Lucene search

K
DebianDebian Linux

9127 matches found

CVE
CVE
added 2017/12/27 5:8 p.m.53 views

CVE-2017-17846

An issue was discovered in Enigmail before 1.9.9. Regular expressions are exploitable for Denial of Service, because of attempts to match arbitrarily long strings, aka TBE-01-003.

7.5CVSS7.4AI score0.00782EPSS
CVE
CVE
added 2019/04/04 3:29 p.m.53 views

CVE-2018-10242

Suricata version 4.0.4 incorrectly handles the parsing of the SSH banner. A malformed SSH banner can cause the parsing code to read beyond the allocated data because SSHParseBanner in app-layer-ssh.c lacks a length check.

7.5CVSS8.2AI score0.00413EPSS
CVE
CVE
added 2018/12/10 6:29 a.m.53 views

CVE-2018-20004

An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based buffer overflow in mxml_write_node in mxml-file.c via vectors involving a double-precision floating point number and the '' substring, as demonstrated by testmxml.

8.8CVSS8.6AI score0.00821EPSS
CVE
CVE
added 2022/06/07 6:15 p.m.53 views

CVE-2019-9971

PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z (aka postrotate-command) option to tcpdump can be unsafe when used in conjunction with s...

9CVSS8.7AI score0.00366EPSS
CVE
CVE
added 2020/12/15 6:15 p.m.53 views

CVE-2020-29482

An issue was discovered in Xen through 4.14.x. A guest may access xenstore paths via absolute paths containing a full pathname, or via a relative path, which implicitly includes /local/domain/$DOMID for their own domain id. Management tools must access paths in guests' namespaces, necessarily using...

6CVSS6.8AI score0.00064EPSS
CVE
CVE
added 2022/11/02 1:15 p.m.53 views

CVE-2021-37789

stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, leading to Information Disclosure or Denial of Service.

8.1CVSS7.8AI score0.00104EPSS
CVE
CVE
added 2022/01/25 1:15 p.m.53 views

CVE-2021-45845

The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS command injection, allowing an attacker to execute arbitrary commands via a crafted FCStd document.

7.8CVSS7.8AI score0.01334EPSS
CVE
CVE
added 2023/05/03 12:16 p.m.53 views

CVE-2022-40318

An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent...

6.5CVSS6.4AI score0.00159EPSS
CVE
CVE
added 2023/03/01 3:15 p.m.53 views

CVE-2023-24758

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

5.5CVSS5.4AI score0.00022EPSS
CVE
CVE
added 2023/08/11 2:15 p.m.53 views

CVE-2023-39945

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5, a data submessage sent to PDP port raises unhandled BadParamException in fastcdr, which in turn crashes fastdds. Versions 2.11.0, 2...

8.2CVSS7.6AI score0.00067EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.52 views

CVE-1999-0457

Linux ftpwatch program allows local users to gain root privileges.

7.2CVSS7AI score0.0006EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.52 views

CVE-1999-0872

Buffer overflow in Vixie cron allows local users to gain root access via a long MAILTO environment variable in a crontab file.

7.2CVSS7.2AI score0.00063EPSS
CVE
CVE
added 2002/06/25 4:0 a.m.52 views

CVE-2002-0004

Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice.

7.2CVSS7.2AI score0.00274EPSS
CVE
CVE
added 2002/10/04 4:0 a.m.52 views

CVE-2002-0912

in.uucpd UUCP server in Debian GNU/Linux 2.2, and possibly other operating systems, does not properly terminate long strings, which allows remote attackers to cause a denial of service, possibly due to a buffer overflow.

5CVSS7AI score0.00951EPSS
CVE
CVE
added 2004/12/06 5:0 a.m.52 views

CVE-2002-1581

Directory traversal vulnerability in nph-mr.cgi in Mailreader.com 2.3.20 through 2.3.31 allows remote attackers to view arbitrary files via .. (dot dot) sequences and a null byte (%00) in the configLanguage parameter.

5CVSS6.5AI score0.09746EPSS
CVE
CVE
added 2003/06/09 4:0 a.m.52 views

CVE-2003-0361

gPS before 1.1.0 does not properly follow the rgpsp connection source acceptation policy as specified in the rgpsp.conf file, which could allow unauthorized remote attackers to connect to rgpsp.

7.5CVSS6.6AI score0.00636EPSS
CVE
CVE
added 2004/09/28 4:0 a.m.52 views

CVE-2004-0458

mah-jong before 1.6.2 allows remote attackers to cause a denial of service (server crash) via a missing argument, which triggers a null pointer dereference.

7.5CVSS7.3AI score0.02153EPSS
CVE
CVE
added 2004/08/06 4:0 a.m.52 views

CVE-2004-0583

The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords.

5CVSS6.2AI score0.01116EPSS
CVE
CVE
added 2004/12/23 5:0 a.m.52 views

CVE-2004-0833

Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a Sendmail configuration script with a fixed username and password, which could allow remote attackers to use Sendmail as an open mail relay and send spam messages.

7.5CVSS6.3AI score0.00664EPSS
CVE
CVE
added 2005/08/30 11:45 a.m.52 views

CVE-2005-1855

Backup Manager (backup-manager) before 0.5.8 creates backup files with world-readable default permissions, which allows local users to obtain sensitive information.

2.1CVSS5.8AI score0.00059EPSS
CVE
CVE
added 2009/01/22 11:30 p.m.52 views

CVE-2009-0255

The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.

7.5CVSS7.2AI score0.05112EPSS
Web
CVE
CVE
added 2019/11/05 8:15 p.m.52 views

CVE-2010-3674

TYPO3 before 4.4.1 allows XSS in the frontend search box.

6.1CVSS7AI score0.00545EPSS
CVE
CVE
added 2019/11/13 8:15 p.m.52 views

CVE-2010-4654

poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack.

9.3CVSS7.8AI score0.00468EPSS
CVE
CVE
added 2019/11/13 10:15 p.m.52 views

CVE-2010-4664

In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. This flaw allows an authenticated system user to escalate their privileges by initiating a remote VNC session.

8.8CVSS8.6AI score0.00197EPSS
CVE
CVE
added 2019/11/14 2:15 a.m.52 views

CVE-2011-1489

A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message b...

5.5CVSS5.3AI score0.00153EPSS
CVE
CVE
added 2011/05/16 5:55 p.m.52 views

CVE-2011-1799

Google Chrome before 11.0.696.68 does not properly perform casts of variables during interaction with the WebKit engine, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

6.8CVSS7.1AI score0.00614EPSS
CVE
CVE
added 2019/11/19 3:15 p.m.52 views

CVE-2012-0842

surf: cookie jar has read access from other local user

5.5CVSS5.1AI score0.00105EPSS
CVE
CVE
added 2019/12/05 6:15 p.m.52 views

CVE-2012-1104

A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed.

5.3CVSS5AI score0.00244EPSS
CVE
CVE
added 2019/11/19 5:15 p.m.52 views

CVE-2012-6071

nuSOAP before 0.7.3-5 does not properly check the hostname of a cert.

7.5CVSS7.5AI score0.00363EPSS
CVE
CVE
added 2013/03/07 3:55 p.m.52 views

CVE-2013-2480

The RTPS and RTPS2 dissectors in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allow remote attackers to cause a denial of service (application crash) via a malformed packet.

3.3CVSS6.4AI score0.01423EPSS
CVE
CVE
added 2013/03/07 3:55 p.m.52 views

CVE-2013-2485

The FCSP dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.

6.1CVSS5.4AI score0.0059EPSS
CVE
CVE
added 2019/11/05 2:15 p.m.52 views

CVE-2013-6365

Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions

5.3CVSS5.9AI score0.00334EPSS
CVE
CVE
added 2019/12/11 3:15 p.m.52 views

CVE-2013-7371

node-connects before 2.8.2 has cross site scripting in Sencha Labs Connect middleware (vulnerability due to incomplete fix for CVE-2013-7370)

6.1CVSS6AI score0.01082EPSS
CVE
CVE
added 2016/02/23 7:59 p.m.52 views

CVE-2013-7448

Directory traversal vulnerability in wiki.c in didiwiki allows remote attackers to read arbitrary files via the page parameter to api/page/get.

7.5CVSS7.3AI score0.0055EPSS
Web
CVE
CVE
added 2019/12/13 2:15 p.m.52 views

CVE-2014-2387

Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities

4.6CVSS5AI score0.00103EPSS
CVE
CVE
added 2017/09/20 6:29 p.m.52 views

CVE-2015-2927

node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause a denial of service (bandwidth consumption).

6.8CVSS6.4AI score0.0129EPSS
CVE
CVE
added 2018/04/13 3:29 p.m.52 views

CVE-2016-9646

ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery.

5.3CVSS7.2AI score0.00929EPSS
CVE
CVE
added 2018/04/13 3:29 p.m.52 views

CVE-2017-0357

A heap-overflow flaw exists in the -tr loader of iucode-tool starting with v1.4 and before v2.1.1, potentially leading to SIGSEGV, or heap corruption.

9.8CVSS9.4AI score0.01689EPSS
CVE
CVE
added 2018/04/13 4:29 p.m.52 views

CVE-2017-0361

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext.

7.8CVSS7.8AI score0.00092EPSS
CVE
CVE
added 2018/03/21 8:29 p.m.52 views

CVE-2017-0916

Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component resulting in remote code execution.

9.8CVSS8.8AI score0.01219EPSS
CVE
CVE
added 2017/05/02 2:59 p.m.52 views

CVE-2017-7483

Rxvt 2.7.10 is vulnerable to a denial of service attack by passing the value -2^31 inside a terminal escape code, which results in a non-invertible integer that eventually leads to a segfault due to an out of bounds read.

7.5CVSS7.2AI score0.00779EPSS
CVE
CVE
added 2017/12/03 7:29 a.m.52 views

CVE-2017-8819

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the replay-cache protection mechanism is ineffective for v2 onion services, aka TROVE-2017-009. An attacker can send many INTRODUCE2 cells to trigger this issue.

7.5CVSS7.5AI score0.00546EPSS
CVE
CVE
added 2018/04/03 7:29 a.m.52 views

CVE-2018-0493

remctld in remctl before 3.14, when an attacker is authorized to execute a command that uses the sudo option, has a use-after-free that leads to a daemon crash, memory corruption, or arbitrary command execution.

7.2CVSS7.1AI score0.01016EPSS
CVE
CVE
added 2018/03/13 1:29 a.m.52 views

CVE-2018-1000098

Teluu PJSIP version 2.7.1 and earlier contains a Integer Overflow vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in 2.7.2.

7.5CVSS7.8AI score0.00704EPSS
CVE
CVE
added 2018/08/20 7:31 p.m.52 views

CVE-2018-1000637

zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential denial of service or arbitrary code execution. This attack appear to be exploitable via the victim openning a crafted compressed file. This vulnerability appears to have been fixed...

7.8CVSS7.7AI score0.00399EPSS
CVE
CVE
added 2018/09/28 12:29 a.m.52 views

CVE-2018-16587

In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a user with admin permissions opens it, it causes deletions of arbitrary files that the OTRS web server user has write access to.

6.5CVSS6.5AI score0.0049EPSS
CVE
CVE
added 2018/01/05 8:29 p.m.52 views

CVE-2018-5251

In libming 0.4.8, there is an integer signedness error vulnerability (left shift of a negative value) in the readSBits function (util/read.c). Remote attackers can leverage this vulnerability to cause a denial of service via a crafted swf file.

6.5CVSS6.7AI score0.00561EPSS
CVE
CVE
added 2018/03/05 10:29 p.m.52 views

CVE-2018-7711

HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation. This occurs because of a dependency on PHP func...

8.1CVSS7.8AI score0.0022EPSS
CVE
CVE
added 2019/04/15 12:31 p.m.52 views

CVE-2019-11222

gf_bin128_parse in utils/os_divers.c in GPAC 0.7.1 has a buffer overflow issue for the crypt feature when encountering a crafted_drm_file.xml file.

7.8CVSS7.7AI score0.00458EPSS
CVE
CVE
added 2020/01/06 6:15 p.m.52 views

CVE-2019-18792

An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature by overlapping a TCP segment with a fake FIN packet. The fake FIN packet is injected just before the PUSH ACK packet we want to bypass. The PUSH ACK packet (containing the data) will be ignored by Suri...

9.1CVSS9AI score0.00249EPSS
Total number of security vulnerabilities9127