Lucene search

K
DebianDebian Linux

9134 matches found

CVE
CVE
added 2011/05/16 5:55 p.m.52 views

CVE-2011-1799

Google Chrome before 11.0.696.68 does not properly perform casts of variables during interaction with the WebKit engine, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

6.8CVSS7.1AI score0.00614EPSS
CVE
CVE
added 2016/05/13 4:59 p.m.52 views

CVE-2011-5326

imlib2 before 1.4.9 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) by drawing a 2x1 ellipse.

7.5CVSS8.1AI score0.01098EPSS
CVE
CVE
added 2019/11/19 3:15 p.m.52 views

CVE-2012-0842

surf: cookie jar has read access from other local user

5.5CVSS5.1AI score0.00105EPSS
CVE
CVE
added 2019/12/05 6:15 p.m.52 views

CVE-2012-1104

A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed.

5.3CVSS5AI score0.00244EPSS
CVE
CVE
added 2012/10/10 6:55 p.m.52 views

CVE-2012-4430

The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified vectors.

4CVSS5.7AI score0.00607EPSS
CVE
CVE
added 2013/03/07 3:55 p.m.52 views

CVE-2013-2480

The RTPS and RTPS2 dissectors in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allow remote attackers to cause a denial of service (application crash) via a malformed packet.

3.3CVSS6.4AI score0.01423EPSS
CVE
CVE
added 2013/03/07 3:55 p.m.52 views

CVE-2013-2485

The FCSP dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.

6.1CVSS5.4AI score0.0059EPSS
CVE
CVE
added 2019/11/05 7:15 p.m.52 views

CVE-2013-6275

Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php.

6.5CVSS6.4AI score0.01945EPSS
CVE
CVE
added 2019/11/05 2:15 p.m.52 views

CVE-2013-6365

Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions

5.3CVSS5.9AI score0.00334EPSS
CVE
CVE
added 2019/12/11 3:15 p.m.52 views

CVE-2013-7371

node-connects before 2.8.2 has cross site scripting in Sencha Labs Connect middleware (vulnerability due to incomplete fix for CVE-2013-7370)

6.1CVSS6AI score0.01082EPSS
CVE
CVE
added 2019/12/13 2:15 p.m.52 views

CVE-2014-2387

Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities

4.6CVSS5AI score0.00103EPSS
CVE
CVE
added 2017/09/20 6:29 p.m.52 views

CVE-2015-2927

node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause a denial of service (bandwidth consumption).

6.8CVSS6.4AI score0.0129EPSS
CVE
CVE
added 2016/04/11 3:59 p.m.52 views

CVE-2016-1235

The oarsh script in OAR before 2.5.7 allows remote authenticated users of a cluster to obtain sensitive information and possibly gain privileges via vectors related to OpenSSH options.

9CVSS8.1AI score0.01038EPSS
CVE
CVE
added 2017/02/03 3:59 p.m.52 views

CVE-2016-4570

The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.

7.1CVSS5.5AI score0.00808EPSS
CVE
CVE
added 2018/03/21 8:29 p.m.52 views

CVE-2017-0916

Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component resulting in remote code execution.

9.8CVSS8.8AI score0.00519EPSS
CVE
CVE
added 2017/12/14 4:29 p.m.52 views

CVE-2017-17511

KildClient 3.1.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to prefs.c and worldgui.c.

8.8CVSS8.4AI score0.0056EPSS
CVE
CVE
added 2018/02/27 8:29 p.m.52 views

CVE-2017-5660

There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prior and 7.0.0 and prior with the Host header and line folding. This can have issues when interacting with upstream proxies and the wrong host being used.

8.6CVSS8.3AI score0.01279EPSS
CVE
CVE
added 2017/05/02 2:59 p.m.52 views

CVE-2017-7483

Rxvt 2.7.10 is vulnerable to a denial of service attack by passing the value -2^31 inside a terminal escape code, which results in a non-invertible integer that eventually leads to a segfault due to an out of bounds read.

7.5CVSS7.2AI score0.00779EPSS
CVE
CVE
added 2018/08/20 7:31 p.m.52 views

CVE-2018-1000637

zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential denial of service or arbitrary code execution. This attack appear to be exploitable via the victim openning a crafted compressed file. This vulnerability appears to have been fixed...

7.8CVSS7.7AI score0.00399EPSS
CVE
CVE
added 2018/09/28 12:29 a.m.52 views

CVE-2018-16587

In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a user with admin permissions opens it, it causes deletions of arbitrary files that the OTRS web server user has write access to.

6.5CVSS6.5AI score0.0049EPSS
CVE
CVE
added 2018/01/05 8:29 p.m.52 views

CVE-2018-5251

In libming 0.4.8, there is an integer signedness error vulnerability (left shift of a negative value) in the readSBits function (util/read.c). Remote attackers can leverage this vulnerability to cause a denial of service via a crafted swf file.

6.5CVSS6.7AI score0.00561EPSS
CVE
CVE
added 2018/03/05 10:29 p.m.52 views

CVE-2018-7711

HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation. This occurs because of a dependency on PHP func...

8.1CVSS7.8AI score0.00208EPSS
CVE
CVE
added 2018/03/30 8:29 a.m.52 views

CVE-2018-9132

libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.

6.5CVSS6.7AI score0.00667EPSS
CVE
CVE
added 2019/04/15 12:31 p.m.52 views

CVE-2019-11222

gf_bin128_parse in utils/os_divers.c in GPAC 0.7.1 has a buffer overflow issue for the crypt feature when encountering a crafted_drm_file.xml file.

7.8CVSS7.7AI score0.00458EPSS
CVE
CVE
added 2019/08/15 5:15 p.m.52 views

CVE-2019-13218

Division by zero in the predict_point function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file.

5.5CVSS5.3AI score0.00168EPSS
CVE
CVE
added 2020/05/13 3:15 p.m.52 views

CVE-2020-8020

A Improper Neutralization of Input During Web Page Generation vulnerability in open-build-service allows remote attackers to store arbitrary JS code to cause XSS. This issue affects: openSUSE open-build-service versions prior to 7cc32c8e2ff7290698e101d9a80a9dc29a5500fb.

6.5CVSS6.3AI score0.0022EPSS
CVE
CVE
added 2021/11/03 4:15 p.m.52 views

CVE-2021-37149

Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.

7.5CVSS7.4AI score0.00797EPSS
CVE
CVE
added 2000/01/18 5:0 a.m.51 views

CVE-1999-0831

Denial of service in Linux syslogd via a large number of connections.

5CVSS6.9AI score0.0052EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.51 views

CVE-2000-0315

traceroute in NetBSD 1.3.3 and Linux systems allows local unprivileged users to modify the source address of the packets, which could be used in spoofing attacks.

5CVSS6.6AI score0.00439EPSS
CVE
CVE
added 2000/07/19 4:0 a.m.51 views

CVE-2000-0606

Buffer overflow in kon program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via a long -StartupMessage parameter.

7.2CVSS7.2AI score0.00063EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.51 views

CVE-2001-0111

Format string vulnerability in splitvt before 1.6.5 allows local users to execute arbitrary commands via the -rcfile command line argument.

7.2CVSS7.3AI score0.00206EPSS
CVE
CVE
added 2006/04/25 12:50 p.m.51 views

CVE-2006-2016

Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope p...

2.6CVSS5.5AI score0.21986EPSS
CVE
CVE
added 2007/06/21 8:30 p.m.51 views

CVE-2007-2833

Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation.

7.8CVSS6AI score0.01336EPSS
CVE
CVE
added 2008/01/04 2:46 a.m.51 views

CVE-2007-6599

Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list operat...

4.3CVSS6.3AI score0.01346EPSS
CVE
CVE
added 2011/02/04 6:0 p.m.51 views

CVE-2011-0783

Unspecified vulnerability in Google Chrome before 9.0.597.84 allows user-assisted remote attackers to cause a denial of service (application crash) via vectors involving a "bad volume setting."

4.3CVSS6AI score0.01219EPSS
CVE
CVE
added 2019/11/14 2:15 a.m.51 views

CVE-2011-1488

A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when $RepeatedMsgReduction was enabled. A local attacker could use this flaw to cause a denial of the rsyslogd daemon service by crashing the service via a sequence of repeated log messages sent with...

5.5CVSS5.2AI score0.00153EPSS
CVE
CVE
added 2012/01/08 11:55 a.m.51 views

CVE-2011-4361

MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote attackers to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function, or by (2) leveraging an extension, as demonstrated by the CategoryTree, ...

5CVSS6.1AI score0.00316EPSS
CVE
CVE
added 2019/11/06 5:15 p.m.51 views

CVE-2011-4900

TYPO3 before 4.5.4 allows Information Disclosure in the backend.

6.5CVSS6.4AI score0.00338EPSS
CVE
CVE
added 2019/11/07 6:15 p.m.51 views

CVE-2012-0049

OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server.

4.3CVSS4.3AI score0.00622EPSS
CVE
CVE
added 2019/11/25 3:15 p.m.51 views

CVE-2012-5644

libuser has information disclosure when moving user's home directory

5.5CVSS5.6AI score0.00066EPSS
CVE
CVE
added 2016/04/11 3:59 p.m.51 views

CVE-2012-6698

The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds write) via a crafted response.

7.5CVSS7AI score0.00562EPSS
CVE
CVE
added 2013/05/25 3:18 a.m.51 views

CVE-2013-3556

The fragment_add_seq_common function in epan/reassemble.c in the ASN.1 BER dissector in Wireshark before r48943 has an incorrect pointer dereference during a comparison, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

5CVSS6.3AI score0.01538EPSS
CVE
CVE
added 2013/08/29 12:7 p.m.51 views

CVE-2013-5589

SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5CVSS9AI score0.00417EPSS
Web
CVE
CVE
added 2014/04/14 3:9 p.m.51 views

CVE-2014-0159

Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial of service (crash) via a crafted statsVersion argument.

5CVSS6.5AI score0.01389EPSS
CVE
CVE
added 2019/11/21 3:15 p.m.51 views

CVE-2014-1935

9base 1:6-6 and 1:6-7 insecurely creates temporary files which results in predictable filenames.

5.3CVSS5.2AI score0.0047EPSS
CVE
CVE
added 2019/11/22 3:15 p.m.51 views

CVE-2015-7810

libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files

4.7CVSS4.8AI score0.0011EPSS
CVE
CVE
added 2016/04/13 4:59 p.m.51 views

CVE-2016-2058

Multiple cross-site scripting (XSS) vulnerabilities in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow (1) remote Xymon clients to inject arbitrary web script or HTML via a status-message, which is not properly handled in the "detailed status" page, or (2) remote authenticated users to inject arb...

5.4CVSS6.4AI score0.00241EPSS
CVE
CVE
added 2016/04/13 4:59 p.m.51 views

CVE-2016-3982

Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow.

8.8CVSS8.9AI score0.01934EPSS
CVE
CVE
added 2016/05/13 4:59 p.m.51 views

CVE-2016-3994

The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (application crash) or obtain sensitive information via a crafted image, which triggers an out-of-bounds read.

8.2CVSS8AI score0.00993EPSS
CVE
CVE
added 2018/04/13 4:29 p.m.51 views

CVE-2017-0363

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites.

6.1CVSS6.3AI score0.0022EPSS
Total number of security vulnerabilities9134