Lucene search

K
DebianDebian Linux

9134 matches found

CVE
CVE
added 2018/05/24 1:29 p.m.58 views

CVE-2018-1000040

In Artifex MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file.

5.5CVSS5.5AI score0.00262EPSS
CVE
CVE
added 2018/09/18 9:29 p.m.58 views

CVE-2018-16515

Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.

8.8CVSS8.8AI score0.00569EPSS
CVE
CVE
added 2018/11/11 5:29 a.m.58 views

CVE-2018-19143

Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified submission form because upload caching is mishandled.

6.5CVSS6.1AI score0.00126EPSS
CVE
CVE
added 2018/04/24 7:29 p.m.58 views

CVE-2018-3836

An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that passes...

7.8CVSS7.8AI score0.00091EPSS
CVE
CVE
added 2018/01/27 9:29 p.m.58 views

CVE-2018-6358

The printDefineFont2 function (util/listfdb.c) in libming through 0.4.8 is vulnerable to a heap-based buffer overflow, which may allow attackers to cause a denial of service or unspecified other impact via a crafted FDB file.

8.8CVSS8.2AI score0.0058EPSS
CVE
CVE
added 2018/08/29 1:29 p.m.58 views

CVE-2018-8005

When there are multiple ranges in a range request, Apache Traffic Server (ATS) will read the entire object from cache. This can cause performance problems with large objects in cache. This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x users should upgra...

5.3CVSS6AI score0.04722EPSS
CVE
CVE
added 2019/07/30 7:15 p.m.58 views

CVE-2019-14380

libopenmpt before 0.4.5 allows a crash during playback due to an out-of-bounds read in XM and MT2 files.

6.5CVSS6.4AI score0.00294EPSS
CVE
CVE
added 2019/07/30 1:15 p.m.58 views

CVE-2019-14442

In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an input file can result in an avio_seek infinite loop and hang, with 100% CPU consumption. Attackers could leverage this vulnerability to cause a denial of service via a crafted file.

7.1CVSS6.2AI score0.00222EPSS
Web
CVE
CVE
added 2020/03/24 9:15 p.m.58 views

CVE-2020-6080

An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker ca...

7.5CVSS8.2AI score0.01082EPSS
CVE
CVE
added 2021/08/25 7:15 p.m.58 views

CVE-2021-21836

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input using the “ctts” FOURCC code can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buf...

8.8CVSS8.6AI score0.00251EPSS
CVE
CVE
added 2021/08/18 1:15 p.m.58 views

CVE-2021-21854

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow ...

8.8CVSS8.8AI score0.00519EPSS
CVE
CVE
added 2021/11/03 4:15 p.m.58 views

CVE-2021-37148

Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.0.1.

7.5CVSS7.4AI score0.00797EPSS
CVE
CVE
added 2022/01/12 9:15 p.m.58 views

CVE-2021-37530

A denial of service vulnerabiity exists in fig2dev through 3.28a due to a segfault in the open_stream function in readpics.c.

5.5CVSS5.3AI score0.0027EPSS
CVE
CVE
added 2021/12/28 1:15 a.m.58 views

CVE-2021-45911

An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow in the main function. It allows an attacker to write 2 bytes outside the boundaries of the buffer.

7.8CVSS7.6AI score0.00161EPSS
CVE
CVE
added 2022/09/15 3:15 p.m.58 views

CVE-2022-38861

The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to memory corruption via function free_mp_image() of libmpcodecs/mp_image.c.

5.5CVSS5.7AI score0.0004EPSS
CVE
CVE
added 2022/10/13 3:15 a.m.58 views

CVE-2022-42902

In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server.

8.8CVSS8.7AI score0.00374EPSS
CVE
CVE
added 2022/11/18 9:15 p.m.58 views

CVE-2022-44641

In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service.

6.5CVSS6.2AI score0.00148EPSS
CVE
CVE
added 2023/03/01 3:15 p.m.58 views

CVE-2023-24756

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_unweighted_pred_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

5.5CVSS5.4AI score0.00028EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.57 views

CVE-1999-0434

XFree86 xfs command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.

7.5CVSS7.1AI score0.00429EPSS
CVE
CVE
added 2000/01/18 5:0 a.m.57 views

CVE-1999-0742

The Debian mailman package uses weak authentication, which allows attackers to gain privileges.

5CVSS7.2AI score0.00636EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.57 views

CVE-1999-0986

The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option.

5CVSS6.7AI score0.01424EPSS
CVE
CVE
added 2000/06/02 4:0 a.m.57 views

CVE-2000-0229

gpm-root in the gpm package does not properly drop privileges, which allows local users to gain privileges by starting a utility from gpm-root.

7.2CVSS6.5AI score0.00113EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.57 views

CVE-2000-0314

traceroute in NetBSD 1.3.3 and Linux systems allows local users to flood other systems by providing traceroute with a large waittime (-w) option, which is not parsed properly and sets the time delay for sending packets to zero.

5CVSS6.7AI score0.00315EPSS
CVE
CVE
added 2002/06/25 4:0 a.m.57 views

CVE-2001-0977

slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field.

5CVSS6.5AI score0.02956EPSS
CVE
CVE
added 2005/02/09 5:0 a.m.57 views

CVE-2004-0980

Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 through 3.0.11b8, when running in daemon mode with certain service types in use, allows remote servers to execute arbitrary code.

10CVSS7AI score0.01578EPSS
CVE
CVE
added 2005/04/14 4:0 a.m.57 views

CVE-2004-1004

Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.

7.5CVSS6.5AI score0.00949EPSS
CVE
CVE
added 2004/12/31 5:0 a.m.57 views

CVE-2004-1142

Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed SMB packet.

5CVSS6.2AI score0.08831EPSS
CVE
CVE
added 2004/12/31 5:0 a.m.57 views

CVE-2004-1145

Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary fi...

5CVSS6.8AI score0.06715EPSS
CVE
CVE
added 2005/04/14 4:0 a.m.57 views

CVE-2004-1174

direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles."

5CVSS6.1AI score0.01138EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.57 views

CVE-2005-1111

Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.

4.7CVSS4.4AI score0.00075EPSS
CVE
CVE
added 2008/09/11 1:13 a.m.57 views

CVE-2008-3913

Multiple memory leaks in freshclam/manager.c in ClamAV before 0.94 might allow attackers to cause a denial of service (memory consumption) via unspecified vectors related to "error handling logic".

5CVSS6AI score0.03698EPSS
CVE
CVE
added 2009/07/01 1:0 p.m.57 views

CVE-2009-2287

The kvm_arch_vcpu_ioctl_set_sregs function in the KVM in Linux kernel 2.6 before 2.6.30, when running on x86 systems, does not validate the page table root in a KVM_SET_SREGS call, which allows local users to cause a denial of service (crash or hang) via a crafted cr3 value, which triggers a NULL p...

4.9CVSS6.8AI score0.0006EPSS
CVE
CVE
added 2010/01/08 5:30 p.m.57 views

CVE-2010-0012

Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file.

8.8CVSS8.3AI score0.00297EPSS
Web
CVE
CVE
added 2019/11/13 9:15 p.m.57 views

CVE-2010-4661

udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules.

7.8CVSS7.3AI score0.00152EPSS
CVE
CVE
added 2019/11/14 2:15 a.m.57 views

CVE-2011-1490

A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message be...

5.5CVSS5.3AI score0.00153EPSS
CVE
CVE
added 2019/11/15 5:15 p.m.57 views

CVE-2011-2910

The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would continue to run with root privileges which can allow possible privilege escalation.

7.2CVSS6.5AI score0.0013EPSS
CVE
CVE
added 2012/08/07 7:55 p.m.57 views

CVE-2012-2317

The Debian php_crypt_revamped.patch patch for PHP 5.3.x, as used in the php5 package before 5.3.3-7+squeeze4 in Debian GNU/Linux squeeze, the php5 package before 5.3.2-1ubuntu4.17 in Ubuntu 10.04 LTS, and the php5 package before 5.3.5-1ubuntu7.10 in Ubuntu 11.04, does not properly handle an empty s...

4.3CVSS7.2AI score0.0039EPSS
CVE
CVE
added 2012/09/05 11:55 p.m.57 views

CVE-2012-3509

Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the "addition of CHUNK_HEADER_SIZE to the le...

5CVSS8.8AI score0.01748EPSS
CVE
CVE
added 2019/11/25 2:15 p.m.57 views

CVE-2012-5521

quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal

6.5CVSS6.4AI score0.00331EPSS
CVE
CVE
added 2019/12/10 3:15 p.m.57 views

CVE-2013-4133

kde-workspace before 4.10.5 has a memory leak in plasma desktop

7.8CVSS7.3AI score0.01993EPSS
CVE
CVE
added 2019/12/11 2:15 p.m.57 views

CVE-2013-4245

Orca has arbitrary code execution due to insecure Python module load

7.3CVSS7.5AI score0.00153EPSS
CVE
CVE
added 2014/03/14 3:55 p.m.57 views

CVE-2013-6476

The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file.

4.4CVSS6.2AI score0.00115EPSS
CVE
CVE
added 2019/12/13 1:15 p.m.57 views

CVE-2014-0175

mcollective has a default password set at install

9.8CVSS9.5AI score0.00601EPSS
CVE
CVE
added 2014/04/09 10:56 a.m.57 views

CVE-2014-1716

Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype function in runtime.cc in Google V8, as used in Google Chrome before 34.0.1847.116, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)."

7.5CVSS4.7AI score0.01068EPSS
CVE
CVE
added 2019/11/21 3:15 p.m.57 views

CVE-2014-1936

rc before 1.7.1-5 insecurely creates temporary files.

7.5CVSS7.5AI score0.00433EPSS
CVE
CVE
added 2014/11/28 3:59 p.m.57 views

CVE-2014-9089

Multiple SQL injection vulnerabilities in view_all_bug_page.php in MantisBT before 1.2.18 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to view_all_set.php.

7.5CVSS6.7AI score0.00544EPSS
CVE
CVE
added 2015/03/09 2:59 p.m.57 views

CVE-2014-9472

The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted email.

7.1CVSS8AI score0.00875EPSS
CVE
CVE
added 2015/06/22 7:59 p.m.57 views

CVE-2015-3232

Open redirect vulnerability in the Field UI module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destinations parameter.

5.8CVSS6.4AI score0.00387EPSS
CVE
CVE
added 2015/05/14 2:59 p.m.57 views

CVE-2015-3427

Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \ (backslash) in a message. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4422.

7.5CVSS7.4AI score0.00671EPSS
CVE
CVE
added 2015/08/24 2:59 p.m.57 views

CVE-2015-6496

conntrackd in conntrack-tools 1.4.2 and earlier does not ensure that the optional kernel modules are loaded before using them, which allows remote attackers to cause a denial of service (crash) via a (1) DCCP, (2) SCTP, or (3) ICMPv6 packet.

5CVSS6.3AI score0.02789EPSS
Total number of security vulnerabilities9134