Lucene search

K
DebianDebian Linux

9127 matches found

CVE
CVE
added 2021/08/25 7:15 p.m.51 views

CVE-2021-21842

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when processing an atom using the 'ssix' FOURCC code, due to unchecked arithmetic resu...

8.8CVSS8.6AI score0.00251EPSS
CVE
CVE
added 2021/03/22 8:15 a.m.51 views

CVE-2021-28963

Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters.

5.3CVSS5.3AI score0.00488EPSS
CVE
CVE
added 2000/07/19 4:0 a.m.50 views

CVE-2000-0606

Buffer overflow in kon program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via a long -StartupMessage parameter.

7.2CVSS7.2AI score0.00063EPSS
CVE
CVE
added 2009/02/13 1:30 a.m.50 views

CVE-2008-6125

Unspecified vulnerability in the user editing interface in Moodle 1.5.x, 1.6 before 1.6.6, and 1.7 before 1.7.3 allows remote authenticated users to gain privileges via unknown vectors.

6.5CVSS6.6AI score0.00391EPSS
CVE
CVE
added 2009/05/06 5:30 p.m.50 views

CVE-2009-1573

xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments.

4.6CVSS6.5AI score0.00061EPSS
CVE
CVE
added 2019/11/27 6:15 p.m.50 views

CVE-2011-2187

xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication.

7.8CVSS7.4AI score0.00091EPSS
CVE
CVE
added 2019/11/12 5:15 p.m.50 views

CVE-2012-1572

OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space

7.5CVSS7.3AI score0.00416EPSS
CVE
CVE
added 2012/11/19 12:55 a.m.50 views

CVE-2012-4533

Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated users with repository commit access to inject arbitrary web script or HTML via the "function name" l...

4.3CVSS5.2AI score0.01286EPSS
CVE
CVE
added 2016/04/11 3:59 p.m.50 views

CVE-2012-6700

The decode_search function in dhcp.c in dhcpcd 3.x does not properly free allocated memory, which allows remote DHCP servers to cause a denial of service via a crafted response.

7.5CVSS7.1AI score0.00514EPSS
CVE
CVE
added 2016/05/13 4:59 p.m.50 views

CVE-2014-9771

Integer overflow in imlib2 before 1.4.7 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted image, which triggers an invalid read operation.

7.5CVSS8.1AI score0.01177EPSS
CVE
CVE
added 2017/10/28 9:29 p.m.50 views

CVE-2017-15955

bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to an "Access violation near NULL on destination operand" and crash when processing a malformed CUE (.cue) file.

5.5CVSS5.2AI score0.00251EPSS
CVE
CVE
added 2017/12/14 4:29 p.m.50 views

CVE-2017-17515

etc/ObjectList in Metview 4.7.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has indicated that the code to access this environmen...

8.8CVSS8.6AI score0.00545EPSS
CVE
CVE
added 2017/12/03 7:29 a.m.50 views

CVE-2017-8821

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, an attacker can cause a denial of service (application hang) via crafted PEM input that signifies a public key requiring a password, which triggers an attempt by the ...

7.5CVSS7.2AI score0.01001EPSS
CVE
CVE
added 2018/06/12 8:29 p.m.50 views

CVE-2018-0496

Directory traversal issues in the D-Mod extractor in DFArc and DFArc2 (as well as in RTsoft's Dink Smallwood HD / ProtonSDK version) before 3.14 allow an attacker to overwrite arbitrary files on the user's system.

7.5CVSS7.3AI score0.00531EPSS
CVE
CVE
added 2022/08/23 8:15 p.m.50 views

CVE-2020-35511

A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file.

7.8CVSS7.4AI score0.00046EPSS
CVE
CVE
added 2021/07/19 5:15 p.m.50 views

CVE-2020-36422

An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel allows recovery of an ECC private key, related to mbedtls_ecp_check_pub_priv, mbedtls_pk_parse_key, mbedtls_pk_parse_keyfile, mbedtls_ecp_mul, and mbedtls_ecp_mul_restartable.

5.3CVSS5.9AI score0.00174EPSS
CVE
CVE
added 2020/01/28 5:15 p.m.50 views

CVE-2020-8086

The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the is_admin() function. This grants remote entities admin-only functionality if their username matches the username of a local admin.

9.8CVSS9.1AI score0.0067EPSS
CVE
CVE
added 2021/08/25 7:15 p.m.50 views

CVE-2021-21848

An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The library will actually reuse the parser for atoms with the “stsz” FOURCC code when parsing atoms that use the “stz2” FOURCC code and can cause an ...

8.8CVSS8.7AI score0.00324EPSS
CVE
CVE
added 2021/09/01 3:15 p.m.50 views

CVE-2021-36048

XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

9.3CVSS7.5AI score0.00879EPSS
CVE
CVE
added 2021/12/28 1:15 a.m.50 views

CVE-2021-45910

An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow within the main function. It allows an attacker to write data outside of the allocated buffer. The attacker has control over a part of the address that data is written to, control over the written data, and (to some exte...

7.8CVSS7.5AI score0.00161EPSS
CVE
CVE
added 2022/02/02 6:15 a.m.50 views

CVE-2022-24300

Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection.

9.8CVSS9.5AI score0.00714EPSS
CVE
CVE
added 2025/01/28 5:15 p.m.50 views

CVE-2025-0781

An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level.

9.9CVSS7AI score0.00064EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.49 views

CVE-1999-1565

Man2html 2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

4.6CVSS6.8AI score0.00061EPSS
CVE
CVE
added 2000/04/18 4:0 a.m.49 views

CVE-2000-0107

Linux apcd program allows local attackers to modify arbitrary files via a symlink attack.

7.2CVSS6.8AI score0.00148EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.49 views

CVE-2000-0510

CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service via a malformed IPP request.

5CVSS7AI score0.00763EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.49 views

CVE-2001-0128

Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges.

7.2CVSS6.6AI score0.00055EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.49 views

CVE-2001-0139

inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations.

1.2CVSS6.3AI score0.00076EPSS
CVE
CVE
added 2003/08/27 4:0 a.m.49 views

CVE-2003-0615

Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter.

4.3CVSS5.4AI score0.07248EPSS
CVE
CVE
added 2005/01/10 5:0 a.m.49 views

CVE-2004-0994

Multiple integer overflows in xzgv 0.8 and earlier allow remote attackers to execute arbitrary code via images with large width and height values, which trigger a heap-based buffer overflow, as demonstrated in the read_prf_file function in readprf.c. NOTE: CVE-2004-0994 and CVE-2004-1095 identify s...

10CVSS7.5AI score0.20999EPSS
CVE
CVE
added 2005/04/27 4:0 a.m.49 views

CVE-2005-0159

The tpkg-* scripts in the toolchain-source 3.0.4 package on Debian GNU/Linux 3.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files.

4.6CVSS6.1AI score0.00061EPSS
CVE
CVE
added 2005/10/05 7:2 p.m.49 views

CVE-2005-2960

cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137.

2.1CVSS6AI score0.00074EPSS
CVE
CVE
added 2006/03/22 11:0 a.m.49 views

CVE-2005-4347

The Linux 2.4 kernel patch in kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux does not correctly set the "chroot barrier" with util-vserver, which allows attackers to access files on the host system that are outside of the vserver.

5CVSS6.1AI score0.00946EPSS
CVE
CVE
added 2008/01/25 12:0 a.m.49 views

CVE-2007-6415

scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute arbitrary code by invoking scp, as implemented by OpenSSH, with the -F and -o options.

8.5CVSS6.9AI score0.01197EPSS
CVE
CVE
added 2011/02/10 7:0 p.m.49 views

CVE-2011-0985

Google Chrome before 9.0.597.94 does not properly perform process termination upon memory exhaustion, which has unspecified impact and remote attack vectors.

7.5CVSS6.3AI score0.00422EPSS
CVE
CVE
added 2019/11/06 3:15 p.m.49 views

CVE-2011-4625

simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages.

7.5CVSS7.4AI score0.00274EPSS
CVE
CVE
added 2019/11/25 3:15 p.m.49 views

CVE-2012-5644

libuser has information disclosure when moving user's home directory

5.5CVSS5.6AI score0.00066EPSS
CVE
CVE
added 2014/04/14 3:9 p.m.49 views

CVE-2014-0159

Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial of service (crash) via a crafted statsVersion argument.

5CVSS6.5AI score0.01389EPSS
CVE
CVE
added 2019/11/22 3:15 p.m.49 views

CVE-2015-5694

Designate does not enforce the DNS protocol limit concerning record set sizes

6.5CVSS6.4AI score0.0094EPSS
CVE
CVE
added 2016/05/13 2:59 p.m.49 views

CVE-2015-5727

The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, related to a length field.

7.8CVSS8.1AI score0.00607EPSS
CVE
CVE
added 2016/04/12 2:59 p.m.49 views

CVE-2015-8702

The DNS::GetResult function in dns.cpp in InspIRCd before 2.0.19 allows remote DNS servers to cause a denial of service (netsplit) via an invalid character in a PTR response, as demonstrated by a "\032" (whitespace) character in a hostname.

8.6CVSS8AI score0.00756EPSS
CVE
CVE
added 2016/05/13 2:59 p.m.49 views

CVE-2016-2849

Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via a timing side-channel attack.

7.5CVSS7.3AI score0.00583EPSS
CVE
CVE
added 2017/09/01 9:29 p.m.49 views

CVE-2017-12874

The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities.

7.5CVSS7.7AI score0.00282EPSS
CVE
CVE
added 2017/10/28 9:29 p.m.49 views

CVE-2017-15954

bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow (with a resultant invalid free) and crash when processing a malformed CUE (.cue) file.

5.5CVSS5.4AI score0.00308EPSS
CVE
CVE
added 2017/06/28 6:29 a.m.49 views

CVE-2017-9989

util/outputtxt.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack.

6.5CVSS6.9AI score0.00625EPSS
CVE
CVE
added 2018/07/02 2:29 p.m.49 views

CVE-2018-13054

An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of (for example) other users' icon files in _on_face_browse_menuitem_activated and _on_face_menuitem_activated. These icon files are written to the respective user's $HO...

8.1CVSS7.8AI score0.00364EPSS
CVE
CVE
added 2018/02/23 9:29 p.m.49 views

CVE-2018-7440

An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836.

9.8CVSS7.1AI score0.01748EPSS
CVE
CVE
added 2021/04/06 8:15 a.m.49 views

CVE-2021-30163

Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values.

7.5CVSS7.3AI score0.00495EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.48 views

CVE-1999-0389

Buffer overflow in the bootp server in the Debian Linux netstd package.

7.2CVSS7.3AI score0.00055EPSS
CVE
CVE
added 2001/09/12 4:0 a.m.48 views

CVE-1999-1496

Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to determine the existence of arbitrary files by attempting to execute the target filename as a program, which generates a different error message when the file does not exist.

2.1CVSS7AI score0.00089EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.48 views

CVE-2000-0513

CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service by authenticating with a user name that does not exist or does not have a shadow password.

5CVSS7.1AI score0.00763EPSS
Total number of security vulnerabilities9127