Lucene search

K
DebianDebian Linux

9134 matches found

CVE
CVE
added 2018/04/13 4:29 p.m.51 views

CVE-2017-0365

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations.

4.7CVSS4.8AI score0.0033EPSS
CVE
CVE
added 2018/04/13 4:29 p.m.51 views

CVE-2017-0367

Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure.

8.8CVSS8.6AI score0.00623EPSS
CVE
CVE
added 2017/10/28 9:29 p.m.51 views

CVE-2017-15955

bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to an "Access violation near NULL on destination operand" and crash when processing a malformed CUE (.cue) file.

5.5CVSS5.2AI score0.00251EPSS
CVE
CVE
added 2017/12/27 5:8 p.m.51 views

CVE-2017-17848

An issue was discovered in Enigmail before 1.9.9. In a variant of CVE-2017-17847, signature spoofing is possible for multipart/related messages because a signed message part can be referenced with a cid: URI but not actually displayed. In other words, the entire containing message appears to be sig...

7.5CVSS7.3AI score0.00872EPSS
CVE
CVE
added 2018/02/27 8:29 p.m.51 views

CVE-2017-7671

There is a DOS attack vulnerability in Apache Traffic Server (ATS) 5.2.0 to 5.3.2, 6.0.0 to 6.2.0, and 7.0.0 with the TLS handshake. This issue can cause the server to coredump.

7.5CVSS7.3AI score0.02741EPSS
CVE
CVE
added 2017/12/03 7:29 a.m.51 views

CVE-2017-8821

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, an attacker can cause a denial of service (application hang) via crafted PEM input that signifies a public key requiring a password, which triggers an attempt by the ...

7.5CVSS7.2AI score0.01001EPSS
CVE
CVE
added 2017/06/28 6:29 a.m.51 views

CVE-2017-9988

The readEncUInt30 function in util/read.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack against parser.c.

6.5CVSS6.9AI score0.00625EPSS
CVE
CVE
added 2018/04/12 4:29 p.m.51 views

CVE-2018-10060

Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php.

5.4CVSS5.4AI score0.00667EPSS
CVE
CVE
added 2018/09/12 11:29 p.m.51 views

CVE-2018-16981

stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function.

8.8CVSS8.8AI score0.00344EPSS
CVE
CVE
added 2018/01/08 7:29 a.m.51 views

CVE-2018-5294

In libming 0.4.8, there is an integer overflow (caused by an out-of-range left shift) in the readUInt32 function (util/read.c). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file.

6.5CVSS7AI score0.00623EPSS
CVE
CVE
added 2019/04/15 12:31 p.m.51 views

CVE-2019-11221

GPAC 0.7.1 has a buffer overflow issue in gf_import_message() in media_import.c.

7.8CVSS7.7AI score0.00185EPSS
CVE
CVE
added 2019/08/15 5:15 p.m.51 views

CVE-2019-13217

A heap buffer overflow in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file.

7.8CVSS8AI score0.00304EPSS
CVE
CVE
added 2022/08/23 8:15 p.m.51 views

CVE-2020-35511

A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file.

7.8CVSS7.4AI score0.00054EPSS
CVE
CVE
added 2021/07/19 5:15 p.m.51 views

CVE-2020-36422

An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel allows recovery of an ECC private key, related to mbedtls_ecp_check_pub_priv, mbedtls_pk_parse_key, mbedtls_pk_parse_keyfile, mbedtls_ecp_mul, and mbedtls_ecp_mul_restartable.

5.3CVSS5.9AI score0.00174EPSS
CVE
CVE
added 2021/08/25 7:15 p.m.51 views

CVE-2021-21842

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when processing an atom using the 'ssix' FOURCC code, due to unchecked arithmetic resu...

8.8CVSS8.6AI score0.00418EPSS
CVE
CVE
added 2021/08/25 7:15 p.m.51 views

CVE-2021-21848

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The library will actually reuse the parser for atoms with the “stsz” FOURCC code when parsing atoms that use the “stz2” FOURCC code and can cause an ...

8.8CVSS8.7AI score0.00246EPSS
CVE
CVE
added 2021/03/22 8:15 a.m.51 views

CVE-2021-28963

Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters.

5.3CVSS5.3AI score0.00488EPSS
CVE
CVE
added 2022/02/02 6:15 a.m.51 views

CVE-2022-24300

Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection.

9.8CVSS9.5AI score0.00714EPSS
CVE
CVE
added 2025/01/28 5:15 p.m.51 views

CVE-2025-0781

An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level.

9.9CVSS7AI score0.00064EPSS
CVE
CVE
added 2003/08/27 4:0 a.m.50 views

CVE-2003-0615

Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter.

4.3CVSS5.4AI score0.07248EPSS
CVE
CVE
added 2004/06/01 4:0 a.m.50 views

CVE-2004-0179

Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code.

6.8CVSS7.1AI score0.07826EPSS
CVE
CVE
added 2005/01/10 5:0 a.m.50 views

CVE-2004-0994

Multiple integer overflows in xzgv 0.8 and earlier allow remote attackers to execute arbitrary code via images with large width and height values, which trigger a heap-based buffer overflow, as demonstrated in the read_prf_file function in readprf.c. NOTE: CVE-2004-0994 and CVE-2004-1095 identify s...

10CVSS7.5AI score0.20999EPSS
CVE
CVE
added 2009/02/13 1:30 a.m.50 views

CVE-2008-6125

Unspecified vulnerability in the user editing interface in Moodle 1.5.x, 1.6 before 1.6.6, and 1.7 before 1.7.3 allows remote authenticated users to gain privileges via unknown vectors.

6.5CVSS6.6AI score0.00391EPSS
CVE
CVE
added 2009/05/06 5:30 p.m.50 views

CVE-2009-1573

xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments.

4.6CVSS6.5AI score0.00061EPSS
CVE
CVE
added 2019/11/27 6:15 p.m.50 views

CVE-2011-2187

xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication.

7.8CVSS7.4AI score0.001EPSS
CVE
CVE
added 2019/11/12 5:15 p.m.50 views

CVE-2012-1572

OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space

7.5CVSS7.3AI score0.00416EPSS
CVE
CVE
added 2012/11/19 12:55 a.m.50 views

CVE-2012-4533

Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated users with repository commit access to inject arbitrary web script or HTML via the "function name" l...

4.3CVSS5.2AI score0.01286EPSS
CVE
CVE
added 2016/04/11 3:59 p.m.50 views

CVE-2012-6700

The decode_search function in dhcp.c in dhcpcd 3.x does not properly free allocated memory, which allows remote DHCP servers to cause a denial of service via a crafted response.

7.5CVSS7.1AI score0.00514EPSS
CVE
CVE
added 2016/05/13 4:59 p.m.50 views

CVE-2014-9771

Integer overflow in imlib2 before 1.4.7 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted image, which triggers an invalid read operation.

7.5CVSS8.1AI score0.01177EPSS
CVE
CVE
added 2017/09/01 9:29 p.m.50 views

CVE-2017-12874

The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities.

7.5CVSS7.7AI score0.00282EPSS
CVE
CVE
added 2017/12/14 4:29 p.m.50 views

CVE-2017-17515

etc/ObjectList in Metview 4.7.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has indicated that the code to access this environmen...

8.8CVSS8.6AI score0.00545EPSS
CVE
CVE
added 2018/06/12 8:29 p.m.50 views

CVE-2018-0496

Directory traversal issues in the D-Mod extractor in DFArc and DFArc2 (as well as in RTsoft's Dink Smallwood HD / ProtonSDK version) before 3.14 allow an attacker to overwrite arbitrary files on the user's system.

7.5CVSS7.3AI score0.00531EPSS
CVE
CVE
added 2020/01/28 5:15 p.m.50 views

CVE-2020-8086

The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the is_admin() function. This grants remote entities admin-only functionality if their username matches the username of a local admin.

9.8CVSS9.1AI score0.0067EPSS
CVE
CVE
added 2021/04/06 8:15 a.m.50 views

CVE-2021-30163

Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values.

7.5CVSS7.3AI score0.00495EPSS
CVE
CVE
added 2021/09/01 3:15 p.m.50 views

CVE-2021-36048

XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

9.3CVSS7.5AI score0.00879EPSS
CVE
CVE
added 2021/12/28 1:15 a.m.50 views

CVE-2021-45910

An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow within the main function. It allows an attacker to write data outside of the allocated buffer. The attacker has control over a part of the address that data is written to, control over the written data, and (to some exte...

7.8CVSS7.5AI score0.00161EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.49 views

CVE-1999-0389

Buffer overflow in the bootp server in the Debian Linux netstd package.

7.2CVSS7.3AI score0.00055EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.49 views

CVE-1999-1565

Man2html 2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

4.6CVSS6.8AI score0.00061EPSS
CVE
CVE
added 2000/04/18 4:0 a.m.49 views

CVE-2000-0107

Linux apcd program allows local attackers to modify arbitrary files via a symlink attack.

7.2CVSS6.8AI score0.00148EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.49 views

CVE-2000-0510

CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service via a malformed IPP request.

5CVSS7AI score0.00763EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.49 views

CVE-2001-0128

Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges.

7.2CVSS6.6AI score0.00055EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.49 views

CVE-2001-0139

inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations.

1.2CVSS6.3AI score0.00076EPSS
CVE
CVE
added 2005/04/27 4:0 a.m.49 views

CVE-2005-0159

The tpkg-* scripts in the toolchain-source 3.0.4 package on Debian GNU/Linux 3.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files.

4.6CVSS6.1AI score0.00061EPSS
CVE
CVE
added 2005/10/05 7:2 p.m.49 views

CVE-2005-2960

cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137.

2.1CVSS6AI score0.00074EPSS
CVE
CVE
added 2006/03/22 11:0 a.m.49 views

CVE-2005-4347

The Linux 2.4 kernel patch in kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux does not correctly set the "chroot barrier" with util-vserver, which allows attackers to access files on the host system that are outside of the vserver.

5CVSS6.1AI score0.00946EPSS
CVE
CVE
added 2008/01/25 12:0 a.m.49 views

CVE-2007-6415

scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute arbitrary code by invoking scp, as implemented by OpenSSH, with the -F and -o options.

8.5CVSS6.9AI score0.01197EPSS
CVE
CVE
added 2019/11/07 11:15 p.m.49 views

CVE-2007-6745

clamav 0.91.2 suffers from a floating point exception when using ScanOLE2.

9.8CVSS9.4AI score0.00651EPSS
CVE
CVE
added 2019/11/12 9:15 p.m.49 views

CVE-2010-3299

The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks.

6.5CVSS6.4AI score0.00152EPSS
CVE
CVE
added 2011/02/10 7:0 p.m.49 views

CVE-2011-0985

Google Chrome before 9.0.597.94 does not properly perform process termination upon memory exhaustion, which has unspecified impact and remote attack vectors.

7.5CVSS6.3AI score0.00422EPSS
CVE
CVE
added 2019/11/20 3:15 p.m.49 views

CVE-2011-1028

The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.

9.8CVSS9.7AI score0.00517EPSS
Total number of security vulnerabilities9134