Lucene search

K
DebianDebian Linux

9109 matches found

CVE
CVE
added 2017/12/27 5:8 p.m.50 views

CVE-2017-17848

An issue was discovered in Enigmail before 1.9.9. In a variant of CVE-2017-17847, signature spoofing is possible for multipart/related messages because a signed message part can be referenced with a cid: URI but not actually displayed. In other words, the entire containing message appears to be sig...

7.5CVSS7.3AI score0.00872EPSS
CVE
CVE
added 2018/02/27 8:29 p.m.50 views

CVE-2017-7671

There is a DOS attack vulnerability in Apache Traffic Server (ATS) 5.2.0 to 5.3.2, 6.0.0 to 6.2.0, and 7.0.0 with the TLS handshake. This issue can cause the server to coredump.

7.5CVSS7.3AI score0.0427EPSS
CVE
CVE
added 2017/06/28 6:29 a.m.50 views

CVE-2017-9988

The readEncUInt30 function in util/read.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack against parser.c.

6.5CVSS6.9AI score0.00625EPSS
CVE
CVE
added 2018/09/28 12:29 a.m.50 views

CVE-2018-16587

In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a user with admin permissions opens it, it causes deletions of arbitrary files that the OTRS web server user has write access to.

6.5CVSS6.5AI score0.00509EPSS
CVE
CVE
added 2018/09/12 11:29 p.m.50 views

CVE-2018-16981

stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function.

8.8CVSS8.8AI score0.00344EPSS
CVE
CVE
added 2018/01/05 8:29 p.m.50 views

CVE-2018-5251

In libming 0.4.8, there is an integer signedness error vulnerability (left shift of a negative value) in the readSBits function (util/read.c). Remote attackers can leverage this vulnerability to cause a denial of service via a crafted swf file.

6.5CVSS6.7AI score0.00561EPSS
CVE
CVE
added 2018/03/05 10:29 p.m.50 views

CVE-2018-7711

HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation. This occurs because of a dependency on PHP func...

8.1CVSS7.8AI score0.0022EPSS
CVE
CVE
added 2018/03/30 8:29 a.m.50 views

CVE-2018-9132

libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.

6.5CVSS6.7AI score0.00649EPSS
CVE
CVE
added 2019/04/15 12:31 p.m.50 views

CVE-2019-11222

gf_bin128_parse in utils/os_divers.c in GPAC 0.7.1 has a buffer overflow issue for the crypt feature when encountering a crafted_drm_file.xml file.

7.8CVSS7.7AI score0.00458EPSS
CVE
CVE
added 2019/08/15 5:15 p.m.50 views

CVE-2019-13217

A heap buffer overflow in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file.

7.8CVSS8AI score0.00304EPSS
CVE
CVE
added 2019/08/15 5:15 p.m.50 views

CVE-2019-13218

Division by zero in the predict_point function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file.

5.5CVSS5.3AI score0.00168EPSS
CVE
CVE
added 2020/12/15 6:15 p.m.50 views

CVE-2020-29482

An issue was discovered in Xen through 4.14.x. A guest may access xenstore paths via absolute paths containing a full pathname, or via a relative path, which implicitly includes /local/domain/$DOMID for their own domain id. Management tools must access paths in guests' namespaces, necessarily using...

6CVSS6.8AI score0.00064EPSS
CVE
CVE
added 2021/08/25 7:15 p.m.50 views

CVE-2021-21842

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when processing an atom using the 'ssix' FOURCC code, due to unchecked arithmetic resu...

8.8CVSS8.6AI score0.00247EPSS
CVE
CVE
added 2021/11/03 4:15 p.m.50 views

CVE-2021-37149

Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.

7.5CVSS7.4AI score0.00797EPSS
CVE
CVE
added 2000/07/19 4:0 a.m.49 views

CVE-2000-0606

Buffer overflow in kon program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via a long -StartupMessage parameter.

7.2CVSS7.2AI score0.00063EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.49 views

CVE-2002-0875

Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows unprivileged users to obtain the names of files whose access is restricted to the root group.

2.1CVSS6.2AI score0.01068EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.49 views

CVE-2002-1232

Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist.

5CVSS6.3AI score0.04451EPSS
CVE
CVE
added 2009/02/13 1:30 a.m.49 views

CVE-2008-6125

Unspecified vulnerability in the user editing interface in Moodle 1.5.x, 1.6 before 1.6.6, and 1.7 before 1.7.3 allows remote authenticated users to gain privileges via unknown vectors.

6.5CVSS6.6AI score0.00391EPSS
CVE
CVE
added 2009/03/25 11:30 p.m.49 views

CVE-2009-0784

Race condition in the SystemTap stap tool 0.0.20080705 and 0.0.20090314 allows local users in the stapusr group to insert arbitrary SystemTap kernel modules and gain privileges via unknown vectors.

6.3CVSS6.2AI score0.00039EPSS
CVE
CVE
added 2009/05/06 5:30 p.m.49 views

CVE-2009-1573

xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments.

4.6CVSS6.5AI score0.00061EPSS
CVE
CVE
added 2019/11/27 6:15 p.m.49 views

CVE-2011-2187

xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication.

7.8CVSS7.4AI score0.00091EPSS
CVE
CVE
added 2012/01/08 11:55 a.m.49 views

CVE-2011-4361

MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote attackers to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function, or by (2) leveraging an extension, as demonstrated by the CategoryTree, ...

5CVSS6.1AI score0.00231EPSS
CVE
CVE
added 2012/10/10 6:55 p.m.49 views

CVE-2012-4430

The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified vectors.

4CVSS5.7AI score0.00607EPSS
CVE
CVE
added 2012/11/19 12:55 a.m.49 views

CVE-2012-4533

Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated users with repository commit access to inject arbitrary web script or HTML via the "function name" l...

4.3CVSS5.2AI score0.01286EPSS
CVE
CVE
added 2016/04/11 3:59 p.m.49 views

CVE-2012-6698

The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds write) via a crafted response.

7.5CVSS7AI score0.00562EPSS
CVE
CVE
added 2013/05/25 3:18 a.m.49 views

CVE-2013-3556

The fragment_add_seq_common function in epan/reassemble.c in the ASN.1 BER dissector in Wireshark before r48943 has an incorrect pointer dereference during a comparison, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

5CVSS6.3AI score0.01538EPSS
CVE
CVE
added 2013/08/29 12:7 p.m.49 views

CVE-2013-5589

SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5CVSS9AI score0.00417EPSS
CVE
CVE
added 2019/11/22 3:15 p.m.49 views

CVE-2015-7810

libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files

4.7CVSS4.8AI score0.0011EPSS
CVE
CVE
added 2016/04/11 3:59 p.m.49 views

CVE-2016-1235

The oarsh script in OAR before 2.5.7 allows remote authenticated users of a cluster to obtain sensitive information and possibly gain privileges via vectors related to OpenSSH options.

9CVSS8.1AI score0.01038EPSS
CVE
CVE
added 2016/04/13 4:59 p.m.49 views

CVE-2016-3982

Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow.

8.8CVSS8.9AI score0.02288EPSS
CVE
CVE
added 2018/04/13 4:29 p.m.49 views

CVE-2017-0367

Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure.

8.8CVSS8.6AI score0.00511EPSS
CVE
CVE
added 2017/10/28 9:29 p.m.49 views

CVE-2017-15955

bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to an "Access violation near NULL on destination operand" and crash when processing a malformed CUE (.cue) file.

5.5CVSS5.2AI score0.00251EPSS
CVE
CVE
added 2018/02/27 8:29 p.m.49 views

CVE-2017-5660

There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prior and 7.0.0 and prior with the Host header and line folding. This can have issues when interacting with upstream proxies and the wrong host being used.

8.6CVSS8.3AI score0.02584EPSS
CVE
CVE
added 2017/12/03 7:29 a.m.49 views

CVE-2017-8821

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, an attacker can cause a denial of service (application hang) via crafted PEM input that signifies a public key requiring a password, which triggers an attempt by the ...

7.5CVSS7.2AI score0.01001EPSS
CVE
CVE
added 2018/06/12 8:29 p.m.49 views

CVE-2018-0496

Directory traversal issues in the D-Mod extractor in DFArc and DFArc2 (as well as in RTsoft's Dink Smallwood HD / ProtonSDK version) before 3.14 allow an attacker to overwrite arbitrary files on the user's system.

7.5CVSS7.3AI score0.00531EPSS
CVE
CVE
added 2018/01/08 7:29 a.m.49 views

CVE-2018-5294

In libming 0.4.8, there is an integer overflow (caused by an out-of-range left shift) in the readUInt32 function (util/read.c). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file.

6.5CVSS7AI score0.00623EPSS
CVE
CVE
added 2019/04/15 12:31 p.m.49 views

CVE-2019-11221

GPAC 0.7.1 has a buffer overflow issue in gf_import_message() in media_import.c.

7.8CVSS7.7AI score0.00185EPSS
CVE
CVE
added 2021/08/25 7:15 p.m.49 views

CVE-2021-21848

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The library will actually reuse the parser for atoms with the “stsz” FOURCC code when parsing atoms that use the “stz2” FOURCC code and can cause an ...

8.8CVSS8.7AI score0.00319EPSS
CVE
CVE
added 2021/03/22 8:15 a.m.49 views

CVE-2021-28963

Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters.

5.3CVSS5.3AI score0.00488EPSS
CVE
CVE
added 2021/09/01 3:15 p.m.49 views

CVE-2021-36056

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

9.3CVSS6.7AI score0.00404EPSS
CVE
CVE
added 2021/09/01 3:15 p.m.49 views

CVE-2021-36058

XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Integer Overflow vulnerability potentially resulting in application-level denial of service in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

5.5CVSS5.6AI score0.00503EPSS
CVE
CVE
added 2021/12/28 1:15 a.m.49 views

CVE-2021-45910

An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow within the main function. It allows an attacker to write data outside of the allocated buffer. The attacker has control over a part of the address that data is written to, control over the written data, and (to some exte...

7.8CVSS7.5AI score0.00161EPSS
CVE
CVE
added 2022/02/02 6:15 a.m.49 views

CVE-2022-24300

Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection.

9.8CVSS9.5AI score0.00678EPSS
CVE
CVE
added 2000/04/18 4:0 a.m.48 views

CVE-2000-0107

Linux apcd program allows local attackers to modify arbitrary files via a symlink attack.

7.2CVSS6.8AI score0.00148EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.48 views

CVE-2000-0510

CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service via a malformed IPP request.

5CVSS7AI score0.00763EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.48 views

CVE-2001-0128

Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges.

7.2CVSS6.6AI score0.00055EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.48 views

CVE-2001-0139

inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations.

1.2CVSS6.3AI score0.00076EPSS
CVE
CVE
added 2005/01/10 5:0 a.m.48 views

CVE-2004-0994

Multiple integer overflows in xzgv 0.8 and earlier allow remote attackers to execute arbitrary code via images with large width and height values, which trigger a heap-based buffer overflow, as demonstrated in the read_prf_file function in readprf.c. NOTE: CVE-2004-0994 and CVE-2004-1095 identify s...

10CVSS7.5AI score0.15734EPSS
CVE
CVE
added 2005/04/27 4:0 a.m.48 views

CVE-2005-0159

The tpkg-* scripts in the toolchain-source 3.0.4 package on Debian GNU/Linux 3.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files.

4.6CVSS6.1AI score0.00061EPSS
CVE
CVE
added 2005/10/05 7:2 p.m.48 views

CVE-2005-2960

cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137.

2.1CVSS6AI score0.00074EPSS
Total number of security vulnerabilities9109