a trusted process for sign-in and subsequent sync operations, which makes it easier for remote attackers to conduct phishing attacks via a crafted web site.

5.8CVSS6AI score0.00474EPSS
CVE
CVE
added 2013/07/31 1:20 p.m.61 views

CVE-2013-2883

Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to deleting the registration of a MutationObserver object.

7.5CVSS7AI score0.00887EPSS
Total number of security vulnerabilities9134