Lucene search

K
DebianDebian Linux

9127 matches found

CVE
CVE
added 2005/05/02 4:0 a.m.57 views

CVE-2005-0077

The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.

2.1CVSS6AI score0.00074EPSS
CVE
CVE
added 2008/08/08 7:41 p.m.57 views

CVE-2008-3534

The shmem_delete_inode function in mm/shmem.c in the tmpfs implementation in the Linux kernel before 2.6.26.1 allows local users to cause a denial of service (system crash) via a certain sequence of file create, remove, and overwrite operations, as demonstrated by the insserv program, related to al...

4.9CVSS4.9AI score0.00046EPSS
CVE
CVE
added 2008/09/11 1:13 a.m.57 views

CVE-2008-3913

Multiple memory leaks in freshclam/manager.c in ClamAV before 0.94 might allow attackers to cause a denial of service (memory consumption) via unspecified vectors related to "error handling logic".

5CVSS6AI score0.03698EPSS
CVE
CVE
added 2009/07/01 1:0 p.m.57 views

CVE-2009-2287

The kvm_arch_vcpu_ioctl_set_sregs function in the KVM in Linux kernel 2.6 before 2.6.30, when running on x86 systems, does not validate the page table root in a KVM_SET_SREGS call, which allows local users to cause a denial of service (crash or hang) via a crafted cr3 value, which triggers a NULL p...

4.9CVSS6.8AI score0.00064EPSS
CVE
CVE
added 2019/10/29 7:15 p.m.57 views

CVE-2009-3723

asterisk allows calls on prohibited networks

7.5CVSS7.5AI score0.00653EPSS
CVE
CVE
added 2010/01/08 5:30 p.m.57 views

CVE-2010-0012

Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file.

8.8CVSS8.3AI score0.00297EPSS
Web
CVE
CVE
added 2019/11/12 10:15 p.m.57 views

CVE-2010-3844

An unchecked sscanf() call in ettercap before 0.7.5 allows an insecure temporary settings file to overflow a static-sized buffer on the stack.

8.8CVSS8.7AI score0.00527EPSS
CVE
CVE
added 2019/11/13 9:15 p.m.57 views

CVE-2010-4661

udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules.

7.8CVSS7.3AI score0.00152EPSS
CVE
CVE
added 2012/08/07 7:55 p.m.57 views

CVE-2012-2317

The Debian php_crypt_revamped.patch patch for PHP 5.3.x, as used in the php5 package before 5.3.3-7+squeeze4 in Debian GNU/Linux squeeze, the php5 package before 5.3.2-1ubuntu4.17 in Ubuntu 10.04 LTS, and the php5 package before 5.3.5-1ubuntu7.10 in Ubuntu 11.04, does not properly handle an empty s...

4.3CVSS7.2AI score0.0039EPSS
CVE
CVE
added 2012/09/05 11:55 p.m.57 views

CVE-2012-3509

Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the "addition of CHUNK_HEADER_SIZE to the le...

5CVSS8.8AI score0.01748EPSS
CVE
CVE
added 2012/07/25 10:42 a.m.57 views

CVE-2012-3954

Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests.

3.3CVSS6.3AI score0.06481EPSS
CVE
CVE
added 2019/11/25 2:15 p.m.57 views

CVE-2012-5521

quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal

6.5CVSS6.4AI score0.00331EPSS
CVE
CVE
added 2013/06/09 9:55 p.m.57 views

CVE-2013-4076

Buffer overflow in the dissect_iphc_crtp_fh function in epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet.

5CVSS6.5AI score0.01047EPSS
CVE
CVE
added 2019/12/10 3:15 p.m.57 views

CVE-2013-4133

kde-workspace before 4.10.5 has a memory leak in plasma desktop

7.8CVSS7.3AI score0.01993EPSS
CVE
CVE
added 2019/12/11 2:15 p.m.57 views

CVE-2013-4245

Orca has arbitrary code execution due to insecure Python module load

7.3CVSS7.5AI score0.00153EPSS
CVE
CVE
added 2013/12/07 8:55 p.m.57 views

CVE-2013-6410

nbd-server in Network Block Device (nbd) before 3.5 does not properly check IP addresses, which might allow remote attackers to bypass intended access restrictions via an IP address that has a partial match in the authfile configuration file.

7.5CVSS6.2AI score0.0032EPSS
CVE
CVE
added 2014/04/09 10:56 a.m.57 views

CVE-2014-1716

Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype function in runtime.cc in Google V8, as used in Google Chrome before 34.0.1847.116, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)."

7.5CVSS4.7AI score0.01068EPSS
CVE
CVE
added 2014/11/28 3:59 p.m.57 views

CVE-2014-9089

Multiple SQL injection vulnerabilities in view_all_bug_page.php in MantisBT before 1.2.18 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to view_all_set.php.

7.5CVSS6.7AI score0.00544EPSS
CVE
CVE
added 2015/03/09 2:59 p.m.57 views

CVE-2014-9472

The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted email.

7.1CVSS8AI score0.00875EPSS
CVE
CVE
added 2016/05/06 5:59 p.m.57 views

CVE-2015-0858

Cool Projects TarDiff allows local users to write to arbitrary files via a symlink attack on a pathname in a /tmp/tardiff-$$ temporary directory.

3.3CVSS5.9AI score0.0004EPSS
CVE
CVE
added 2015/02/28 2:59 a.m.57 views

CVE-2015-0885

checkpw 1.02 and earlier allows remote attackers to cause a denial of service (infinite loop) via a -- (dash dash) in a username.

5CVSS6.3AI score0.00887EPSS
CVE
CVE
added 2015/06/22 7:59 p.m.57 views

CVE-2015-3232

Open redirect vulnerability in the Field UI module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destinations parameter.

5.8CVSS6.4AI score0.00387EPSS
CVE
CVE
added 2015/05/14 2:59 p.m.57 views

CVE-2015-3427

Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \ (backslash) in a message. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4422.

7.5CVSS7.4AI score0.00671EPSS
CVE
CVE
added 2015/08/24 2:59 p.m.57 views

CVE-2015-6496

conntrackd in conntrack-tools 1.4.2 and earlier does not ensure that the optional kernel modules are loaded before using them, which allows remote attackers to cause a denial of service (crash) via a (1) DCCP, (2) SCTP, or (3) ICMPv6 packet.

5CVSS6.3AI score0.02789EPSS
CVE
CVE
added 2016/06/07 2:6 p.m.57 views

CVE-2015-7695

The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query.

9.8CVSS9.6AI score0.01232EPSS
CVE
CVE
added 2018/04/13 4:29 p.m.57 views

CVE-2017-0362

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token.

8.8CVSS8.6AI score0.00178EPSS
CVE
CVE
added 2017/09/01 9:29 p.m.57 views

CVE-2017-12872

The (1) Htpasswd authentication source in the authcrypt module and (2) SimpleSAML_Session class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input.

5.9CVSS5.9AI score0.00404EPSS
CVE
CVE
added 2017/08/29 10:29 p.m.57 views

CVE-2017-13755

In The Sleuth Kit (TSK) 4.4.2, opening a crafted ISO 9660 image triggers an out-of-bounds read in iso9660_proc_dir() in tsk/fs/iso9660_dent.c in libtskfs.a, as demonstrated by fls.

5.5CVSS5.4AI score0.00285EPSS
CVE
CVE
added 2017/12/27 5:8 p.m.57 views

CVE-2017-17845

An issue was discovered in Enigmail before 1.9.9. Improper Random Secret Generation occurs because Math.Random() is used by pretty Easy privacy (pEp), aka TBE-01-001.

7.5CVSS7.2AI score0.00508EPSS
CVE
CVE
added 2017/09/13 6:29 p.m.57 views

CVE-2017-2816

An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability.

8.8CVSS8.6AI score0.00747EPSS
CVE
CVE
added 2017/02/24 4:59 a.m.57 views

CVE-2017-6310

An issue was discovered in tnef before 1.4.13. Four type confusions have been identified in the file_add_mapi_attrs() function. These might lead to invalid read and write operations, controlled by an attacker.

7.8CVSS7.5AI score0.00353EPSS
CVE
CVE
added 2018/05/20 8:29 p.m.57 views

CVE-2018-11319

Syntastic (aka vim-syntastic) through 3.9.0 does not properly handle searches for configuration files (it searches the current directory up to potentially the root). This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker has write access to...

8.5CVSS7.6AI score0.01633EPSS
CVE
CVE
added 2018/04/24 7:29 p.m.57 views

CVE-2018-3836

An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that passes...

7.8CVSS7.8AI score0.00091EPSS
CVE
CVE
added 2018/01/25 10:29 p.m.57 views

CVE-2018-6315

The outputSWF_TEXT_RECORD function (util/outputscript.c) in libming through 0.4.8 is vulnerable to an integer overflow and resultant out-of-bounds read, which may allow attackers to cause a denial of service or unspecified other impact via a crafted SWF file.

8.8CVSS8.3AI score0.00725EPSS
CVE
CVE
added 2018/02/02 1:29 a.m.57 views

CVE-2018-6521

The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions.

9.8CVSS9.1AI score0.00585EPSS
CVE
CVE
added 2018/03/14 12:29 a.m.57 views

CVE-2018-8098

Integer overflow in the index.c:read_entry() function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service (out-of-bounds read) via a crafted repository index file.

6.5CVSS5.7AI score0.00741EPSS
CVE
CVE
added 2018/03/14 12:29 a.m.57 views

CVE-2018-8099

Incorrect returning of an error code in the index.c:read_entry() function leads to a double free in libgit2 before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository index file.

6.5CVSS5.8AI score0.00945EPSS
CVE
CVE
added 2018/04/03 10:29 p.m.57 views

CVE-2018-9240

ncmpc through 0.29 is prone to a NULL pointer dereference flaw. If a user uses the chat screen and another client sends a long chat message, a crash and denial of service could occur.

7.5CVSS7.2AI score0.00436EPSS
CVE
CVE
added 2019/07/30 7:15 p.m.57 views

CVE-2019-14380

libopenmpt before 0.4.5 allows a crash during playback due to an out-of-bounds read in XM and MT2 files.

6.5CVSS6.4AI score0.00294EPSS
CVE
CVE
added 2020/11/30 7:15 p.m.57 views

CVE-2020-29394

A buffer overflow in the dlt_filter_load function in dlt_common.c from dlt-daemon through 2.18.5 (GENIVI Diagnostic Log and Trace) allows arbitrary code execution because fscanf is misused (no limit on the number of characters to be read in the format argument).

7.8CVSS8.1AI score0.00596EPSS
CVE
CVE
added 2022/04/18 5:15 p.m.57 views

CVE-2020-35631

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of ...

10CVSS9.2AI score0.00299EPSS
CVE
CVE
added 2021/07/19 5:15 p.m.57 views

CVE-2020-36421

An issue was discovered in Arm Mbed TLS before 2.23.0. Because of a side channel in modular exponentiation, an RSA private key used in a secure enclave could be disclosed.

5.3CVSS6.9AI score0.0019EPSS
CVE
CVE
added 2021/07/19 5:15 p.m.57 views

CVE-2020-36424

An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can recover a private key (for RSA or static Diffie-Hellman) via a side-channel attack against generation of base blinding/unblinding values.

4.7CVSS5.4AI score0.00085EPSS
CVE
CVE
added 2020/03/24 9:15 p.m.57 views

CVE-2020-6080

An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker ca...

7.5CVSS8.2AI score0.01082EPSS
CVE
CVE
added 2021/08/25 7:15 p.m.57 views

CVE-2021-21836

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input using the “ctts” FOURCC code can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buf...

8.8CVSS8.6AI score0.00251EPSS
CVE
CVE
added 2021/08/18 1:15 p.m.57 views

CVE-2021-21854

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow ...

8.8CVSS8.8AI score0.00311EPSS
CVE
CVE
added 2021/04/28 7:15 a.m.57 views

CVE-2021-31864

Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the add_issue_notes permission requirement by leveraging the incoming mail handler.

5.3CVSS5.4AI score0.00217EPSS
CVE
CVE
added 2021/09/01 3:15 p.m.57 views

CVE-2021-36047

XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

9.3CVSS7.5AI score0.00879EPSS
CVE
CVE
added 2021/09/01 3:15 p.m.57 views

CVE-2021-36054

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in local application denial of service in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

5.5CVSS4.7AI score0.00245EPSS
CVE
CVE
added 2022/11/02 2:15 p.m.57 views

CVE-2022-43235

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_epel_pixels_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.

6.5CVSS7.3AI score0.00115EPSS
Total number of security vulnerabilities9127