Lucene search

K
DebianDebian Linux

9134 matches found

CVE
CVE
added 1999/09/29 4:0 a.m.53 views

CVE-1999-0457

Linux ftpwatch program allows local users to gain root privileges.

7.2CVSS7AI score0.0006EPSS
CVE
CVE
added 2001/09/18 4:0 a.m.53 views

CVE-2001-0456

postinst installation script for Proftpd in Debian 2.2 does not properly change the "run as uid/gid root" configuration when the user enables anonymous access, which causes the server to run at a higher privilege than intended.

7.5CVSS6.5AI score0.00782EPSS
CVE
CVE
added 2001/06/27 4:0 a.m.53 views

CVE-2001-0458

Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and remote attackers to execute arbitrary commands.

7.5CVSS7.3AI score0.02129EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.53 views

CVE-2002-1232

Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist.

5CVSS6.3AI score0.04451EPSS
CVE
CVE
added 2004/12/06 5:0 a.m.53 views

CVE-2002-1581

Directory traversal vulnerability in nph-mr.cgi in Mailreader.com 2.3.20 through 2.3.31 allows remote attackers to view arbitrary files via .. (dot dot) sequences and a null byte (%00) in the configLanguage parameter.

5CVSS6.5AI score0.09746EPSS
CVE
CVE
added 2004/12/23 5:0 a.m.53 views

CVE-2004-0833

Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a Sendmail configuration script with a fixed username and password, which could allow remote attackers to use Sendmail as an open mail relay and send spam messages.

7.5CVSS6.3AI score0.00664EPSS
CVE
CVE
added 2005/01/10 5:0 a.m.53 views

CVE-2004-0915

Multiple unknown vulnerabilities in viewcvs before 0.9.2, when exporting a repository as a tar archive, does not properly implement the hide_cvsroot and forbidden settings, which could allow remote attackers to gain sensitive information.

5CVSS6.6AI score0.00346EPSS
CVE
CVE
added 2005/04/14 4:0 a.m.53 views

CVE-2004-1092

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory.

5CVSS6.3AI score0.00763EPSS
CVE
CVE
added 2005/11/27 12:3 a.m.53 views

CVE-2005-3847

The handle_stop_signal function in signal.c in Linux kernel 2.6.11 up to other versions before 2.6.13 and 2.6.12.6 allows local users to cause a denial of service (deadlock) by sending a SIGKILL to a real-time threaded process while it is performing a core dump.

5.5CVSS5.1AI score0.00067EPSS
CVE
CVE
added 2019/11/13 8:15 p.m.53 views

CVE-2010-4654

poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack.

9.3CVSS7.8AI score0.00468EPSS
CVE
CVE
added 2019/11/14 12:15 a.m.53 views

CVE-2011-0544

phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag.

6.1CVSS6AI score0.00339EPSS
CVE
CVE
added 2019/11/21 2:15 p.m.53 views

CVE-2012-3543

mono 2.10.x ASP.NET Web Form Hash collision DoS

7.5CVSS7.3AI score0.01146EPSS
CVE
CVE
added 2016/12/16 9:59 a.m.53 views

CVE-2013-1430

An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd is created. Its content is the equivalent of the user's cleartext password, DES encrypted with a known key.

9.8CVSS8.1AI score0.00349EPSS
CVE
CVE
added 2016/02/23 7:59 p.m.53 views

CVE-2013-7448

Directory traversal vulnerability in wiki.c in didiwiki allows remote attackers to read arbitrary files via the page parameter to api/page/get.

7.5CVSS7.3AI score0.0055EPSS
Web
CVE
CVE
added 2014/12/31 10:59 p.m.53 views

CVE-2014-8145

Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock function.

7.5CVSS6.9AI score0.12998EPSS
CVE
CVE
added 2015/01/09 6:59 p.m.53 views

CVE-2014-9269

Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT 1.1.0a1 through 1.2.x before 1.2.18, when Extended project browser is enabled, allows remote attackers to inject arbitrary web script or HTML via the project cookie.

2.6CVSS5.3AI score0.00407EPSS
CVE
CVE
added 2015/08/24 2:59 p.m.53 views

CVE-2015-6525

Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer...

7.5CVSS9.6AI score0.01085EPSS
CVE
CVE
added 2018/04/13 3:29 p.m.53 views

CVE-2016-9646

ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery.

5.3CVSS7.2AI score0.00929EPSS
CVE
CVE
added 2018/04/13 3:29 p.m.53 views

CVE-2017-0357

A heap-overflow flaw exists in the -tr loader of iucode-tool starting with v1.4 and before v2.1.1, potentially leading to SIGSEGV, or heap corruption.

9.8CVSS9.4AI score0.01689EPSS
CVE
CVE
added 2018/04/13 4:29 p.m.53 views

CVE-2017-0361

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext.

7.8CVSS7.8AI score0.00092EPSS
CVE
CVE
added 2018/04/13 4:29 p.m.53 views

CVE-2017-0369

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it.

6.5CVSS6.9AI score0.00154EPSS
CVE
CVE
added 2018/04/13 4:29 p.m.53 views

CVE-2017-0370

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter.

5.3CVSS5.5AI score0.00258EPSS
CVE
CVE
added 2017/12/27 5:8 p.m.53 views

CVE-2017-17846

An issue was discovered in Enigmail before 1.9.9. Regular expressions are exploitable for Denial of Service, because of attempts to match arbitrarily long strings, aka TBE-01-003.

7.5CVSS7.4AI score0.00782EPSS
CVE
CVE
added 2017/12/03 7:29 a.m.53 views

CVE-2017-8819

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the replay-cache protection mechanism is ineffective for v2 onion services, aka TROVE-2017-009. An attacker can send many INTRODUCE2 cells to trigger this issue.

7.5CVSS7.5AI score0.00546EPSS
CVE
CVE
added 2018/04/03 7:29 a.m.53 views

CVE-2018-0493

remctld in remctl before 3.14, when an attacker is authorized to execute a command that uses the sudo option, has a use-after-free that leads to a daemon crash, memory corruption, or arbitrary command execution.

7.2CVSS7.1AI score0.01016EPSS
CVE
CVE
added 2018/03/13 1:29 a.m.53 views

CVE-2018-1000098

Teluu PJSIP version 2.7.1 and earlier contains a Integer Overflow vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in 2.7.2.

7.5CVSS7.8AI score0.00704EPSS
CVE
CVE
added 2020/01/06 6:15 p.m.53 views

CVE-2019-18792

An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature by overlapping a TCP segment with a fake FIN packet. The fake FIN packet is injected just before the PUSH ACK packet we want to bypass. The PUSH ACK packet (containing the data) will be ignored by Suri...

9.1CVSS9AI score0.00249EPSS
CVE
CVE
added 2022/06/07 6:15 p.m.53 views

CVE-2019-9971

PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z (aka postrotate-command) option to tcpdump can be unsafe when used in conjunction with s...

9CVSS8.7AI score0.00366EPSS
CVE
CVE
added 2020/12/15 6:15 p.m.53 views

CVE-2020-29482

An issue was discovered in Xen through 4.14.x. A guest may access xenstore paths via absolute paths containing a full pathname, or via a relative path, which implicitly includes /local/domain/$DOMID for their own domain id. Management tools must access paths in guests' namespaces, necessarily using...

6CVSS6.8AI score0.00064EPSS
CVE
CVE
added 2020/05/19 3:15 p.m.53 views

CVE-2020-8021

a Improper Access Control vulnerability in of Open Build Service allows remote attackers to read files of an OBS package where the sourceaccess/access is disabled This issue affects: Open Build Service versions prior to 2.10.5.

5.3CVSS5.3AI score0.00186EPSS
CVE
CVE
added 2021/09/01 3:15 p.m.53 views

CVE-2021-36056

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

9.3CVSS6.7AI score0.00468EPSS
CVE
CVE
added 2021/09/01 3:15 p.m.53 views

CVE-2021-36058

XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Integer Overflow vulnerability potentially resulting in application-level denial of service in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

5.5CVSS5.6AI score0.00584EPSS
CVE
CVE
added 2022/11/02 1:15 p.m.53 views

CVE-2021-37789

stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, leading to Information Disclosure or Denial of Service.

8.1CVSS7.8AI score0.00104EPSS
CVE
CVE
added 2022/01/25 1:15 p.m.53 views

CVE-2021-45845

The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS command injection, allowing an attacker to execute arbitrary commands via a crafted FCStd document.

7.8CVSS7.8AI score0.01422EPSS
CVE
CVE
added 2023/03/01 3:15 p.m.53 views

CVE-2023-24758

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

5.5CVSS5.4AI score0.00028EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.52 views

CVE-1999-0872

Buffer overflow in Vixie cron allows local users to gain root access via a long MAILTO environment variable in a crontab file.

7.2CVSS7.2AI score0.00063EPSS
CVE
CVE
added 2001/06/27 4:0 a.m.52 views

CVE-2001-0441

Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header.

7.5CVSS7.8AI score0.01784EPSS
CVE
CVE
added 2002/06/25 4:0 a.m.52 views

CVE-2002-0004

Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice.

7.2CVSS7.2AI score0.00274EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.52 views

CVE-2002-0875

Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows unprivileged users to obtain the names of files whose access is restricted to the root group.

2.1CVSS6.2AI score0.01068EPSS
CVE
CVE
added 2002/10/04 4:0 a.m.52 views

CVE-2002-0912

in.uucpd UUCP server in Debian GNU/Linux 2.2, and possibly other operating systems, does not properly terminate long strings, which allows remote attackers to cause a denial of service, possibly due to a buffer overflow.

5CVSS7AI score0.00951EPSS
CVE
CVE
added 2003/03/03 5:0 a.m.52 views

CVE-2003-0098

Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10.5, allows remote attackers to gain root privileges, possibly via format strings in a request to a slave server.

10CVSS6.6AI score0.06825EPSS
CVE
CVE
added 2003/06/09 4:0 a.m.52 views

CVE-2003-0361

gPS before 1.1.0 does not properly follow the rgpsp connection source acceptation policy as specified in the rgpsp.conf file, which could allow unauthorized remote attackers to connect to rgpsp.

7.5CVSS6.6AI score0.00636EPSS
CVE
CVE
added 2004/09/28 4:0 a.m.52 views

CVE-2004-0458

mah-jong before 1.6.2 allows remote attackers to cause a denial of service (server crash) via a missing argument, which triggers a null pointer dereference.

7.5CVSS7.3AI score0.02153EPSS
CVE
CVE
added 2004/08/06 4:0 a.m.52 views

CVE-2004-0583

The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords.

5CVSS6.2AI score0.01116EPSS
CVE
CVE
added 2005/08/30 11:45 a.m.52 views

CVE-2005-1855

Backup Manager (backup-manager) before 0.5.8 creates backup files with world-readable default permissions, which allows local users to obtain sensitive information.

2.1CVSS5.8AI score0.00059EPSS
CVE
CVE
added 2007/04/10 6:19 p.m.52 views

CVE-2006-4250

Buffer overflow in man and mandb (man-db) 2.4.3 and earlier allows local users to execute arbitrary code via crafted arguments to the -H flag.

4.6CVSS7.1AI score0.00315EPSS
CVE
CVE
added 2009/01/22 11:30 p.m.52 views

CVE-2009-0255

The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.

7.5CVSS7.2AI score0.05112EPSS
Web
CVE
CVE
added 2019/11/05 8:15 p.m.52 views

CVE-2010-3674

TYPO3 before 4.4.1 allows XSS in the frontend search box.

6.1CVSS7AI score0.00545EPSS
CVE
CVE
added 2019/11/13 10:15 p.m.52 views

CVE-2010-4664

In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. This flaw allows an authenticated system user to escalate their privileges by initiating a remote VNC session.

8.8CVSS8.6AI score0.00197EPSS
CVE
CVE
added 2019/11/14 2:15 a.m.52 views

CVE-2011-1489

A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message b...

5.5CVSS5.3AI score0.00153EPSS
Total number of security vulnerabilities9134