Lucene search

K
DebianDebian Linux

9127 matches found

CVE
CVE
added 2018/09/28 12:29 a.m.60 views

CVE-2018-16586

In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a logged in user opens it, the email could cause the browser to load external image or CSS resources.

4.3CVSS5.2AI score0.00583EPSS
CVE
CVE
added 2018/09/12 1:29 a.m.60 views

CVE-2018-16947

An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller (butc) process accepts incoming RPCs but does not require (or allow for) authentication of those RPCs. Handling those RPCs results in operations being performed with administrator credentials, includ...

9.8CVSS9.5AI score0.01565EPSS
CVE
CVE
added 2018/12/17 7:29 p.m.60 views

CVE-2018-20185

In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits.

5.3CVSS5.2AI score0.00896EPSS
CVE
CVE
added 2018/12/24 5:29 a.m.60 views

CVE-2018-20431

GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata() in plugins/ole2_extractor.c.

6.5CVSS6.4AI score0.00606EPSS
CVE
CVE
added 2018/03/07 11:29 p.m.60 views

CVE-2018-7752

GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps function in media_tools/av_parsers.c, a different vulnerability than CVE-2018-1000100.

7.8CVSS7.5AI score0.00213EPSS
CVE
CVE
added 2018/04/10 7:29 p.m.60 views

CVE-2018-9988

ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input.

7.5CVSS7.4AI score0.00564EPSS
CVE
CVE
added 2019/08/15 5:15 p.m.60 views

CVE-2019-13222

An out-of-bounds read of a global buffer in the draw_line function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file.

7.1CVSS6.7AI score0.00141EPSS
CVE
CVE
added 2019/09/25 8:15 p.m.60 views

CVE-2019-15941

OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. To be vulnerable, there must exist an OIDC Relaying party within the LemonLDAP configuration with weaker access control rules than the ta...

9.8CVSS9AI score0.00548EPSS
CVE
CVE
added 2022/04/18 5:15 p.m.60 views

CVE-2020-28608

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of ...

10CVSS9.2AI score0.00383EPSS
CVE
CVE
added 2022/04/18 5:15 p.m.60 views

CVE-2020-28630

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of ...

10CVSS9.2AI score0.00383EPSS
CVE
CVE
added 2022/04/18 5:15 p.m.60 views

CVE-2020-28634

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of ...

10CVSS9.2AI score0.00544EPSS
CVE
CVE
added 2021/08/23 2:15 a.m.60 views

CVE-2020-36476

An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory.

7.5CVSS7.3AI score0.0024EPSS
CVE
CVE
added 2021/08/18 1:15 p.m.60 views

CVE-2021-21853

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow ...

8.8CVSS8.8AI score0.00311EPSS
CVE
CVE
added 2021/08/18 1:15 p.m.60 views

CVE-2021-21858

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow ...

8.8CVSS8.8AI score0.00311EPSS
CVE
CVE
added 2022/08/26 4:15 p.m.60 views

CVE-2021-3735

A deadlock issue was found in the AHCI controller device of QEMU. It occurs on a software reset (ahci_reset_port) while handling a host-to-device Register FIS (Frame Information Structure) packet from the guest. A privileged user inside the guest could use this flaw to hang the QEMU process on the ...

4.4CVSS4.2AI score0.0013EPSS
CVE
CVE
added 2021/11/03 5:15 p.m.60 views

CVE-2021-40985

A stack-based buffer under-read in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp.

5.5CVSS5.6AI score0.00095EPSS
CVE
CVE
added 2022/12/23 11:3 p.m.60 views

CVE-2022-41649

A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. A specially-crafted TIFF file can cause a read of adjacent heap memory, which can leak sensitive process information. An attacker can provide a malicious file to trigger t...

9.1CVSS8.9AI score0.0013EPSS
CVE
CVE
added 2023/03/01 3:15 p.m.60 views

CVE-2023-24751

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the mc_chroma function at motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

6.5CVSS6AI score0.00256EPSS
CVE
CVE
added 2023/10/09 5:15 a.m.60 views

CVE-2023-45363

An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and con...

7.5CVSS7.1AI score0.09034EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.59 views

CVE-1999-0374

Debian GNU/Linux cfengine package is susceptible to a symlink attack.

2.1CVSS6.9AI score0.00117EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.59 views

CVE-2001-0125

exmh 2.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the exmhErrorMsg temporary file.

1.2CVSS6.3AI score0.00076EPSS
CVE
CVE
added 2001/09/18 4:0 a.m.59 views

CVE-2001-0136

Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed.

5CVSS6.8AI score0.02287EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.59 views

CVE-2005-0078

The KDE screen saver in KDE before 3.0.5 does not properly check the return value from a certain function call, which allows attackers with physical access to cause a crash and access the desktop session.

4.6CVSS6AI score0.00077EPSS
CVE
CVE
added 2005/07/06 4:0 a.m.59 views

CVE-2005-1916

linki.py in ekg 2005-06-05 and earlier allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.

5.5CVSS5.5AI score0.00042EPSS
CVE
CVE
added 2007/11/30 1:46 a.m.59 views

CVE-2007-6170

SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments.

6.5CVSS7.6AI score0.00369EPSS
Web
CVE
CVE
added 2008/01/12 2:46 a.m.59 views

CVE-2007-6284

The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.

5CVSS5.9AI score0.05559EPSS
CVE
CVE
added 2012/01/08 11:55 a.m.59 views

CVE-2011-4360

MediaWiki before 1.17.1 allows remote attackers to obtain the page titles of all restricted pages via a series of requests involving the (1) curid or (2) oldid parameter.

5CVSS6.4AI score0.0074EPSS
CVE
CVE
added 2019/12/05 9:15 p.m.59 views

CVE-2012-1114

A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php.

6.1CVSS5.7AI score0.0084EPSS
CVE
CVE
added 2019/11/20 3:15 p.m.59 views

CVE-2012-6136

tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes.

5.5CVSS5.4AI score0.00026EPSS
CVE
CVE
added 2013/03/07 3:55 p.m.59 views

CVE-2013-2481

Integer signedness error in the dissect_mount_dirpath_call function in epan/dissectors/packet-mount.c in the Mount dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6, when nfs_file_name_snooping is enabled, allows remote attackers to cause a denial of service (application crash) via ...

2.9CVSS6.3AI score0.01198EPSS
CVE
CVE
added 2013/03/07 3:55 p.m.59 views

CVE-2013-2487

epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet, related to the (1) diss...

7.8CVSS5.4AI score0.03557EPSS
CVE
CVE
added 2019/11/15 3:15 p.m.59 views

CVE-2013-7087

ClamAV before 0.97.7 has WWPack corrupt heap memory

9.8CVSS9.4AI score0.0038EPSS
CVE
CVE
added 2014/03/18 5:3 p.m.59 views

CVE-2014-1608

SQL injection vulnerability in the mci_file_get function in api/soap/mc_file_api.php in MantisBT before 1.2.16 allows remote attackers to execute arbitrary SQL commands via a crafted envelope tag in a mc_issue_attachment_get SOAP request.

7.5CVSS6.8AI score0.00605EPSS
Web
CVE
CVE
added 2017/06/06 6:29 p.m.59 views

CVE-2015-1207

Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2251.0 allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted .m4a file.

6.5CVSS7.3AI score0.00464EPSS
CVE
CVE
added 2016/06/13 7:59 p.m.59 views

CVE-2016-4478

Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC response encoding.

7.5CVSS7.3AI score0.00589EPSS
CVE
CVE
added 2017/07/29 5:29 a.m.59 views

CVE-2017-11733

A null pointer dereference vulnerability was found in the function stackswap (called from decompileSTACKSWAP) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.

5.5CVSS6.1AI score0.00318EPSS
CVE
CVE
added 2017/10/18 2:29 a.m.59 views

CVE-2017-15576

Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information.

7.5CVSS7.8AI score0.00537EPSS
CVE
CVE
added 2018/02/02 3:29 p.m.59 views

CVE-2017-18121

The consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable to a Cross-Site Scripting attack, allowing an attacker to craft links that could execute arbitrary JavaScript code on the victim's web browser.

6.1CVSS6.3AI score0.00355EPSS
CVE
CVE
added 2018/09/12 1:29 a.m.59 views

CVE-2018-16948

An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server for the AFSCB ...

7.5CVSS8.1AI score0.00376EPSS
CVE
CVE
added 2018/12/24 5:29 a.m.59 views

CVE-2018-20430

GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c.

6.5CVSS6.3AI score0.00604EPSS
CVE
CVE
added 2018/01/17 7:29 p.m.59 views

CVE-2018-5747

In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ucompthread function (stream.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file.

5.5CVSS5.8AI score0.00236EPSS
CVE
CVE
added 2018/03/08 6:29 p.m.59 views

CVE-2018-7875

There is a heap-based buffer over-read in the getString function of util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input will lead to a denial of service attack.

6.5CVSS7.1AI score0.00571EPSS
CVE
CVE
added 2018/04/10 7:29 p.m.59 views

CVE-2018-9989

ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input.

7.5CVSS7.4AI score0.00564EPSS
CVE
CVE
added 2022/04/18 5:15 p.m.59 views

CVE-2020-28626

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of ...

10CVSS9.2AI score0.0032EPSS
CVE
CVE
added 2020/03/23 9:15 p.m.59 views

CVE-2020-8865

This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the params[template] parameter, the process doe...

6.5CVSS6.3AI score0.03897EPSS
CVE
CVE
added 2021/08/25 7:15 p.m.59 views

CVE-2021-21841

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when reading an atom using the 'sbgp' FOURCC code can cause an integer overflow due to unchecked arithmetic resultin...

8.8CVSS8.6AI score0.00251EPSS
CVE
CVE
added 2021/08/25 7:15 p.m.59 views

CVE-2021-21850

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the “trun” FOURCC code due to unchecked arit...

8.8CVSS8.6AI score0.00251EPSS
CVE
CVE
added 2022/08/10 6:15 a.m.59 views

CVE-2021-37150

Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.

7.5CVSS7.3AI score0.00273EPSS
CVE
CVE
added 2022/09/15 3:15 p.m.59 views

CVE-2022-38858

Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mov_build_index() of libmpdemux/demux_mov.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.

5.5CVSS5.5AI score0.00044EPSS
CVE
CVE
added 2022/12/23 11:3 p.m.59 views

CVE-2022-43596

An information disclosure vulnerability exists in the IFFOutput channel interleaving functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerability.

5.9CVSS6.8AI score0.00175EPSS
Total number of security vulnerabilities9127