Lucene search

K
DebianDebian Linux

9127 matches found

CVE
CVE
added 2022/11/18 9:15 p.m.57 views

CVE-2022-44641

In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service.

6.5CVSS6.2AI score0.00106EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.56 views

CVE-1999-0434

XFree86 xfs command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.

7.5CVSS7.1AI score0.00429EPSS
CVE
CVE
added 2000/06/02 4:0 a.m.56 views

CVE-2000-0229

gpm-root in the gpm package does not properly drop privileges, which allows local users to gain privileges by starting a utility from gpm-root.

7.2CVSS6.5AI score0.00113EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.56 views

CVE-2001-0170

glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, HOSTALIASES, or RES_OPTIONS environmental variables when executing setuid/setgid programs, which could allow local users to read arbitrary files.

2.1CVSS6.8AI score0.00261EPSS
CVE
CVE
added 2003/07/02 4:0 a.m.56 views

CVE-2003-0367

znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.

2.1CVSS6AI score0.00141EPSS
CVE
CVE
added 2005/01/10 5:0 a.m.56 views

CVE-2004-1076

Multiple buffer overflows in the RtConfigLoad function in rt-config.c for Atari800 before 1.3.4 allow local users to execute arbitrary code via large values in the configuration file.

7.2CVSS7.3AI score0.00098EPSS
CVE
CVE
added 2004/12/31 5:0 a.m.56 views

CVE-2004-1142

Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed SMB packet.

5CVSS6.2AI score0.08831EPSS
CVE
CVE
added 2004/12/31 5:0 a.m.56 views

CVE-2004-1145

Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary fi...

5CVSS6.8AI score0.06715EPSS
CVE
CVE
added 2005/10/24 10:2 a.m.56 views

CVE-2005-3302

Eval injection vulnerability in bvh_import.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call.

7.5CVSS7.3AI score0.04914EPSS
CVE
CVE
added 2007/10/30 10:46 p.m.56 views

CVE-2007-5730

Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code via crafted data in the "net socket listen" option, aka QEMU "net socket" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "N...

7.2CVSS7.2AI score0.00139EPSS
CVE
CVE
added 2008/07/25 4:41 p.m.56 views

CVE-2008-3325

Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to modify profile settings and gain privileges as other users via a link or IMG tag to the user edit profile page.

6CVSS7.6AI score0.00397EPSS
CVE
CVE
added 2009/02/13 1:30 a.m.56 views

CVE-2008-6124

SQL injection vulnerability in the hotpot_delete_selected_attempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allows remote attackers to execute arbitrary SQL commands via a crafted selected attempt.

7.5CVSS8.3AI score0.0042EPSS
CVE
CVE
added 2011/02/04 6:0 p.m.56 views

CVE-2011-0779

Google Chrome before 9.0.597.84 does not properly handle a missing key in an extension, which allows remote attackers to cause a denial of service (application crash) via a crafted extension.

5CVSS6.1AI score0.01479EPSS
CVE
CVE
added 2011/03/25 7:55 p.m.56 views

CVE-2011-1400

The default configuration of the shell_escape_commands directive in conf/texmf.d/95NonPath.cnf in the tex-common package before 2.08.1 in Debian GNU/Linux squeeze, Ubuntu 10.10 and 10.04 LTS, and possibly other operating systems lists certain programs, which might allow remote attackers to execute ...

6.8CVSS7.5AI score0.02148EPSS
CVE
CVE
added 2019/11/14 2:15 a.m.56 views

CVE-2011-1490

A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message be...

5.5CVSS5.3AI score0.00153EPSS
CVE
CVE
added 2011/09/23 10:55 a.m.56 views

CVE-2011-2766

The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers.

7.5CVSS6.7AI score0.00261EPSS
CVE
CVE
added 2019/11/15 5:15 p.m.56 views

CVE-2011-2910

The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would continue to run with root privileges which can allow possible privilege escalation.

7.2CVSS6.5AI score0.0013EPSS
CVE
CVE
added 2019/11/14 4:15 p.m.56 views

CVE-2012-1155

Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to

7.5CVSS7.4AI score0.01269EPSS
CVE
CVE
added 2013/05/25 3:18 a.m.56 views

CVE-2013-3562

Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet.

5CVSS6.3AI score0.0344EPSS
CVE
CVE
added 2013/09/16 7:14 p.m.56 views

CVE-2013-4234

Multiple heap-based buffer overflows in the (1) abc_MIDI_drum and (2) abc_MIDI_gchord functions in load_abc.cpp in libmodplug 0.8.8.4 and earlier allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted ABC.

6.8CVSS7.8AI score0.03086EPSS
CVE
CVE
added 2014/03/14 3:55 p.m.56 views

CVE-2013-6476

The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file.

4.4CVSS6.2AI score0.00115EPSS
CVE
CVE
added 2015/01/09 6:59 p.m.56 views

CVE-2014-9272

The string_insert_href function in MantisBT 1.2.0a1 through 1.2.x before 1.2.18 does not properly validate the URL protocol, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the javascript:// protocol.

4.3CVSS5.2AI score0.00442EPSS
CVE
CVE
added 2019/11/25 4:15 p.m.56 views

CVE-2015-1396

A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196.

7.5CVSS6.2AI score0.03663EPSS
CVE
CVE
added 2015/03/31 2:59 p.m.56 views

CVE-2015-2684

Shibboleth Service Provider (SP) before 2.5.4 allows remote authenticated users to cause a denial of service (crash) via a crafted SAML message.

4CVSS6AI score0.00455EPSS
CVE
CVE
added 2016/05/13 2:59 p.m.56 views

CVE-2015-5726

The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (application crash) via an empty BIT STRING in ASN.1 data.

7.5CVSS8AI score0.00869EPSS
CVE
CVE
added 2018/10/01 8:29 a.m.56 views

CVE-2015-9268

Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime.

9.3CVSS7.4AI score0.00569EPSS
CVE
CVE
added 2016/05/11 9:59 p.m.56 views

CVE-2016-1236

Multiple cross-site scripting (XSS) vulnerabilities in (1) revision.php, (2) log.php, (3) listing.php, and (4) comp.php in WebSVN allow context-dependent attackers to inject arbitrary web script or HTML via the name of a (a) file or (b) directory in a repository.

6.1CVSS5.9AI score0.00294EPSS
CVE
CVE
added 2016/05/13 2:59 p.m.56 views

CVE-2016-2194

The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus.

7.5CVSS8.1AI score0.0169EPSS
CVE
CVE
added 2017/02/03 3:59 p.m.56 views

CVE-2016-4571

The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.

7.1CVSS5.5AI score0.00808EPSS
CVE
CVE
added 2017/09/03 8:29 p.m.56 views

CVE-2017-14122

unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp.

9.1CVSS9.1AI score0.00569EPSS
CVE
CVE
added 2017/12/27 5:8 p.m.56 views

CVE-2017-17847

An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI does not properly distinguish between an attachment signature, and a signature that applies to the entire containing message, aka TBE-01-021. This is demonstrated by an e-mail message with an attachment ...

7.5CVSS7.2AI score0.00291EPSS
CVE
CVE
added 2017/11/20 10:29 p.m.56 views

CVE-2017-2919

An exploitable stack based buffer overflow vulnerability exists in the xls_getfcell function of libxls 1.3.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability

8.8CVSS8.1AI score0.01299EPSS
Web
CVE
CVE
added 2017/03/18 8:59 p.m.56 views

CVE-2017-7178

CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its init .py file and (2) causing the victim to download, install, and enable this plugin.

8.8CVSS8.3AI score0.01226EPSS
CVE
CVE
added 2017/12/03 7:29 a.m.56 views

CVE-2017-8820

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote attackers can cause a denial of service (NULL pointer dereference and application crash) against directory authorities via a malformed descriptor, aka TROVE-20...

7.5CVSS7.3AI score0.00816EPSS
CVE
CVE
added 2017/12/03 7:29 a.m.56 views

CVE-2017-8823

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, there is a use-after-free in onion service v2 during intro-point expiration because the expiring list is mismanaged in certain error cases, aka TROVE-2017-013.

8.1CVSS7.8AI score0.00674EPSS
CVE
CVE
added 2018/05/08 12:29 p.m.56 views

CVE-2018-10380

kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack.

7.8CVSS7.1AI score0.00018EPSS
CVE
CVE
added 2018/08/04 1:29 a.m.56 views

CVE-2018-14593

An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.9, 5.0.x through 5.0.28, and 4.0.x through 4.0.30. An attacker who is logged into OTRS as an agent may escalate their privileges by accessing a specially crafted URL.

8.8CVSS8.5AI score0.00681EPSS
CVE
CVE
added 2018/11/11 5:29 a.m.56 views

CVE-2018-19143

Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified submission form because upload caching is mishandled.

6.5CVSS6.1AI score0.00126EPSS
CVE
CVE
added 2018/02/23 9:29 p.m.56 views

CVE-2018-7439

An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the function read_mini_biff_next_record.

8.8CVSS8.5AI score0.0106EPSS
CVE
CVE
added 2020/04/15 4:15 p.m.56 views

CVE-2020-11728

An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. Session management does not use a sufficiently hard-to-guess session key. Anyone who can guess the microsecond time (and the incrementing session_id) can impersonate a session.

7.5CVSS7.3AI score0.0045EPSS
CVE
CVE
added 2021/04/06 8:15 a.m.56 views

CVE-2020-36308

Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries.

5.3CVSS5.4AI score0.0045EPSS
CVE
CVE
added 2022/01/19 9:15 p.m.56 views

CVE-2021-23225

Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web script or HTML in the "new_username" field during creation of a new user via "Copy" method at user_admin.php.

5.4CVSS5.5AI score0.00651EPSS
CVE
CVE
added 2021/02/18 5:15 p.m.56 views

CVE-2021-27379

An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM guest OS users to achieve unintended read/write DMA access, and possibly cause a denial of service (host OS crash) or gain privileges. This occurs because a backport missed a flush, and thus IOMMU updates were not always correct....

7.8CVSS8.1AI score0.0007EPSS
CVE
CVE
added 2021/04/28 7:15 a.m.56 views

CVE-2021-31863

Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process.

7.5CVSS7.2AI score0.0079EPSS
CVE
CVE
added 2021/09/01 3:15 p.m.56 views

CVE-2021-36057

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a write-what-where condition vulnerability caused during the application's memory allocation process. This may cause the memory management functions to become mismatched resulting in local application denial of service in the context of th...

4CVSS3.7AI score0.00062EPSS
CVE
CVE
added 2021/08/23 1:15 p.m.56 views

CVE-2021-3694

LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.

9.6CVSS8.8AI score0.00625EPSS
CVE
CVE
added 2021/08/23 1:15 p.m.56 views

CVE-2021-3731

LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions.

5.9CVSS5.9AI score0.00284EPSS
CVE
CVE
added 2022/01/12 9:15 p.m.56 views

CVE-2021-37529

A double-free vulnerability exists in fig2dev through 3.28a is affected by: via the free_stream function in readpics.c, which could cause a denial of service (context-dependent).

5.5CVSS5.4AI score0.00389EPSS
CVE
CVE
added 2023/06/14 8:15 a.m.56 views

CVE-2022-47184

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: 8.0.0 to 9.2.0.

7.5CVSS7.3AI score0.00157EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.55 views

CVE-1999-0769

Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable.

7.2CVSS6.9AI score0.00148EPSS
Total number of security vulnerabilities9127