Lucene search

K
DebianDebian Linux

9134 matches found

CVE
CVE
added 2012/01/08 11:55 a.m.59 views

CVE-2011-4360

MediaWiki before 1.17.1 allows remote attackers to obtain the page titles of all restricted pages via a series of requests involving the (1) curid or (2) oldid parameter.

5CVSS6.4AI score0.0074EPSS
CVE
CVE
added 2019/12/05 9:15 p.m.59 views

CVE-2012-1114

A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php.

6.1CVSS5.7AI score0.0084EPSS
CVE
CVE
added 2019/11/20 3:15 p.m.59 views

CVE-2012-6136

tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes.

5.5CVSS5.4AI score0.00026EPSS
CVE
CVE
added 2013/03/07 3:55 p.m.59 views

CVE-2013-2481

Integer signedness error in the dissect_mount_dirpath_call function in epan/dissectors/packet-mount.c in the Mount dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6, when nfs_file_name_snooping is enabled, allows remote attackers to cause a denial of service (application crash) via ...

2.9CVSS6.3AI score0.01198EPSS
CVE
CVE
added 2013/03/07 3:55 p.m.59 views

CVE-2013-2484

The CIMD dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet.

3.3CVSS6.3AI score0.01423EPSS
CVE
CVE
added 2013/06/09 9:55 p.m.59 views

CVE-2013-4077

Array index error in the NBAP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to nbap.cnf and packet-nbap.c.

5CVSS6.2AI score0.01061EPSS
CVE
CVE
added 2014/03/18 5:3 p.m.59 views

CVE-2014-1608

SQL injection vulnerability in the mci_file_get function in api/soap/mc_file_api.php in MantisBT before 1.2.16 allows remote attackers to execute arbitrary SQL commands via a crafted envelope tag in a mc_issue_attachment_get SOAP request.

7.5CVSS6.8AI score0.00605EPSS
Web
CVE
CVE
added 2014/11/06 3:55 p.m.59 views

CVE-2014-8483

The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string.

5CVSS6.2AI score0.02722EPSS
CVE
CVE
added 2014/12/10 3:59 p.m.59 views

CVE-2014-8601

PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service ("performance degradations") via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it.

5CVSS6.4AI score0.00887EPSS
CVE
CVE
added 2015/02/28 2:59 a.m.59 views

CVE-2015-0885

checkpw 1.02 and earlier allows remote attackers to cause a denial of service (infinite loop) via a -- (dash dash) in a username.

5CVSS6.3AI score0.00887EPSS
CVE
CVE
added 2018/01/08 7:29 p.m.59 views

CVE-2015-2320

The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback.

9.8CVSS8.5AI score0.04829EPSS
CVE
CVE
added 2016/04/12 2:59 p.m.59 views

CVE-2015-8474

Open redirect vulnerability in the valid_back_url function in app/controllers/application_controller.rb in Redmine before 2.6.7, 3.0.x before 3.0.5, and 3.1.x before 3.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted back_url parameter,...

7.4CVSS7AI score0.01817EPSS
CVE
CVE
added 2016/05/09 8:59 p.m.59 views

CVE-2016-3105

The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name.

8.8CVSS8.6AI score0.01173EPSS
CVE
CVE
added 2017/07/29 5:29 a.m.59 views

CVE-2017-11733

A null pointer dereference vulnerability was found in the function stackswap (called from decompileSTACKSWAP) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.

5.5CVSS6.1AI score0.00318EPSS
CVE
CVE
added 2018/04/24 7:29 p.m.59 views

CVE-2017-2907

An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the applicat...

8.8CVSS7.7AI score0.01064EPSS
CVE
CVE
added 2017/11/15 8:29 a.m.59 views

CVE-2017-8814

The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by "a lot of junk."

7.5CVSS8.2AI score0.00794EPSS
CVE
CVE
added 2018/09/12 1:29 a.m.59 views

CVE-2018-16948

An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server for the AFSCB ...

7.5CVSS8.1AI score0.00376EPSS
CVE
CVE
added 2018/01/17 7:29 p.m.59 views

CVE-2018-5747

In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ucompthread function (stream.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file.

5.5CVSS5.8AI score0.00236EPSS
CVE
CVE
added 2018/03/08 6:29 p.m.59 views

CVE-2018-7875

There is a heap-based buffer over-read in the getString function of util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input will lead to a denial of service attack.

6.5CVSS7.1AI score0.00571EPSS
CVE
CVE
added 2018/03/14 12:29 a.m.59 views

CVE-2018-8098

Integer overflow in the index.c:read_entry() function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service (out-of-bounds read) via a crafted repository index file.

6.5CVSS5.7AI score0.00741EPSS
CVE
CVE
added 2018/04/10 7:29 p.m.59 views

CVE-2018-9989

ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input.

7.5CVSS7.4AI score0.00648EPSS
CVE
CVE
added 2022/04/18 5:15 p.m.59 views

CVE-2020-28626

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of ...

10CVSS9.2AI score0.00341EPSS
CVE
CVE
added 2021/08/25 7:15 p.m.59 views

CVE-2021-21841

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when reading an atom using the 'sbgp' FOURCC code can cause an integer overflow due to unchecked arithmetic resultin...

8.8CVSS8.6AI score0.00251EPSS
CVE
CVE
added 2021/08/25 7:15 p.m.59 views

CVE-2021-21850

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the “trun” FOURCC code due to unchecked arit...

8.8CVSS8.6AI score0.00418EPSS
CVE
CVE
added 2022/09/15 3:15 p.m.59 views

CVE-2022-38858

Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mov_build_index() of libmpdemux/demux_mov.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.

5.5CVSS5.5AI score0.00036EPSS
CVE
CVE
added 2024/05/05 8:15 p.m.59 views

CVE-2024-34508

dcmnet in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.

4.3CVSS6.8AI score0.00058EPSS
CVE
CVE
added 2001/01/22 5:0 a.m.58 views

CVE-2000-0867

Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages.

7.2CVSS6.5AI score0.00071EPSS
CVE
CVE
added 2004/12/31 5:0 a.m.58 views

CVE-2004-1139

Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 allows remote attackers to cause a denial of service (application crash).

5CVSS6.2AI score0.06148EPSS
CVE
CVE
added 2005/10/27 10:2 a.m.58 views

CVE-2005-3323

docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows remote attackers to include arbitrary files via include directives in RestructuredText functionality.

7.5CVSS6.4AI score0.02297EPSS
CVE
CVE
added 2007/05/14 9:19 p.m.58 views

CVE-2007-2650

The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file.

4.3CVSS6.1AI score0.03795EPSS
CVE
CVE
added 2008/08/08 7:41 p.m.58 views

CVE-2008-3534

The shmem_delete_inode function in mm/shmem.c in the tmpfs implementation in the Linux kernel before 2.6.26.1 allows local users to cause a denial of service (system crash) via a certain sequence of file create, remove, and overwrite operations, as demonstrated by the insserv program, related to al...

4.9CVSS4.9AI score0.00046EPSS
CVE
CVE
added 2019/10/29 7:15 p.m.58 views

CVE-2009-3723

asterisk allows calls on prohibited networks

7.5CVSS7.5AI score0.00653EPSS
CVE
CVE
added 2019/11/12 10:15 p.m.58 views

CVE-2010-3844

An unchecked sscanf() call in ettercap before 0.7.5 allows an insecure temporary settings file to overflow a static-sized buffer on the stack.

8.8CVSS8.7AI score0.00527EPSS
CVE
CVE
added 2019/11/26 12:15 a.m.58 views

CVE-2011-3596

Polipo before 1.0.4.1 suffers from a DoD vulnerability via specially-crafted HTTP POST / PUT request.

7.5CVSS7.3AI score0.13877EPSS
CVE
CVE
added 2012/07/25 10:42 a.m.58 views

CVE-2012-3954

Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests.

3.3CVSS6.3AI score0.06481EPSS
CVE
CVE
added 2013/06/09 9:55 p.m.58 views

CVE-2013-4076

Buffer overflow in the dissect_iphc_crtp_fh function in epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet.

5CVSS6.5AI score0.01047EPSS
CVE
CVE
added 2019/12/11 1:15 p.m.58 views

CVE-2013-4158

smokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790)

6.1CVSS5.8AI score0.00631EPSS
CVE
CVE
added 2013/12/07 8:55 p.m.58 views

CVE-2013-6410

nbd-server in Network Block Device (nbd) before 3.5 does not properly check IP addresses, which might allow remote attackers to bypass intended access restrictions via an IP address that has a partial match in the authfile configuration file.

7.5CVSS6.2AI score0.0032EPSS
CVE
CVE
added 2019/11/05 3:15 p.m.58 views

CVE-2013-6460

Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents

6.5CVSS6.4AI score0.02521EPSS
CVE
CVE
added 2015/01/21 6:59 p.m.58 views

CVE-2013-6892

WebSVN 2.3.3 allows remote authenticated users to read arbitrary files via a symlink attack in a commit.

3.5CVSS6AI score0.0017EPSS
CVE
CVE
added 2019/12/11 2:15 p.m.58 views

CVE-2013-7370

node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware

6.1CVSS5.7AI score0.01082EPSS
CVE
CVE
added 2014/11/24 3:59 p.m.58 views

CVE-2014-9030

The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE.

7.1CVSS6.2AI score0.0232EPSS
CVE
CVE
added 2016/05/06 5:59 p.m.58 views

CVE-2015-0858

Cool Projects TarDiff allows local users to write to arbitrary files via a symlink attack on a pathname in a /tmp/tardiff-$$ temporary directory.

3.3CVSS5.9AI score0.0004EPSS
CVE
CVE
added 2015/12/03 8:59 p.m.58 views

CVE-2015-0859

The Debian build procedure for the smokeping package in wheezy before 2.6.8-2+deb7u1 and jessie before 2.6.9-1+deb8u1 does not properly configure the way Apache httpd passes arguments to smokeping_cgi, which allows remote attackers to execute arbitrary code via crafted CGI arguments.

7.5CVSS7.7AI score0.01323EPSS
CVE
CVE
added 2015/05/08 2:59 p.m.58 views

CVE-2015-3012

Multiple cross-site scripting (XSS) vulnerabilities in WebODF before 0.5.5, as used in ownCloud, allow remote attackers to inject arbitrary web script or HTML via a (1) style or (2) font name or (3) javascript or (4) data URI.

4.3CVSS5.5AI score0.00455EPSS
CVE
CVE
added 2016/04/13 4:59 p.m.58 views

CVE-2016-2055

xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command.

7.5CVSS8.2AI score0.67997EPSS
CVE
CVE
added 2016/04/13 4:59 p.m.58 views

CVE-2016-2057

lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions (666) for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue.

3.3CVSS6.1AI score0.00099EPSS
CVE
CVE
added 2017/09/01 9:29 p.m.58 views

CVE-2017-12872

The (1) Htpasswd authentication source in the authcrypt module and (2) SimpleSAML_Session class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input.

5.9CVSS5.9AI score0.00404EPSS
CVE
CVE
added 2017/11/16 5:29 p.m.58 views

CVE-2017-16853

The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity p...

8.1CVSS7.8AI score0.00694EPSS
CVE
CVE
added 2017/06/26 7:29 a.m.58 views

CVE-2017-9928

In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:979, which allows attackers to cause a denial of service via a crafted file.

5.5CVSS6AI score0.00421EPSS
Total number of security vulnerabilities9134