Lucene search

K
DebianDebian Linux

9127 matches found

CVE
CVE
added 2020/05/13 3:15 p.m.52 views

CVE-2020-8020

A Improper Neutralization of Input During Web Page Generation vulnerability in open-build-service allows remote attackers to store arbitrary JS code to cause XSS. This issue affects: openSUSE open-build-service versions prior to 7cc32c8e2ff7290698e101d9a80a9dc29a5500fb.

6.5CVSS6.3AI score0.0022EPSS
CVE
CVE
added 2020/05/19 3:15 p.m.52 views

CVE-2020-8021

a Improper Access Control vulnerability in of Open Build Service allows remote attackers to read files of an OBS package where the sourceaccess/access is disabled This issue affects: Open Build Service versions prior to 2.10.5.

5.3CVSS5.3AI score0.00186EPSS
CVE
CVE
added 2021/09/01 3:15 p.m.52 views

CVE-2021-36056

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

9.3CVSS6.7AI score0.00468EPSS
CVE
CVE
added 2021/09/01 3:15 p.m.52 views

CVE-2021-36058

XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Integer Overflow vulnerability potentially resulting in application-level denial of service in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

5.5CVSS5.6AI score0.00584EPSS
CVE
CVE
added 2021/11/03 4:15 p.m.52 views

CVE-2021-37149

Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.

7.5CVSS7.4AI score0.00797EPSS
CVE
CVE
added 2000/01/18 5:0 a.m.51 views

CVE-1999-0831

Denial of service in Linux syslogd via a large number of connections.

5CVSS6.9AI score0.0052EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.51 views

CVE-2000-0315

traceroute in NetBSD 1.3.3 and Linux systems allows local unprivileged users to modify the source address of the packets, which could be used in spoofing attacks.

5CVSS6.6AI score0.00439EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.51 views

CVE-2001-0111

Format string vulnerability in splitvt before 1.6.5 allows local users to execute arbitrary commands via the -rcfile command line argument.

7.2CVSS7.3AI score0.00206EPSS
CVE
CVE
added 2001/06/27 4:0 a.m.51 views

CVE-2001-0441

Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header.

7.5CVSS7.8AI score0.01437EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.51 views

CVE-2002-0875

Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows unprivileged users to obtain the names of files whose access is restricted to the root group.

2.1CVSS6.2AI score0.01068EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.51 views

CVE-2002-1232

Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist.

5CVSS6.3AI score0.04451EPSS
CVE
CVE
added 2003/03/03 5:0 a.m.51 views

CVE-2003-0098

Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10.5, allows remote attackers to gain root privileges, possibly via format strings in a request to a slave server.

10CVSS6.6AI score0.06825EPSS
CVE
CVE
added 2006/04/25 12:50 p.m.51 views

CVE-2006-2016

Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope p...

2.6CVSS5.5AI score0.1952EPSS
CVE
CVE
added 2007/04/10 6:19 p.m.51 views

CVE-2006-4250

Buffer overflow in man and mandb (man-db) 2.4.3 and earlier allows local users to execute arbitrary code via crafted arguments to the -H flag.

4.6CVSS7.1AI score0.00315EPSS
CVE
CVE
added 2007/06/21 8:30 p.m.51 views

CVE-2007-2833

Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation.

7.8CVSS6AI score0.01336EPSS
CVE
CVE
added 2008/01/04 2:46 a.m.51 views

CVE-2007-6599

Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list operat...

4.3CVSS6.3AI score0.01346EPSS
CVE
CVE
added 2011/02/04 6:0 p.m.51 views

CVE-2011-0783

Unspecified vulnerability in Google Chrome before 9.0.597.84 allows user-assisted remote attackers to cause a denial of service (application crash) via vectors involving a "bad volume setting."

4.3CVSS6AI score0.01219EPSS
CVE
CVE
added 2019/11/14 2:15 a.m.51 views

CVE-2011-1488

A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when $RepeatedMsgReduction was enabled. A local attacker could use this flaw to cause a denial of the rsyslogd daemon service by crashing the service via a sequence of repeated log messages sent with...

5.5CVSS5.2AI score0.00153EPSS
CVE
CVE
added 2012/01/08 11:55 a.m.51 views

CVE-2011-4361

MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote attackers to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function, or by (2) leveraging an extension, as demonstrated by the CategoryTree, ...

5CVSS6.1AI score0.00316EPSS
CVE
CVE
added 2019/11/06 5:15 p.m.51 views

CVE-2011-4900

TYPO3 before 4.5.4 allows Information Disclosure in the backend.

6.5CVSS6.4AI score0.00338EPSS
CVE
CVE
added 2016/05/13 4:59 p.m.51 views

CVE-2011-5326

imlib2 before 1.4.9 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) by drawing a 2x1 ellipse.

7.5CVSS8.1AI score0.01098EPSS
CVE
CVE
added 2019/11/07 6:15 p.m.51 views

CVE-2012-0049

OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server.

4.3CVSS4.3AI score0.00622EPSS
CVE
CVE
added 2012/10/10 6:55 p.m.51 views

CVE-2012-4430

The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified vectors.

4CVSS5.7AI score0.00607EPSS
CVE
CVE
added 2016/04/11 3:59 p.m.51 views

CVE-2012-6698

The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds write) via a crafted response.

7.5CVSS7AI score0.00562EPSS
CVE
CVE
added 2013/05/25 3:18 a.m.51 views

CVE-2013-3556

The fragment_add_seq_common function in epan/reassemble.c in the ASN.1 BER dissector in Wireshark before r48943 has an incorrect pointer dereference during a comparison, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

5CVSS6.3AI score0.01538EPSS
CVE
CVE
added 2013/08/29 12:7 p.m.51 views

CVE-2013-5589

SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5CVSS9AI score0.00417EPSS
Web
CVE
CVE
added 2019/11/05 7:15 p.m.51 views

CVE-2013-6275

Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php.

6.5CVSS6.4AI score0.01945EPSS
CVE
CVE
added 2019/11/21 3:15 p.m.51 views

CVE-2014-1935

9base 1:6-6 and 1:6-7 insecurely creates temporary files which results in predictable filenames.

5.3CVSS5.2AI score0.0047EPSS
CVE
CVE
added 2019/11/22 3:15 p.m.51 views

CVE-2015-7810

libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files

4.7CVSS4.8AI score0.0011EPSS
CVE
CVE
added 2016/04/11 3:59 p.m.51 views

CVE-2016-1235

The oarsh script in OAR before 2.5.7 allows remote authenticated users of a cluster to obtain sensitive information and possibly gain privileges via vectors related to OpenSSH options.

9CVSS8.1AI score0.01038EPSS
CVE
CVE
added 2016/04/13 4:59 p.m.51 views

CVE-2016-2058

Multiple cross-site scripting (XSS) vulnerabilities in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow (1) remote Xymon clients to inject arbitrary web script or HTML via a status-message, which is not properly handled in the "detailed status" page, or (2) remote authenticated users to inject arb...

5.4CVSS6.4AI score0.00241EPSS
CVE
CVE
added 2016/04/13 4:59 p.m.51 views

CVE-2016-3982

Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow.

8.8CVSS8.9AI score0.01884EPSS
CVE
CVE
added 2016/05/13 4:59 p.m.51 views

CVE-2016-3994

The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (application crash) or obtain sensitive information via a crafted image, which triggers an out-of-bounds read.

8.2CVSS8AI score0.00993EPSS
CVE
CVE
added 2017/02/03 3:59 p.m.51 views

CVE-2016-4570

The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.

7.1CVSS5.5AI score0.00808EPSS
CVE
CVE
added 2018/04/13 4:29 p.m.51 views

CVE-2017-0363

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites.

6.1CVSS6.3AI score0.0022EPSS
CVE
CVE
added 2018/04/13 4:29 p.m.51 views

CVE-2017-0365

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations.

4.7CVSS4.8AI score0.0033EPSS
CVE
CVE
added 2018/04/13 4:29 p.m.51 views

CVE-2017-0367

Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure.

8.8CVSS8.6AI score0.00623EPSS
CVE
CVE
added 2017/12/14 4:29 p.m.51 views

CVE-2017-17511

KildClient 3.1.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to prefs.c and worldgui.c.

8.8CVSS8.4AI score0.0056EPSS
CVE
CVE
added 2017/12/27 5:8 p.m.51 views

CVE-2017-17848

An issue was discovered in Enigmail before 1.9.9. In a variant of CVE-2017-17847, signature spoofing is possible for multipart/related messages because a signed message part can be referenced with a cid: URI but not actually displayed. In other words, the entire containing message appears to be sig...

7.5CVSS7.3AI score0.00872EPSS
CVE
CVE
added 2018/02/27 8:29 p.m.51 views

CVE-2017-5660

There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prior and 7.0.0 and prior with the Host header and line folding. This can have issues when interacting with upstream proxies and the wrong host being used.

8.6CVSS8.3AI score0.01279EPSS
CVE
CVE
added 2018/02/27 8:29 p.m.51 views

CVE-2017-7671

There is a DOS attack vulnerability in Apache Traffic Server (ATS) 5.2.0 to 5.3.2, 6.0.0 to 6.2.0, and 7.0.0 with the TLS handshake. This issue can cause the server to coredump.

7.5CVSS7.3AI score0.02741EPSS
CVE
CVE
added 2017/06/28 6:29 a.m.51 views

CVE-2017-9988

The readEncUInt30 function in util/read.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack against parser.c.

6.5CVSS6.9AI score0.00625EPSS
CVE
CVE
added 2018/04/12 4:29 p.m.51 views

CVE-2018-10060

Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php.

5.4CVSS5.4AI score0.00667EPSS
CVE
CVE
added 2018/09/12 11:29 p.m.51 views

CVE-2018-16981

stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function.

8.8CVSS8.8AI score0.00344EPSS
CVE
CVE
added 2018/01/08 7:29 a.m.51 views

CVE-2018-5294

In libming 0.4.8, there is an integer overflow (caused by an out-of-range left shift) in the readUInt32 function (util/read.c). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file.

6.5CVSS7AI score0.00623EPSS
CVE
CVE
added 2018/03/30 8:29 a.m.51 views

CVE-2018-9132

libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.

6.5CVSS6.7AI score0.00649EPSS
CVE
CVE
added 2019/04/15 12:31 p.m.51 views

CVE-2019-11221

GPAC 0.7.1 has a buffer overflow issue in gf_import_message() in media_import.c.

7.8CVSS7.7AI score0.00185EPSS
CVE
CVE
added 2019/08/15 5:15 p.m.51 views

CVE-2019-13217

A heap buffer overflow in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file.

7.8CVSS8AI score0.00304EPSS
CVE
CVE
added 2019/08/15 5:15 p.m.51 views

CVE-2019-13218

Division by zero in the predict_point function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file.

5.5CVSS5.3AI score0.00168EPSS
CVE
CVE
added 2022/09/02 6:15 p.m.51 views

CVE-2020-22669

Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications.

9.8CVSS9.6AI score0.00067EPSS
Total number of security vulnerabilities9127