Lucene search

K
DebianDebian Linux

9134 matches found

CVE
CVE
added 2010/11/06 12:0 a.m.60 views

CVE-2010-4199

Google Chrome before 7.0.517.44 does not properly perform a cast of an unspecified variable during processing of an SVG use element, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SVG document.

8.8CVSS9.2AI score0.0081EPSS
CVE
CVE
added 2013/03/07 3:55 p.m.60 views

CVE-2013-2487

epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet, related to the (1) diss...

7.8CVSS5.4AI score0.03557EPSS
CVE
CVE
added 2013/07/10 10:55 a.m.60 views

CVE-2013-2868

common/extensions/sync_helper.cc in Google Chrome before 28.0.1500.71 proceeds with sync operations for NPAPI extensions without checking for a certain plugin permission setting, which might allow remote attackers to trigger unwanted extension changes via unspecified vectors.

5CVSS6.1AI score0.00384EPSS
CVE
CVE
added 2013/08/21 12:17 p.m.60 views

CVE-2013-2903

Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocument function in core/html/HTMLMediaElement.cpp in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving moving a...

7.5CVSS7AI score0.00887EPSS
CVE
CVE
added 2013/05/25 3:18 a.m.60 views

CVE-2013-3558

The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

5CVSS6.3AI score0.03264EPSS
CVE
CVE
added 2019/11/15 3:15 p.m.60 views

CVE-2013-7087

ClamAV before 0.97.7 has WWPack corrupt heap memory

9.8CVSS9.4AI score0.0038EPSS
CVE
CVE
added 2019/11/21 2:15 p.m.60 views

CVE-2014-0083

The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords.

5.5CVSS5.4AI score0.00066EPSS
CVE
CVE
added 2014/10/20 5:55 p.m.60 views

CVE-2014-5026

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a (1) Graph Tree Title in a delete or (2) edit action; (3) CDEF Name, (4) Data Input Method Name, or (5) Host Templates Name in a delet...

3.5CVSS7.2AI score0.00347EPSS
CVE
CVE
added 2019/11/19 4:15 p.m.60 views

CVE-2014-5439

Multiple Stack-based Buffer Overflow vulnerabilities exists in Sniffit prior to 0.3.7 via a crafted configuration file that will bypass Non-eXecutable bit NX, stack smashing protector SSP, and address space layout randomization ASLR protection mechanisms, which could let a malicious user execute ar...

9.3CVSS7.7AI score0.00422EPSS
CVE
CVE
added 2017/06/06 6:29 p.m.60 views

CVE-2015-1207

Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2251.0 allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted .m4a file.

6.5CVSS7.3AI score0.00464EPSS
CVE
CVE
added 2018/01/08 7:29 p.m.60 views

CVE-2015-2318

The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue.

8.1CVSS8.1AI score0.0129EPSS
CVE
CVE
added 2015/05/08 2:59 p.m.60 views

CVE-2015-3011

Multiple cross-site scripting (XSS) vulnerabilities in the contacts application in ownCloud Server Community Edition before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted contact.

3.5CVSS5.2AI score0.00209EPSS
CVE
CVE
added 2016/06/13 7:59 p.m.60 views

CVE-2016-4478

Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC response encoding.

7.5CVSS7.3AI score0.00589EPSS
CVE
CVE
added 2016/09/26 3:59 p.m.60 views

CVE-2016-7142

The m_sasl module in InspIRCd before 2.0.23, when used with a service that supports SASL_EXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message.

5.9CVSS5.4AI score0.00138EPSS
CVE
CVE
added 2017/09/03 8:29 p.m.60 views

CVE-2017-14121

The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a crafted RAR archive. NOTE: this may be the same as one of the several test cases in the CVE-2017-11189 references.

5.5CVSS5.8AI score0.00389EPSS
CVE
CVE
added 2017/10/18 2:29 a.m.60 views

CVE-2017-15576

Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information.

7.5CVSS7.8AI score0.00537EPSS
CVE
CVE
added 2017/10/28 9:29 p.m.60 views

CVE-2017-15953

bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow and crash when processing a malformed CUE (.cue) file.

5.5CVSS5.4AI score0.00266EPSS
CVE
CVE
added 2017/11/16 5:29 p.m.60 views

CVE-2017-16852

shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity per...

8.1CVSS7.8AI score0.00315EPSS
CVE
CVE
added 2017/11/17 9:29 a.m.60 views

CVE-2017-16872

An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. Parsing the numeric header fields in a SIP message (like cseq, ttl, port, etc.) all had the potential to overflow, either causing unintended values to be captured or, if the values were subsequently converted b...

9.8CVSS9.3AI score0.00865EPSS
CVE
CVE
added 2017/12/20 5:29 p.m.60 views

CVE-2017-17476

Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email.

8.8CVSS8.4AI score0.00891EPSS
CVE
CVE
added 2018/02/02 3:29 p.m.60 views

CVE-2017-18121

The consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable to a Cross-Site Scripting attack, allowing an attacker to craft links that could execute arbitrary JavaScript code on the victim's web browser.

6.1CVSS6.3AI score0.00355EPSS
CVE
CVE
added 2018/05/24 1:29 p.m.60 views

CVE-2018-1000037

In Artifex MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file.

5.5CVSS5.3AI score0.00304EPSS
CVE
CVE
added 2018/07/17 3:29 p.m.60 views

CVE-2018-14347

GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c).

6.5CVSS7.1AI score0.00566EPSS
CVE
CVE
added 2018/12/24 5:29 a.m.60 views

CVE-2018-20430

GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c.

6.5CVSS6.3AI score0.00604EPSS
CVE
CVE
added 2018/12/24 5:29 a.m.60 views

CVE-2018-20431

GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata() in plugins/ole2_extractor.c.

6.5CVSS6.4AI score0.00606EPSS
CVE
CVE
added 2018/04/10 7:29 p.m.60 views

CVE-2018-9988

ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input.

7.5CVSS7.4AI score0.00648EPSS
CVE
CVE
added 2019/08/15 5:15 p.m.60 views

CVE-2019-13222

An out-of-bounds read of a global buffer in the draw_line function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file.

7.1CVSS6.7AI score0.00141EPSS
CVE
CVE
added 2019/09/25 8:15 p.m.60 views

CVE-2019-15941

OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. To be vulnerable, there must exist an OIDC Relaying party within the LemonLDAP configuration with weaker access control rules than the ta...

9.8CVSS9AI score0.00548EPSS
CVE
CVE
added 2022/04/18 5:15 p.m.60 views

CVE-2020-28608

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of ...

10CVSS9.2AI score0.00408EPSS
CVE
CVE
added 2022/04/18 5:15 p.m.60 views

CVE-2020-28630

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of ...

10CVSS9.2AI score0.00408EPSS
CVE
CVE
added 2022/04/18 5:15 p.m.60 views

CVE-2020-28634

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of ...

10CVSS9.2AI score0.0058EPSS
CVE
CVE
added 2021/08/23 2:15 a.m.60 views

CVE-2020-36476

An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory.

7.5CVSS7.3AI score0.0024EPSS
CVE
CVE
added 2021/08/18 1:15 p.m.60 views

CVE-2021-21853

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow ...

8.8CVSS8.8AI score0.00519EPSS
CVE
CVE
added 2021/09/01 3:15 p.m.60 views

CVE-2021-36064

XMP Toolkit version 2020.1 (and earlier) is affected by a Buffer Underflow vulnerability which could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

9.3CVSS7.6AI score0.00852EPSS
CVE
CVE
added 2022/08/10 6:15 a.m.60 views

CVE-2021-37150

Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.

7.5CVSS7.3AI score0.00205EPSS
CVE
CVE
added 2022/08/26 4:15 p.m.60 views

CVE-2021-3735

A deadlock issue was found in the AHCI controller device of QEMU. It occurs on a software reset (ahci_reset_port) while handling a host-to-device Register FIS (Frame Information Structure) packet from the guest. A privileged user inside the guest could use this flaw to hang the QEMU process on the ...

4.4CVSS4.2AI score0.00124EPSS
CVE
CVE
added 2021/11/03 5:15 p.m.60 views

CVE-2021-40985

A stack-based buffer under-read in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp.

5.5CVSS5.6AI score0.00095EPSS
CVE
CVE
added 2022/12/23 11:3 p.m.60 views

CVE-2022-41649

A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. A specially-crafted TIFF file can cause a read of adjacent heap memory, which can leak sensitive process information. An attacker can provide a malicious file to trigger t...

9.1CVSS8.9AI score0.00148EPSS
CVE
CVE
added 2022/12/23 11:3 p.m.60 views

CVE-2022-43596

An information disclosure vulnerability exists in the IFFOutput channel interleaving functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerability.

5.9CVSS6.8AI score0.002EPSS
CVE
CVE
added 2025/05/02 9:15 p.m.60 views

CVE-2025-4215

A vulnerability was found in gorhill uBlock Origin up to 1.63.3b16. It has been classified as problematic. Affected is the function currentStateChanged of the file src/js/1p-filters.js of the component UI. The manipulation leads to inefficient regular expression complexity. It is possible to launch...

3.7CVSS4AI score0.00231EPSS
CVE
CVE
added 2005/04/21 4:0 a.m.59 views

CVE-2000-1221

The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates by comparing the reverse-resolved hostname of the local machine to the hostname of the print server as returned by gethostname, which allows remote attackers to bypass intended access controls by modi...

10CVSS6.7AI score0.1218EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.59 views

CVE-2001-0125

exmh 2.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the exmhErrorMsg temporary file.

1.2CVSS6.3AI score0.00076EPSS
CVE
CVE
added 2001/09/18 4:0 a.m.59 views

CVE-2001-0136

Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed.

5CVSS6.8AI score0.02287EPSS
CVE
CVE
added 2004/09/28 4:0 a.m.59 views

CVE-2004-0689

KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files.

7.1CVSS6.7AI score0.00029EPSS
CVE
CVE
added 2005/01/10 5:0 a.m.59 views

CVE-2004-1095

Multiple integer overflows in (1) readbmp.c, (2) readgif.c, (3) readgif.c, (4) readmrf.c, (5) readpcx.c, (6) readpng.c,(7) readpnm.c, (8) readprf.c, (9) readtiff.c, (10) readxbm.c, (11) readxpm.c in zgv 5.8 allow remote attackers to execute arbitrary code via certain image headers that cause calcul...

10CVSS7.5AI score0.20999EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.59 views

CVE-2005-0077

The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.

2.1CVSS6AI score0.00074EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.59 views

CVE-2005-0078

The KDE screen saver in KDE before 3.0.5 does not properly check the return value from a certain function call, which allows attackers with physical access to cause a crash and access the desktop session.

4.6CVSS6AI score0.00077EPSS
CVE
CVE
added 2005/07/06 4:0 a.m.59 views

CVE-2005-1916

linki.py in ekg 2005-06-05 and earlier allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.

5.5CVSS5.5AI score0.00042EPSS
CVE
CVE
added 2006/02/18 9:2 p.m.59 views

CVE-2006-0042

Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers to cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.

5CVSS6.2AI score0.07081EPSS
CVE
CVE
added 2007/11/30 1:46 a.m.59 views

CVE-2007-6170

SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments.

6.5CVSS7.6AI score0.00309EPSS
Total number of security vulnerabilities9134