Lucene search

K
DebianDebian Linux

9134 matches found

CVE
CVE
added 2018/10/01 8:29 a.m.56 views

CVE-2015-9268

Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime.

9.3CVSS7.4AI score0.00569EPSS
CVE
CVE
added 2016/05/11 9:59 p.m.56 views

CVE-2016-1236

Multiple cross-site scripting (XSS) vulnerabilities in (1) revision.php, (2) log.php, (3) listing.php, and (4) comp.php in WebSVN allow context-dependent attackers to inject arbitrary web script or HTML via the name of a (a) file or (b) directory in a repository.

6.1CVSS5.9AI score0.00294EPSS
CVE
CVE
added 2016/05/13 2:59 p.m.56 views

CVE-2016-2194

The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus.

7.5CVSS8.1AI score0.0169EPSS
CVE
CVE
added 2017/02/03 3:59 p.m.56 views

CVE-2016-4571

The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.

7.1CVSS5.5AI score0.00808EPSS
CVE
CVE
added 2018/03/21 8:29 p.m.56 views

CVE-2017-0926

Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login.

8.8CVSS7.7AI score0.0031EPSS
CVE
CVE
added 2017/12/27 5:8 p.m.56 views

CVE-2017-17847

An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI does not properly distinguish between an attachment signature, and a signature that applies to the entire containing message, aka TBE-01-021. This is demonstrated by an e-mail message with an attachment ...

7.5CVSS7.2AI score0.00291EPSS
CVE
CVE
added 2017/11/20 10:29 p.m.56 views

CVE-2017-2919

An exploitable stack based buffer overflow vulnerability exists in the xls_getfcell function of libxls 1.3.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability

8.8CVSS8.1AI score0.01299EPSS
CVE
CVE
added 2017/12/03 7:29 a.m.56 views

CVE-2017-8820

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote attackers can cause a denial of service (NULL pointer dereference and application crash) against directory authorities via a malformed descriptor, aka TROVE-20...

7.5CVSS7.3AI score0.00816EPSS
CVE
CVE
added 2018/05/08 12:29 p.m.56 views

CVE-2018-10380

kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack.

7.8CVSS7.1AI score0.00018EPSS
CVE
CVE
added 2019/02/06 11:29 p.m.56 views

CVE-2018-20761

GPAC version 0.7.1 and earlier has a Buffer Overflow vulnerability in the gf_sm_load_init function in scene_manager.c in libgpac_static.a.

7.8CVSS7.5AI score0.00293EPSS
CVE
CVE
added 2019/08/15 5:15 p.m.56 views

CVE-2019-13223

A reachable assertion in the lookup1_values function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file.

5.5CVSS5.3AI score0.00098EPSS
CVE
CVE
added 2020/04/15 4:15 p.m.56 views

CVE-2020-11728

An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. Session management does not use a sufficiently hard-to-guess session key. Anyone who can guess the microsecond time (and the incrementing session_id) can impersonate a session.

7.5CVSS7.3AI score0.0045EPSS
CVE
CVE
added 2021/04/28 7:15 a.m.56 views

CVE-2021-31863

Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process.

7.5CVSS7.2AI score0.0079EPSS
CVE
CVE
added 2021/08/23 1:15 p.m.56 views

CVE-2021-3694

LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.

9.6CVSS8.8AI score0.00625EPSS
CVE
CVE
added 2021/08/23 1:15 p.m.56 views

CVE-2021-3731

LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions.

5.9CVSS5.9AI score0.00284EPSS
CVE
CVE
added 2022/01/12 9:15 p.m.56 views

CVE-2021-37529

A double-free vulnerability exists in fig2dev through 3.28a is affected by: via the free_stream function in readpics.c, which could cause a denial of service (context-dependent).

5.5CVSS5.4AI score0.0027EPSS
CVE
CVE
added 2022/08/10 6:15 a.m.56 views

CVE-2022-28129

Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.

7.5CVSS7.3AI score0.00163EPSS
CVE
CVE
added 2022/06/16 4:15 p.m.56 views

CVE-2022-31291

An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allows attackers to cause a double free via crafted TCP packets.

7.5CVSS7.4AI score0.0002EPSS
CVE
CVE
added 2022/10/21 11:15 a.m.56 views

CVE-2022-3636

A vulnerability, which was classified as critical, was found in Linux Kernel. This affects the function __mtk_ppe_check_skb of the file drivers/net/ethernet/mediatek/mtk_ppe.c of the component Ethernet Handler. The manipulation leads to use after free. It is recommended to apply a patch to fix this...

7.8CVSS6.2AI score0.00016EPSS
CVE
CVE
added 2023/06/14 8:15 a.m.56 views

CVE-2022-47184

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: 8.0.0 to 9.2.0.

7.5CVSS7.3AI score0.00157EPSS
CVE
CVE
added 2023/03/01 3:15 p.m.56 views

CVE-2023-24755

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_weighted_pred_8_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

5.5CVSS5.4AI score0.00028EPSS
CVE
CVE
added 2023/09/05 7:15 a.m.56 views

CVE-2023-41909

An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference.

7.5CVSS8AI score0.00078EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.55 views

CVE-1999-0769

Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable.

7.2CVSS6.9AI score0.00148EPSS
CVE
CVE
added 2000/04/25 4:0 a.m.55 views

CVE-2000-0112

The default installation of Debian GNU/Linux uses an insecure Master Boot Record (MBR) which allows a local user to boot from a floppy disk during the installation.

7.2CVSS6.7AI score0.0006EPSS
CVE
CVE
added 2005/04/14 4:0 a.m.55 views

CVE-2004-1090

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "a corrupt section header."

5CVSS6.3AI score0.0106EPSS
CVE
CVE
added 2005/04/14 4:0 a.m.55 views

CVE-2004-1091

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference.

5CVSS6.2AI score0.0106EPSS
CVE
CVE
added 2005/04/14 4:0 a.m.55 views

CVE-2004-1175

fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters.

7.5CVSS7.2AI score0.00949EPSS
CVE
CVE
added 2019/10/31 4:15 p.m.55 views

CVE-2010-2490

Mumble: murmur-server has DoS due to malformed client query

6.5CVSS6.4AI score0.00503EPSS
CVE
CVE
added 2019/11/12 8:15 p.m.55 views

CVE-2010-3439

It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command.

6.5CVSS6.3AI score0.00568EPSS
CVE
CVE
added 2019/11/15 5:15 p.m.55 views

CVE-2011-0703

In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an administrator X11 session.

9.8CVSS9.4AI score0.00432EPSS
CVE
CVE
added 2011/03/25 7:55 p.m.55 views

CVE-2011-1292

Use-after-free vulnerability in the frame-loader implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5CVSS7AI score0.01366EPSS
CVE
CVE
added 2012/07/12 8:55 p.m.55 views

CVE-2012-2351

The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username.

5CVSS6.8AI score0.00331EPSS
CVE
CVE
added 2016/04/11 3:59 p.m.55 views

CVE-2012-6699

The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds read) via a crafted response.

7.5CVSS7AI score0.00562EPSS
CVE
CVE
added 2013/03/07 3:55 p.m.55 views

CVE-2013-2478

The dissect_server_info function in epan/dissectors/packet-ms-mms.c in the MS-MMS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not properly manage string lengths, which allows remote attackers to cause a denial of service (application crash) via a malformed packet that (1)...

3.3CVSS6.7AI score0.01454EPSS
CVE
CVE
added 2013/03/07 3:55 p.m.55 views

CVE-2013-2488

The DTLS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not validate the fragment offset before invoking the reassembly state machine, which allows remote attackers to cause a denial of service (application crash) via a large offset value that triggers write access to an inv...

5CVSS6.4AI score0.03866EPSS
CVE
CVE
added 2013/10/28 10:55 p.m.55 views

CVE-2013-4394

The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors invo...

5.9CVSS6.3AI score0.00109EPSS
CVE
CVE
added 2019/11/05 2:15 p.m.55 views

CVE-2013-6364

Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book

8.8CVSS8.3AI score0.02293EPSS
CVE
CVE
added 2014/12/09 11:59 p.m.55 views

CVE-2014-9274

UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string "{\cb-999999999".

7.5CVSS7.6AI score0.05942EPSS
CVE
CVE
added 2015/03/09 2:59 p.m.55 views

CVE-2015-1165

RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors.

5CVSS8.2AI score0.00388EPSS
CVE
CVE
added 2015/02/23 5:59 p.m.55 views

CVE-2015-2047

The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authentication via a password that is casted to an empty value.

2.6CVSS7AI score0.00766EPSS
CVE
CVE
added 2015/03/31 2:59 p.m.55 views

CVE-2015-2776

The parse_SST function in FreeXL before 1.0.0i allows remote attackers to cause a denial of service (memory consumption) via a crafted shared strings table in a workbook.

4.3CVSS6.3AI score0.02007EPSS
CVE
CVE
added 2017/03/16 2:59 p.m.55 views

CVE-2016-10246

Buffer overflow in the main function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.

5.5CVSS5.8AI score0.00285EPSS
CVE
CVE
added 2017/03/16 2:59 p.m.55 views

CVE-2016-10247

Buffer overflow in the my_getline function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.

5.5CVSS5.5AI score0.0031EPSS
CVE
CVE
added 2016/05/13 2:59 p.m.55 views

CVE-2016-2195

Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point, which triggers a heap-based buffer overflow.

10CVSS9.6AI score0.06105EPSS
CVE
CVE
added 2017/11/15 4:29 p.m.55 views

CVE-2017-15923

Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote attackers to cause a denial of service (crash) via vectors related to parsing of IRC color formatting codes.

7.5CVSS7.1AI score0.01477EPSS
CVE
CVE
added 2017/11/13 8:29 p.m.55 views

CVE-2017-16804

In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages.

4.3CVSS5.6AI score0.00345EPSS
CVE
CVE
added 2017/12/27 5:8 p.m.55 views

CVE-2017-17843

An issue was discovered in Enigmail before 1.9.9 that allows remote attackers to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of an e-mail address from a comma-separated list, as demonstrated by a modified Full Name field and a ...

5.9CVSS6.3AI score0.00204EPSS
CVE
CVE
added 2018/02/02 3:29 p.m.55 views

CVE-2017-18122

A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid. Att...

8.1CVSS8.2AI score0.00308EPSS
CVE
CVE
added 2017/02/24 4:59 a.m.55 views

CVE-2017-6309

An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parse_file() function. These might lead to invalid read and write operations, controlled by an attacker.

7.8CVSS7.5AI score0.00408EPSS
CVE
CVE
added 2017/12/03 7:29 a.m.55 views

CVE-2017-8822

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick themselves in a circuit path, leading to a degradation of anonymity, aka TROVE-2017-012.

4.3CVSS5.5AI score0.00304EPSS
Total number of security vulnerabilities9134