Lucene search

K
DebianDebian Linux

9127 matches found

CVE
CVE
added 2018/05/05 2:29 a.m.62 views

CVE-2018-10753

Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

9.8CVSS9.8AI score0.00956EPSS
CVE
CVE
added 2018/06/19 5:29 a.m.62 views

CVE-2018-12564

An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and valid yaml.

6.5CVSS6.4AI score0.00325EPSS
CVE
CVE
added 2019/02/06 11:29 p.m.62 views

CVE-2018-20762

GPAC version 0.7.1 and earlier has a buffer overflow vulnerability in the cat_multiple_files function in applications/mp4box/fileimport.c when MP4Box is used for a local directory containing crafted filenames.

7.8CVSS7.7AI score0.0032EPSS
CVE
CVE
added 2018/01/27 9:29 p.m.62 views

CVE-2018-6359

The decompileIF function (util/decompile.c) in libming through 0.4.8 is vulnerable to a use-after-free, which may allow attackers to cause a denial of service or unspecified other impact via a crafted SWF file.

8.8CVSS8.2AI score0.00983EPSS
CVE
CVE
added 2018/02/09 6:29 a.m.62 views

CVE-2018-6869

In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

6.5CVSS5.5AI score0.01067EPSS
Web
CVE
CVE
added 2018/02/23 9:29 p.m.62 views

CVE-2018-7436

An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a pointer dereference of the parse_SST function.

8.8CVSS8.5AI score0.00813EPSS
CVE
CVE
added 2019/12/12 2:15 p.m.62 views

CVE-2019-18345

A reflected XSS issue was discovered in DAViCal through 1.1.8. It echoes the action parameter without encoding. If a user visits an attacker-supplied link, the attacker can view all data the attacked user can view, as well as perform all actions in the name of the user. If the user is an administra...

9.3CVSS8.8AI score0.01088EPSS
CVE
CVE
added 2021/04/06 8:15 a.m.62 views

CVE-2019-25026

Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting.

5.3CVSS5.5AI score0.00435EPSS
CVE
CVE
added 2022/04/18 5:15 p.m.62 views

CVE-2020-28632

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of ...

10CVSS9.2AI score0.00299EPSS
CVE
CVE
added 2022/04/18 5:15 p.m.62 views

CVE-2020-35630

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of ...

10CVSS9.2AI score0.00383EPSS
CVE
CVE
added 2021/04/06 8:15 a.m.62 views

CVE-2020-36306

Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field.

6.1CVSS6AI score0.00339EPSS
CVE
CVE
added 2021/08/25 7:15 p.m.62 views

CVE-2021-21849

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the “tfra” FOURCC code due to unchecked arit...

8.8CVSS8.6AI score0.00251EPSS
CVE
CVE
added 2021/11/11 10:15 p.m.62 views

CVE-2021-3908

OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end.

7.5CVSS6.4AI score0.00286EPSS
CVE
CVE
added 2022/08/24 4:15 p.m.62 views

CVE-2021-4214

A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service.

5.5CVSS6.9AI score0.00066EPSS
CVE
CVE
added 2022/08/10 6:15 a.m.62 views

CVE-2022-31779

Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.

7.5CVSS7.3AI score0.00121EPSS
CVE
CVE
added 2023/05/03 12:16 p.m.62 views

CVE-2022-43681

An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT s...

6.5CVSS6.8AI score0.00159EPSS
CVE
CVE
added 2023/07/05 9:15 p.m.62 views

CVE-2023-35936

Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Starting in version 1.13 and prior to version 3.1.4, Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing a specially crafted ...

6.1CVSS5.9AI score0.00034EPSS
CVE
CVE
added 2005/04/14 4:0 a.m.61 views

CVE-2004-1005

Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.

7.5CVSS6.5AI score0.01111EPSS
CVE
CVE
added 2006/12/20 1:28 a.m.61 views

CVE-2006-6500

Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by setting the CSS cursor to certain images that cause an i...

6.8CVSS7.7AI score0.37533EPSS
CVE
CVE
added 2007/01/19 2:28 a.m.61 views

CVE-2006-6942

Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the newname parameter to db_o...

6.8CVSS5.6AI score0.01846EPSS
CVE
CVE
added 2007/02/26 8:28 p.m.61 views

CVE-2007-0778

The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 can generate hash collisions that cause page data to be appended to the wrong page cache, which allows remote attackers to obtain sensitive information or enable further attack vectors when ...

5.4CVSS5.7AI score0.01036EPSS
CVE
CVE
added 2019/11/12 10:15 p.m.61 views

CVE-2010-3440

babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and unpacking dictionary files, allowing a local attacker to overwrite arbitrary files.

5.5CVSS5.4AI score0.00072EPSS
CVE
CVE
added 2011/02/10 7:0 p.m.61 views

CVE-2011-0984

Google Chrome before 9.0.597.94 does not properly handle plug-ins, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5CVSS6.2AI score0.01759EPSS
CVE
CVE
added 2011/08/03 12:55 a.m.61 views

CVE-2011-2800

Google Chrome before 13.0.782.107 allows remote attackers to obtain potentially sensitive information about client-side redirect targets via a crafted web site.

4.3CVSS5.5AI score0.01071EPSS
CVE
CVE
added 2019/12/05 9:15 p.m.61 views

CVE-2012-1115

A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php.

6.1CVSS5.7AI score0.0084EPSS
CVE
CVE
added 2013/07/10 10:55 a.m.61 views

CVE-2013-2876

browser/extensions/api/tabs/tabs_api.cc in Google Chrome before 28.0.1500.71 does not properly enforce restrictions on the capture of screenshots by extensions, which allows remote attackers to obtain sensitive information about the content of a previous page via vectors involving an interstitial p...

5CVSS5.4AI score0.00354EPSS
CVE
CVE
added 2013/07/10 10:55 a.m.61 views

CVE-2013-2879

Google Chrome before 28.0.1500.71 does not properly determine the circumstances in which a renderer process can be considered a trusted process for sign-in and subsequent sync operations, which makes it easier for remote attackers to conduct phishing attacks via a crafted web site.

5.8CVSS6AI score0.00474EPSS
CVE
CVE
added 2013/07/31 1:20 p.m.61 views

CVE-2013-2883

Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to deleting the registration of a MutationObserver object.

7.5CVSS7AI score0.00887EPSS
CVE
CVE
added 2014/04/23 3:55 p.m.61 views

CVE-2014-2327

Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that (1) modify binary files, (2) modify configurations, or (3) add arbitrary users.

6.8CVSS8.8AI score0.00424EPSS
CVE
CVE
added 2014/10/02 2:55 p.m.61 views

CVE-2014-7154

Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors.

6.1CVSS5.9AI score0.00905EPSS
CVE
CVE
added 2016/04/13 4:59 p.m.61 views

CVE-2015-8807

Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via vector...

6.1CVSS5.8AI score0.00676EPSS
CVE
CVE
added 2018/10/24 9:29 p.m.61 views

CVE-2016-10729

An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root.

7.8CVSS7.7AI score0.00213EPSS
CVE
CVE
added 2018/04/13 4:29 p.m.61 views

CVE-2017-0372

Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.

9.8CVSS9.6AI score0.58957EPSS
Web
CVE
CVE
added 2017/12/27 5:8 p.m.61 views

CVE-2017-17866

pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted PDF do...

7.8CVSS6.8AI score0.00288EPSS
CVE
CVE
added 2017/02/24 4:59 a.m.61 views

CVE-2017-6302

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "5 of 9. Integer Overflow."

7.8CVSS7.3AI score0.0036EPSS
CVE
CVE
added 2017/11/15 8:29 a.m.61 views

CVE-2017-8810

MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks ...

7.5CVSS8.2AI score0.00997EPSS
CVE
CVE
added 2018/05/07 2:29 a.m.61 views

CVE-2018-10771

Stack-based buffer overflow in the get_key function in parse.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

9.8CVSS9.8AI score0.00956EPSS
CVE
CVE
added 2018/05/26 9:29 p.m.61 views

CVE-2018-11503

The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.

5.5CVSS5.2AI score0.00515EPSS
CVE
CVE
added 2018/05/26 9:29 p.m.61 views

CVE-2018-11504

The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.

5.5CVSS5.2AI score0.00241EPSS
CVE
CVE
added 2018/06/29 2:29 p.m.61 views

CVE-2018-13005

An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read in isomedia/box_code_base.c has a heap-based buffer over-read.

9.8CVSS9.3AI score0.00593EPSS
CVE
CVE
added 2019/02/06 11:29 p.m.61 views

CVE-2018-20763

In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because of missing szLineConv bounds checking.

7.8CVSS7.6AI score0.00253EPSS
CVE
CVE
added 2019/09/16 1:15 p.m.61 views

CVE-2018-21015

AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. There is "cfg_new->AVCLevelIndication = cfg->AVCLevelIndication;" but cfg could be NULL.

6.5CVSS6.2AI score0.00867EPSS
CVE
CVE
added 2018/03/08 6:29 p.m.61 views

CVE-2018-7870

An invalid memory address dereference was discovered in getString in util/decompile.c in libming 0.4.8 for CONSTANT16 data. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

6.5CVSS7AI score0.00664EPSS
CVE
CVE
added 2018/08/29 1:29 p.m.61 views

CVE-2018-8040

Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access. This affects Apache Traffic Server (ATS) versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions...

5.3CVSS5.8AI score0.10962EPSS
CVE
CVE
added 2018/03/27 4:29 p.m.61 views

CVE-2018-8763

Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS via the dn parameter to the templates/3rdParty/pla/htdocs/cmd.php URI or the template parameter to the templates/3rdParty/pla/htdocs/cmd.php?cmd=rename_form URI.

6.1CVSS6AI score0.00447EPSS
Web
CVE
CVE
added 2019/04/10 9:29 p.m.61 views

CVE-2019-11071

SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visitors to execute arbitrary code on the host server because var_memotri is mishandled.

8.8CVSS7.7AI score0.02551EPSS
CVE
CVE
added 2019/08/15 5:15 p.m.61 views

CVE-2019-13221

A stack buffer overflow in the compute_codewords function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file.

7.8CVSS8AI score0.00295EPSS
CVE
CVE
added 2019/09/11 7:15 p.m.61 views

CVE-2019-16236

Dino before 2019-09-10 does not check roster push authorization in module/roster/module.vala.

7.5CVSS7.3AI score0.00779EPSS
CVE
CVE
added 2021/06/01 7:15 p.m.61 views

CVE-2020-22035

A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in get_block_row at libavfilter/vf_bm3d.c, which might lead to memory corruption and other potential consequences.

8.8CVSS9.2AI score0.0057EPSS
CVE
CVE
added 2022/04/18 5:15 p.m.61 views

CVE-2020-28607

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of ...

10CVSS9.2AI score0.00299EPSS
Total number of security vulnerabilities9127