Lucene search

K
DebianDebian Linux

9127 matches found

CVE
CVE
added 2024/05/05 8:15 p.m.59 views

CVE-2024-34508

dcmnet in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.

4.3CVSS6.8AI score0.00058EPSS
CVE
CVE
added 2025/05/02 9:15 p.m.59 views

CVE-2025-4215

A vulnerability was found in gorhill uBlock Origin up to 1.63.3b16. It has been classified as problematic. Affected is the function currentStateChanged of the file src/js/1p-filters.js of the component UI. The manipulation leads to inefficient regular expression complexity. It is possible to launch...

3.7CVSS4AI score0.00231EPSS
CVE
CVE
added 2001/01/22 5:0 a.m.58 views

CVE-2000-0867

Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages.

7.2CVSS6.5AI score0.00071EPSS
CVE
CVE
added 2004/09/28 4:0 a.m.58 views

CVE-2004-0689

KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files.

7.1CVSS6.7AI score0.00029EPSS
CVE
CVE
added 2005/01/10 5:0 a.m.58 views

CVE-2004-1095

Multiple integer overflows in (1) readbmp.c, (2) readgif.c, (3) readgif.c, (4) readmrf.c, (5) readpcx.c, (6) readpng.c,(7) readpnm.c, (8) readprf.c, (9) readtiff.c, (10) readxbm.c, (11) readxpm.c in zgv 5.8 allow remote attackers to execute arbitrary code via certain image headers that cause calcul...

10CVSS7.5AI score0.20999EPSS
CVE
CVE
added 2005/10/27 10:2 a.m.58 views

CVE-2005-3323

docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows remote attackers to include arbitrary files via include directives in RestructuredText functionality.

7.5CVSS6.4AI score0.02297EPSS
CVE
CVE
added 2006/02/18 9:2 p.m.58 views

CVE-2006-0042

Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers to cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.

5CVSS6.2AI score0.07081EPSS
CVE
CVE
added 2007/05/14 9:19 p.m.58 views

CVE-2007-2650

The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file.

4.3CVSS6.1AI score0.03795EPSS
CVE
CVE
added 2019/11/26 12:15 a.m.58 views

CVE-2011-3596

Polipo before 1.0.4.1 suffers from a DoD vulnerability via specially-crafted HTTP POST / PUT request.

7.5CVSS7.3AI score0.13877EPSS
CVE
CVE
added 2013/03/07 3:55 p.m.58 views

CVE-2013-2484

The CIMD dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet.

3.3CVSS6.3AI score0.01423EPSS
CVE
CVE
added 2013/06/09 9:55 p.m.58 views

CVE-2013-4077

Array index error in the NBAP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to nbap.cnf and packet-nbap.c.

5CVSS6.2AI score0.01061EPSS
CVE
CVE
added 2019/12/11 1:15 p.m.58 views

CVE-2013-4158

smokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790)

6.1CVSS5.8AI score0.00631EPSS
CVE
CVE
added 2019/11/05 3:15 p.m.58 views

CVE-2013-6460

Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents

6.5CVSS6.4AI score0.02521EPSS
CVE
CVE
added 2015/01/21 6:59 p.m.58 views

CVE-2013-6892

WebSVN 2.3.3 allows remote authenticated users to read arbitrary files via a symlink attack in a commit.

3.5CVSS6AI score0.0017EPSS
CVE
CVE
added 2019/12/11 2:15 p.m.58 views

CVE-2013-7370

node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware

6.1CVSS5.7AI score0.01082EPSS
CVE
CVE
added 2014/11/06 3:55 p.m.58 views

CVE-2014-8483

The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string.

5CVSS6.2AI score0.02722EPSS
CVE
CVE
added 2014/12/10 3:59 p.m.58 views

CVE-2014-8601

PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service ("performance degradations") via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it.

5CVSS6.4AI score0.00887EPSS
CVE
CVE
added 2014/11/24 3:59 p.m.58 views

CVE-2014-9030

The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE.

7.1CVSS6.2AI score0.0232EPSS
CVE
CVE
added 2015/12/03 8:59 p.m.58 views

CVE-2015-0859

The Debian build procedure for the smokeping package in wheezy before 2.6.8-2+deb7u1 and jessie before 2.6.9-1+deb8u1 does not properly configure the way Apache httpd passes arguments to smokeping_cgi, which allows remote attackers to execute arbitrary code via crafted CGI arguments.

7.5CVSS7.7AI score0.01323EPSS
CVE
CVE
added 2018/01/08 7:29 p.m.58 views

CVE-2015-2320

The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback.

9.8CVSS8.5AI score0.04829EPSS
CVE
CVE
added 2015/05/08 2:59 p.m.58 views

CVE-2015-3012

Multiple cross-site scripting (XSS) vulnerabilities in WebODF before 0.5.5, as used in ownCloud, allow remote attackers to inject arbitrary web script or HTML via a (1) style or (2) font name or (3) javascript or (4) data URI.

4.3CVSS5.5AI score0.00455EPSS
CVE
CVE
added 2016/04/12 2:59 p.m.58 views

CVE-2015-8474

Open redirect vulnerability in the valid_back_url function in app/controllers/application_controller.rb in Redmine before 2.6.7, 3.0.x before 3.0.5, and 3.1.x before 3.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted back_url parameter,...

7.4CVSS7AI score0.01817EPSS
CVE
CVE
added 2016/04/13 4:59 p.m.58 views

CVE-2016-2055

xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command.

7.5CVSS8.2AI score0.67997EPSS
CVE
CVE
added 2016/04/13 4:59 p.m.58 views

CVE-2016-2057

lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions (666) for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue.

3.3CVSS6.1AI score0.00099EPSS
CVE
CVE
added 2016/05/09 8:59 p.m.58 views

CVE-2016-3105

The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name.

8.8CVSS8.6AI score0.01173EPSS
CVE
CVE
added 2017/11/16 5:29 p.m.58 views

CVE-2017-16853

The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity p...

8.1CVSS7.8AI score0.00694EPSS
CVE
CVE
added 2018/04/24 7:29 p.m.58 views

CVE-2017-2907

An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the applicat...

8.8CVSS7.7AI score0.01064EPSS
CVE
CVE
added 2017/11/15 8:29 a.m.58 views

CVE-2017-8814

The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by "a lot of junk."

7.5CVSS8.2AI score0.00794EPSS
CVE
CVE
added 2017/06/26 7:29 a.m.58 views

CVE-2017-9928

In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:979, which allows attackers to cause a denial of service via a crafted file.

5.5CVSS6AI score0.00421EPSS
CVE
CVE
added 2018/05/24 1:29 p.m.58 views

CVE-2018-1000040

In Artifex MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file.

5.5CVSS5.5AI score0.00262EPSS
CVE
CVE
added 2018/09/18 9:29 p.m.58 views

CVE-2018-16515

Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.

8.8CVSS8.8AI score0.00569EPSS
CVE
CVE
added 2018/01/27 9:29 p.m.58 views

CVE-2018-6358

The printDefineFont2 function (util/listfdb.c) in libming through 0.4.8 is vulnerable to a heap-based buffer overflow, which may allow attackers to cause a denial of service or unspecified other impact via a crafted FDB file.

8.8CVSS8.2AI score0.0058EPSS
CVE
CVE
added 2018/08/29 1:29 p.m.58 views

CVE-2018-8005

When there are multiple ranges in a range request, Apache Traffic Server (ATS) will read the entire object from cache. This can cause performance problems with large objects in cache. This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x users should upgra...

5.3CVSS6AI score0.05876EPSS
CVE
CVE
added 2019/07/30 1:15 p.m.58 views

CVE-2019-14442

In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an input file can result in an avio_seek infinite loop and hang, with 100% CPU consumption. Attackers could leverage this vulnerability to cause a denial of service via a crafted file.

7.1CVSS6.2AI score0.00222EPSS
Web
CVE
CVE
added 2021/09/01 3:15 p.m.58 views

CVE-2021-36064

XMP Toolkit version 2020.1 (and earlier) is affected by a Buffer Underflow vulnerability which could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

9.3CVSS7.6AI score0.00852EPSS
CVE
CVE
added 2021/11/03 4:15 p.m.58 views

CVE-2021-37148

Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.0.1.

7.5CVSS7.4AI score0.00797EPSS
CVE
CVE
added 2022/01/12 9:15 p.m.58 views

CVE-2021-37530

A denial of service vulnerabiity exists in fig2dev through 3.28a due to a segfault in the open_stream function in readpics.c.

5.5CVSS5.3AI score0.00389EPSS
CVE
CVE
added 2021/12/28 1:15 a.m.58 views

CVE-2021-45911

An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow in the main function. It allows an attacker to write 2 bytes outside the boundaries of the buffer.

7.8CVSS7.6AI score0.00161EPSS
CVE
CVE
added 2022/09/15 3:15 p.m.58 views

CVE-2022-38861

The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to memory corruption via function free_mp_image() of libmpcodecs/mp_image.c.

5.5CVSS5.7AI score0.0004EPSS
CVE
CVE
added 2022/10/13 3:15 a.m.58 views

CVE-2022-42902

In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server.

8.8CVSS8.7AI score0.00298EPSS
CVE
CVE
added 2023/03/01 3:15 p.m.58 views

CVE-2023-24756

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_unweighted_pred_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

5.5CVSS5.4AI score0.00022EPSS
CVE
CVE
added 2000/01/18 5:0 a.m.57 views

CVE-1999-0742

The Debian mailman package uses weak authentication, which allows attackers to gain privileges.

5CVSS7.2AI score0.00636EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.57 views

CVE-1999-0986

The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option.

5CVSS6.7AI score0.01424EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.57 views

CVE-2000-0314

traceroute in NetBSD 1.3.3 and Linux systems allows local users to flood other systems by providing traceroute with a large waittime (-w) option, which is not parsed properly and sets the time delay for sending packets to zero.

5CVSS6.7AI score0.00315EPSS
CVE
CVE
added 2005/04/21 4:0 a.m.57 views

CVE-2000-1221

The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates by comparing the reverse-resolved hostname of the local machine to the hostname of the print server as returned by gethostname, which allows remote attackers to bypass intended access controls by modi...

10CVSS6.7AI score0.1218EPSS
CVE
CVE
added 2002/06/25 4:0 a.m.57 views

CVE-2001-0977

slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field.

5CVSS6.5AI score0.02956EPSS
CVE
CVE
added 2005/02/09 5:0 a.m.57 views

CVE-2004-0980

Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 through 3.0.11b8, when running in daemon mode with certain service types in use, allows remote servers to execute arbitrary code.

10CVSS7AI score0.01578EPSS
CVE
CVE
added 2005/04/14 4:0 a.m.57 views

CVE-2004-1004

Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.

7.5CVSS6.5AI score0.00949EPSS
CVE
CVE
added 2004/12/31 5:0 a.m.57 views

CVE-2004-1139

Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 allows remote attackers to cause a denial of service (application crash).

5CVSS6.2AI score0.06148EPSS
CVE
CVE
added 2005/04/14 4:0 a.m.57 views

CVE-2004-1174

direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles."

5CVSS6.1AI score0.01138EPSS
Total number of security vulnerabilities9127