Lucene search

K
DebianDebian Linux

9127 matches found

CVE
CVE
added 2005/04/14 4:0 a.m.55 views

CVE-2004-1090

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "a corrupt section header."

5CVSS6.3AI score0.0106EPSS
CVE
CVE
added 2005/04/14 4:0 a.m.55 views

CVE-2004-1091

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference.

5CVSS6.2AI score0.0106EPSS
CVE
CVE
added 2005/04/14 4:0 a.m.55 views

CVE-2004-1175

fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters.

7.5CVSS7.2AI score0.00949EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.55 views

CVE-2005-1111

Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.

4.7CVSS4.4AI score0.00075EPSS
CVE
CVE
added 2019/11/15 5:15 p.m.55 views

CVE-2011-0703

In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an administrator X11 session.

9.8CVSS9.4AI score0.00432EPSS
CVE
CVE
added 2011/03/25 7:55 p.m.55 views

CVE-2011-1292

Use-after-free vulnerability in the frame-loader implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5CVSS7AI score0.01366EPSS
CVE
CVE
added 2012/07/12 8:55 p.m.55 views

CVE-2012-2351

The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username.

5CVSS6.8AI score0.00331EPSS
CVE
CVE
added 2016/04/11 3:59 p.m.55 views

CVE-2012-6699

The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds read) via a crafted response.

7.5CVSS7AI score0.00562EPSS
CVE
CVE
added 2013/03/07 3:55 p.m.55 views

CVE-2013-2478

The dissect_server_info function in epan/dissectors/packet-ms-mms.c in the MS-MMS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not properly manage string lengths, which allows remote attackers to cause a denial of service (application crash) via a malformed packet that (1)...

3.3CVSS6.7AI score0.01454EPSS
CVE
CVE
added 2013/05/25 3:18 a.m.55 views

CVE-2013-3555

epan/dissectors/packet-gtpv2.c in the GTPv2 dissector in Wireshark 1.8.x before 1.8.7 calls incorrect functions in certain contexts related to ciphers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

5CVSS6.3AI score0.03399EPSS
CVE
CVE
added 2013/10/28 10:55 p.m.55 views

CVE-2013-4394

The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors invo...

5.9CVSS6.3AI score0.00109EPSS
CVE
CVE
added 2019/11/05 2:15 p.m.55 views

CVE-2013-6364

Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book

8.8CVSS8.3AI score0.02293EPSS
CVE
CVE
added 2019/12/13 1:15 p.m.55 views

CVE-2014-0175

mcollective has a default password set at install

9.8CVSS9.5AI score0.00601EPSS
CVE
CVE
added 2019/11/21 3:15 p.m.55 views

CVE-2014-1936

rc before 1.7.1-5 insecurely creates temporary files.

7.5CVSS7.5AI score0.00433EPSS
CVE
CVE
added 2019/12/13 2:15 p.m.55 views

CVE-2014-3495

duplicity 0.6.24 has improper verification of SSL certificates

7.5CVSS7.5AI score0.00284EPSS
CVE
CVE
added 2015/02/23 5:59 p.m.55 views

CVE-2015-2047

The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authentication via a password that is casted to an empty value.

2.6CVSS7AI score0.00766EPSS
CVE
CVE
added 2016/04/25 2:59 p.m.55 views

CVE-2015-8852

Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP ...

7.5CVSS7.3AI score0.0109EPSS
CVE
CVE
added 2016/05/13 2:59 p.m.55 views

CVE-2016-2195

Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point, which triggers a heap-based buffer overflow.

10CVSS9.6AI score0.06105EPSS
CVE
CVE
added 2018/03/21 8:29 p.m.55 views

CVE-2017-0926

Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login.

8.8CVSS7.7AI score0.0031EPSS
CVE
CVE
added 2017/11/15 4:29 p.m.55 views

CVE-2017-15923

Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote attackers to cause a denial of service (crash) via vectors related to parsing of IRC color formatting codes.

7.5CVSS7.1AI score0.01477EPSS
CVE
CVE
added 2017/02/24 4:59 a.m.55 views

CVE-2017-6309

An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parse_file() function. These might lead to invalid read and write operations, controlled by an attacker.

7.8CVSS7.5AI score0.00408EPSS
CVE
CVE
added 2017/12/03 7:29 a.m.55 views

CVE-2017-8822

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick themselves in a circuit path, leading to a degradation of anonymity, aka TROVE-2017-012.

4.3CVSS5.5AI score0.00304EPSS
CVE
CVE
added 2018/03/13 1:29 a.m.55 views

CVE-2018-1000099

Teluu PJSIP version 2.7.1 and earlier contains a Access of Null/Uninitialized Pointer vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in 2.7.2.

7.5CVSS7.5AI score0.0097EPSS
CVE
CVE
added 2018/07/16 6:29 p.m.55 views

CVE-2018-10859

git-annex is vulnerable to an Information Exposure when decrypting files. A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's gpg key. This attack could be used to expose encrypted data that was never stored in git-annex

7.5CVSS7.2AI score0.00384EPSS
CVE
CVE
added 2019/02/06 11:29 p.m.55 views

CVE-2018-20761

GPAC version 0.7.1 and earlier has a Buffer Overflow vulnerability in the gf_sm_load_init function in scene_manager.c in libgpac_static.a.

7.8CVSS7.5AI score0.00293EPSS
CVE
CVE
added 2019/08/15 5:15 p.m.55 views

CVE-2019-13223

A reachable assertion in the lookup1_values function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file.

5.5CVSS5.3AI score0.00098EPSS
CVE
CVE
added 2021/05/27 6:15 p.m.55 views

CVE-2020-22029

A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_colorconstancy.c: in slice_get_derivative, which crossfade_samples_fltp, which might lead to memory corruption and other potential consequences.

8.8CVSS9.2AI score0.00744EPSS
CVE
CVE
added 2021/10/04 2:15 p.m.55 views

CVE-2021-36051

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a specially-crafted .cpp file.

7.8CVSS7.8AI score0.03868EPSS
CVE
CVE
added 2021/11/03 4:15 p.m.55 views

CVE-2021-38161

Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle attacks. This issue affects Apache Traffic Server 8.0.0 to 8.0.8.

8.1CVSS7.9AI score0.01546EPSS
CVE
CVE
added 2021/11/19 7:15 p.m.55 views

CVE-2021-40391

An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger t...

10CVSS9.4AI score0.00475EPSS
CVE
CVE
added 2021/09/29 4:15 p.m.55 views

CVE-2021-40716

XMP Toolkit SDK versions 2021.07 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a vict...

5.5CVSS5.4AI score0.00242EPSS
CVE
CVE
added 2022/08/10 6:15 a.m.55 views

CVE-2022-28129

Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.

7.5CVSS7.3AI score0.00163EPSS
CVE
CVE
added 2022/06/16 4:15 p.m.55 views

CVE-2022-31291

An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allows attackers to cause a double free via crafted TCP packets.

7.5CVSS7.4AI score0.0002EPSS
CVE
CVE
added 2022/10/21 11:15 a.m.55 views

CVE-2022-3636

A vulnerability, which was classified as critical, was found in Linux Kernel. This affects the function __mtk_ppe_check_skb of the file drivers/net/ethernet/mediatek/mtk_ppe.c of the component Ethernet Handler. The manipulation leads to use after free. It is recommended to apply a patch to fix this...

7.8CVSS6.2AI score0.00015EPSS
CVE
CVE
added 2023/03/01 3:15 p.m.55 views

CVE-2023-24755

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_weighted_pred_8_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

5.5CVSS5.4AI score0.00022EPSS
CVE
CVE
added 2023/09/05 7:15 a.m.55 views

CVE-2023-41909

An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference.

7.5CVSS8AI score0.00078EPSS
CVE
CVE
added 2000/04/25 4:0 a.m.54 views

CVE-2000-0112

The default installation of Debian GNU/Linux uses an insecure Master Boot Record (MBR) which allows a local user to boot from a floppy disk during the installation.

7.2CVSS6.7AI score0.0006EPSS
CVE
CVE
added 2000/03/22 5:0 a.m.54 views

CVE-2000-0145

The libguile.so library file used by gnucash in Debian GNU/Linux is installed with world-writable permissions.

7.5CVSS7AI score0.00382EPSS
CVE
CVE
added 2001/03/12 5:0 a.m.54 views

CVE-2001-0112

Multiple buffer overflows in splitvt before 1.6.5 allow local users to execute arbitrary commands.

7.2CVSS7.2AI score0.00374EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.54 views

CVE-2001-0690

Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail headers.

7.5CVSS7.5AI score0.19934EPSS
CVE
CVE
added 2003/07/02 4:0 a.m.54 views

CVE-2003-0382

Buffer overflow in Eterm 0.9.2 allows local users to gain privileges via a long ETERMPATH environment variable.

4.6CVSS6.6AI score0.00083EPSS
CVE
CVE
added 2005/03/01 5:0 a.m.54 views

CVE-2004-1027

Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences.

5CVSS6.5AI score0.06284EPSS
CVE
CVE
added 2006/12/12 12:28 a.m.54 views

CVE-2006-5873

Buffer overflow in the cluster_process_heartbeat function in cluster.c in layer 2 tunneling protocol network server (l2tpns) before 2.1.21 allows remote attackers to cause a denial of service via a large heartbeat packet.

7.8CVSS6.6AI score0.01514EPSS
CVE
CVE
added 2009/01/15 5:30 p.m.54 views

CVE-2008-5907

The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the '\0' ...

5CVSS8.3AI score0.0058EPSS
CVE
CVE
added 2010/02/02 4:30 p.m.54 views

CVE-2009-4013

Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive information via vectors involving (1) control field names, (2) control field values, and (3) control ...

9.8CVSS9.3AI score0.00836EPSS
CVE
CVE
added 2019/10/31 4:15 p.m.54 views

CVE-2010-2490

Mumble: murmur-server has DoS due to malformed client query

6.5CVSS6.4AI score0.00503EPSS
CVE
CVE
added 2019/11/12 8:15 p.m.54 views

CVE-2010-3439

It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command.

6.5CVSS6.3AI score0.00568EPSS
CVE
CVE
added 2011/05/03 10:55 p.m.54 views

CVE-2011-1444

Race condition in the sandbox launcher implementation in Google Chrome before 11.0.696.57 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

6.8CVSS7.1AI score0.00692EPSS
CVE
CVE
added 2019/11/12 2:15 p.m.54 views

CVE-2011-2897

gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw

9.8CVSS9.6AI score0.00985EPSS
CVE
CVE
added 2019/12/17 6:15 p.m.54 views

CVE-2012-2237

Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript innerHTML as used when generating login forms, (2) links or (3) resources URLs, and (4) the Dis...

6.1CVSS5.9AI score0.06623EPSS
Total number of security vulnerabilities9127