Lucene search

K
DebianDebian Linux

9110 matches found

CVE
CVE
added 2019/11/05 2:15 p.m.51 views

CVE-2013-6365

Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions

5.3CVSS5.9AI score0.00178EPSS
CVE
CVE
added 2016/02/23 7:59 p.m.51 views

CVE-2013-7448

Directory traversal vulnerability in wiki.c in didiwiki allows remote attackers to read arbitrary files via the page parameter to api/page/get.

7.5CVSS7.3AI score0.0055EPSS
CVE
CVE
added 2019/12/13 1:15 p.m.51 views

CVE-2014-0175

mcollective has a default password set at install

9.8CVSS9.5AI score0.00601EPSS
CVE
CVE
added 2019/12/13 2:15 p.m.51 views

CVE-2014-2387

Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities

4.6CVSS5AI score0.00103EPSS
CVE
CVE
added 2017/09/20 6:29 p.m.51 views

CVE-2015-2927

node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause a denial of service (bandwidth consumption).

6.8CVSS6.4AI score0.0129EPSS
CVE
CVE
added 2015/08/24 2:59 p.m.51 views

CVE-2015-6525

Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer...

7.5CVSS9.6AI score0.01085EPSS
CVE
CVE
added 2018/04/13 3:29 p.m.51 views

CVE-2016-9646

ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery.

5.3CVSS7.2AI score0.01104EPSS
CVE
CVE
added 2018/04/13 4:29 p.m.51 views

CVE-2017-0361

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext.

7.8CVSS7.8AI score0.00077EPSS
CVE
CVE
added 2018/04/13 4:29 p.m.51 views

CVE-2017-0366

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration.

5.4CVSS5.6AI score0.00346EPSS
CVE
CVE
added 2017/08/29 11:29 p.m.51 views

CVE-2017-13760

In The Sleuth Kit (TSK) 4.4.2, fls hangs on a corrupt exfat image in tsk_img_read() in tsk/img/img_io.c in libtskimg.a.

5.5CVSS5.5AI score0.00273EPSS
CVE
CVE
added 2017/05/02 2:59 p.m.51 views

CVE-2017-7483

Rxvt 2.7.10 is vulnerable to a denial of service attack by passing the value -2^31 inside a terminal escape code, which results in a non-invertible integer that eventually leads to a segfault due to an out of bounds read.

7.5CVSS7.2AI score0.00779EPSS
CVE
CVE
added 2017/12/03 7:29 a.m.51 views

CVE-2017-8819

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the replay-cache protection mechanism is ineffective for v2 onion services, aka TROVE-2017-009. An attacker can send many INTRODUCE2 cells to trigger this issue.

7.5CVSS7.5AI score0.00546EPSS
CVE
CVE
added 2018/04/03 7:29 a.m.51 views

CVE-2018-0493

remctld in remctl before 3.14, when an attacker is authorized to execute a command that uses the sudo option, has a use-after-free that leads to a daemon crash, memory corruption, or arbitrary command execution.

7.2CVSS7.1AI score0.01016EPSS
CVE
CVE
added 2018/03/13 1:29 a.m.51 views

CVE-2018-1000098

Teluu PJSIP version 2.7.1 and earlier contains a Integer Overflow vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in 2.7.2.

7.5CVSS7.8AI score0.00704EPSS
CVE
CVE
added 2018/08/20 7:31 p.m.51 views

CVE-2018-1000637

zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential denial of service or arbitrary code execution. This attack appear to be exploitable via the victim openning a crafted compressed file. This vulnerability appears to have been fixed...

7.8CVSS7.7AI score0.00399EPSS
CVE
CVE
added 2019/04/04 3:29 p.m.51 views

CVE-2018-10242

Suricata version 4.0.4 incorrectly handles the parsing of the SSH banner. A malformed SSH banner can cause the parsing code to read beyond the allocated data because SSHParseBanner in app-layer-ssh.c lacks a length check.

7.5CVSS8.2AI score0.00413EPSS
CVE
CVE
added 2020/01/06 6:15 p.m.51 views

CVE-2019-18792

An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature by overlapping a TCP segment with a fake FIN packet. The fake FIN packet is injected just before the PUSH ACK packet we want to bypass. The PUSH ACK packet (containing the data) will be ignored by Suri...

9.1CVSS9AI score0.00249EPSS
CVE
CVE
added 2020/05/13 3:15 p.m.51 views

CVE-2020-8020

A Improper Neutralization of Input During Web Page Generation vulnerability in open-build-service allows remote attackers to store arbitrary JS code to cause XSS. This issue affects: openSUSE open-build-service versions prior to 7cc32c8e2ff7290698e101d9a80a9dc29a5500fb.

6.5CVSS6.3AI score0.0022EPSS
CVE
CVE
added 2020/05/19 3:15 p.m.51 views

CVE-2020-8021

a Improper Access Control vulnerability in of Open Build Service allows remote attackers to read files of an OBS package where the sourceaccess/access is disabled This issue affects: Open Build Service versions prior to 2.10.5.

5.3CVSS5.3AI score0.00186EPSS
CVE
CVE
added 2022/11/02 1:15 p.m.51 views

CVE-2021-37789

stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, leading to Information Disclosure or Denial of Service.

8.1CVSS7.8AI score0.00097EPSS
CVE
CVE
added 2022/01/25 1:15 p.m.51 views

CVE-2021-45845

The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS command injection, allowing an attacker to execute arbitrary commands via a crafted FCStd document.

7.8CVSS7.8AI score0.01334EPSS
CVE
CVE
added 2023/09/05 7:15 a.m.51 views

CVE-2023-41909

An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference.

7.5CVSS8AI score0.00078EPSS
CVE
CVE
added 2000/01/18 5:0 a.m.50 views

CVE-1999-0831

Denial of service in Linux syslogd via a large number of connections.

5CVSS6.9AI score0.0052EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.50 views

CVE-2000-0315

traceroute in NetBSD 1.3.3 and Linux systems allows local unprivileged users to modify the source address of the packets, which could be used in spoofing attacks.

5CVSS6.6AI score0.00439EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.50 views

CVE-2001-0111

Format string vulnerability in splitvt before 1.6.5 allows local users to execute arbitrary commands via the -rcfile command line argument.

7.2CVSS7.3AI score0.00206EPSS
CVE
CVE
added 2001/06/27 4:0 a.m.50 views

CVE-2001-0441

Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header.

7.5CVSS7.8AI score0.01437EPSS
CVE
CVE
added 2003/03/03 5:0 a.m.50 views

CVE-2003-0098

Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10.5, allows remote attackers to gain root privileges, possibly via format strings in a request to a slave server.

10CVSS6.6AI score0.06825EPSS
CVE
CVE
added 2006/04/25 12:50 p.m.50 views

CVE-2006-2016

Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope p...

2.6CVSS5.5AI score0.25074EPSS
CVE
CVE
added 2007/04/10 6:19 p.m.50 views

CVE-2006-4250

Buffer overflow in man and mandb (man-db) 2.4.3 and earlier allows local users to execute arbitrary code via crafted arguments to the -H flag.

4.6CVSS7.1AI score0.00315EPSS
CVE
CVE
added 2007/06/21 8:30 p.m.50 views

CVE-2007-2833

Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation.

7.8CVSS6AI score0.01138EPSS
CVE
CVE
added 2008/01/04 2:46 a.m.50 views

CVE-2007-6599

Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list operat...

4.3CVSS6.3AI score0.01346EPSS
CVE
CVE
added 2019/11/05 8:15 p.m.50 views

CVE-2010-3674

TYPO3 before 4.4.1 allows XSS in the frontend search box.

6.1CVSS7AI score0.00545EPSS
CVE
CVE
added 2019/11/13 8:15 p.m.50 views

CVE-2010-4654

poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack.

9.3CVSS7.8AI score0.00468EPSS
CVE
CVE
added 2019/11/13 10:15 p.m.50 views

CVE-2010-4664

In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. This flaw allows an authenticated system user to escalate their privileges by initiating a remote VNC session.

8.8CVSS8.6AI score0.00197EPSS
CVE
CVE
added 2011/02/04 6:0 p.m.50 views

CVE-2011-0783

Unspecified vulnerability in Google Chrome before 9.0.597.84 allows user-assisted remote attackers to cause a denial of service (application crash) via vectors involving a "bad volume setting."

4.3CVSS6AI score0.01219EPSS
CVE
CVE
added 2019/11/14 2:15 a.m.50 views

CVE-2011-1488

A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when $RepeatedMsgReduction was enabled. A local attacker could use this flaw to cause a denial of the rsyslogd daemon service by crashing the service via a sequence of repeated log messages sent with...

5.5CVSS5.2AI score0.00153EPSS
CVE
CVE
added 2019/11/14 2:15 a.m.50 views

CVE-2011-1489

A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message b...

5.5CVSS5.3AI score0.00153EPSS
CVE
CVE
added 2016/05/13 4:59 p.m.50 views

CVE-2011-5326

imlib2 before 1.4.9 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) by drawing a 2x1 ellipse.

7.5CVSS8.1AI score0.02595EPSS
CVE
CVE
added 2019/11/07 6:15 p.m.50 views

CVE-2012-0049

OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server.

4.3CVSS4.3AI score0.00622EPSS
CVE
CVE
added 2019/12/05 6:15 p.m.50 views

CVE-2012-1104

A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed.

5.3CVSS5AI score0.01415EPSS
CVE
CVE
added 2019/11/05 7:15 p.m.50 views

CVE-2013-6275

Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php.

6.5CVSS6.4AI score0.01945EPSS
CVE
CVE
added 2019/12/11 3:15 p.m.50 views

CVE-2013-7371

node-connects before 2.8.2 has cross site scripting in Sencha Labs Connect middleware (vulnerability due to incomplete fix for CVE-2013-7370)

6.1CVSS6AI score0.01082EPSS
CVE
CVE
added 2019/11/21 3:15 p.m.50 views

CVE-2014-1935

9base 1:6-6 and 1:6-7 insecurely creates temporary files which results in predictable filenames.

5.3CVSS5.2AI score0.0047EPSS
CVE
CVE
added 2016/04/13 4:59 p.m.50 views

CVE-2016-2058

Multiple cross-site scripting (XSS) vulnerabilities in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow (1) remote Xymon clients to inject arbitrary web script or HTML via a status-message, which is not properly handled in the "detailed status" page, or (2) remote authenticated users to inject arb...

5.4CVSS6.4AI score0.00249EPSS
CVE
CVE
added 2016/05/13 4:59 p.m.50 views

CVE-2016-3994

The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (application crash) or obtain sensitive information via a crafted image, which triggers an out-of-bounds read.

8.2CVSS8AI score0.01312EPSS
CVE
CVE
added 2017/02/03 3:59 p.m.50 views

CVE-2016-4570

The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.

7.1CVSS5.5AI score0.00808EPSS
CVE
CVE
added 2018/04/13 3:29 p.m.50 views

CVE-2017-0357

A heap-overflow flaw exists in the -tr loader of iucode-tool starting with v1.4 and before v2.1.1, potentially leading to SIGSEGV, or heap corruption.

9.8CVSS9.4AI score0.01689EPSS
CVE
CVE
added 2018/04/13 4:29 p.m.50 views

CVE-2017-0363

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites.

6.1CVSS6.3AI score0.00184EPSS
CVE
CVE
added 2018/04/13 4:29 p.m.50 views

CVE-2017-0365

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations.

4.7CVSS4.8AI score0.00368EPSS
CVE
CVE
added 2018/03/21 8:29 p.m.50 views

CVE-2017-0916

Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component resulting in remote code execution.

9.8CVSS8.8AI score0.01291EPSS
Total number of security vulnerabilities9110