Lucene search

K
DebianDebian Linux

9110 matches found

CVE
CVE
added 2005/10/05 7:2 p.m.48 views

CVE-2005-2960

cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137.

2.1CVSS6AI score0.00074EPSS
CVE
CVE
added 2006/03/22 11:0 a.m.48 views

CVE-2005-4347

The Linux 2.4 kernel patch in kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux does not correctly set the "chroot barrier" with util-vserver, which allows attackers to access files on the host system that are outside of the vserver.

5CVSS6.1AI score0.00946EPSS
CVE
CVE
added 2008/01/25 12:0 a.m.48 views

CVE-2007-6415

scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute arbitrary code by invoking scp, as implemented by OpenSSH, with the -F and -o options.

8.5CVSS6.9AI score0.01197EPSS
CVE
CVE
added 2011/02/10 7:0 p.m.48 views

CVE-2011-0985

Google Chrome before 9.0.597.94 does not properly perform process termination upon memory exhaustion, which has unspecified impact and remote attack vectors.

7.5CVSS6.3AI score0.00422EPSS
CVE
CVE
added 2019/11/06 3:15 p.m.48 views

CVE-2011-4625

simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages.

7.5CVSS7.4AI score0.00274EPSS
CVE
CVE
added 2019/11/06 5:15 p.m.48 views

CVE-2011-4900

TYPO3 before 4.5.4 allows Information Disclosure in the backend.

6.5CVSS6.4AI score0.00338EPSS
CVE
CVE
added 2019/11/12 5:15 p.m.48 views

CVE-2012-1572

OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space

7.5CVSS7.3AI score0.00416EPSS
CVE
CVE
added 2014/04/14 3:9 p.m.48 views

CVE-2014-0159

Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial of service (crash) via a crafted statsVersion argument.

5CVSS6.5AI score0.01389EPSS
CVE
CVE
added 2016/05/13 4:59 p.m.48 views

CVE-2014-9771

Integer overflow in imlib2 before 1.4.7 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted image, which triggers an invalid read operation.

7.5CVSS8.1AI score0.01229EPSS
CVE
CVE
added 2019/11/22 3:15 p.m.48 views

CVE-2015-5694

Designate does not enforce the DNS protocol limit concerning record set sizes

6.5CVSS6.4AI score0.0094EPSS
CVE
CVE
added 2016/05/13 2:59 p.m.48 views

CVE-2015-5727

The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, related to a length field.

7.8CVSS8.1AI score0.00607EPSS
CVE
CVE
added 2016/04/12 2:59 p.m.48 views

CVE-2015-8702

The DNS::GetResult function in dns.cpp in InspIRCd before 2.0.19 allows remote DNS servers to cause a denial of service (netsplit) via an invalid character in a PTR response, as demonstrated by a "\032" (whitespace) character in a hostname.

8.6CVSS8AI score0.00756EPSS
CVE
CVE
added 2016/05/13 2:59 p.m.48 views

CVE-2016-2849

Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via a timing side-channel attack.

7.5CVSS7.3AI score0.00586EPSS
CVE
CVE
added 2017/10/28 9:29 p.m.48 views

CVE-2017-15954

bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow (with a resultant invalid free) and crash when processing a malformed CUE (.cue) file.

5.5CVSS5.4AI score0.00308EPSS
CVE
CVE
added 2018/04/12 4:29 p.m.48 views

CVE-2018-10060

Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php.

5.4CVSS5.4AI score0.00667EPSS
CVE
CVE
added 2018/07/02 2:29 p.m.48 views

CVE-2018-13054

An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of (for example) other users' icon files in _on_face_browse_menuitem_activated and _on_face_menuitem_activated. These icon files are written to the respective user's $HO...

8.1CVSS7.8AI score0.00364EPSS
CVE
CVE
added 2021/07/19 5:15 p.m.48 views

CVE-2020-36422

An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel allows recovery of an ECC private key, related to mbedtls_ecp_check_pub_priv, mbedtls_pk_parse_key, mbedtls_pk_parse_keyfile, mbedtls_ecp_mul, and mbedtls_ecp_mul_restartable.

5.3CVSS5.9AI score0.00174EPSS
CVE
CVE
added 2020/01/28 5:15 p.m.48 views

CVE-2020-8086

The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the is_admin() function. This grants remote entities admin-only functionality if their username matches the username of a local admin.

9.8CVSS9.1AI score0.0067EPSS
CVE
CVE
added 2021/04/06 8:15 a.m.48 views

CVE-2021-30163

Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values.

7.5CVSS7.3AI score0.00495EPSS
CVE
CVE
added 2023/05/03 12:16 p.m.48 views

CVE-2022-40318

An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent...

6.5CVSS6.4AI score0.00159EPSS
CVE
CVE
added 2001/09/12 4:0 a.m.47 views

CVE-1999-1496

Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to determine the existence of arbitrary files by attempting to execute the target filename as a program, which generates a different error message when the file does not exist.

2.1CVSS7AI score0.00089EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.47 views

CVE-1999-1565

Man2html 2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

4.6CVSS6.8AI score0.00061EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.47 views

CVE-2000-0513

CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service by authenticating with a user name that does not exist or does not have a shadow password.

5CVSS7.1AI score0.00763EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.47 views

CVE-2001-0138

privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack.

1.2CVSS6.3AI score0.00076EPSS
CVE
CVE
added 2003/06/09 4:0 a.m.47 views

CVE-2003-0360

Multiple buffer overflows in gPS before 1.0.0 allow attackers to cause a denial of service and possibly execute arbitrary code.

7.5CVSS7.4AI score0.0092EPSS
CVE
CVE
added 2003/08/27 4:0 a.m.47 views

CVE-2003-0615

Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter.

4.3CVSS5.4AI score0.07248EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.47 views

CVE-2005-0076

Multiple buffer overflows in the XView library 3.2 may allow local users to execute arbitrary code via setuid applications that use the library.

7.2CVSS7.1AI score0.00057EPSS
CVE
CVE
added 2006/12/18 2:28 a.m.47 views

CVE-2006-6614

The save_log_local function in Fully Automatic Installation (FAI) 2.10.1, and possibly 3.1.2, when verbose mode is enabled, stores the root password hash in /var/log/fai/current/fai.log, whose file permissions allow it to be copied to other hosts when fai-savelog is called and allows attackers to o...

1.9CVSS6.8AI score0.00066EPSS
CVE
CVE
added 2019/11/07 11:15 p.m.47 views

CVE-2007-6745

clamav 0.91.2 suffers from a floating point exception when using ScanOLE2.

9.8CVSS9.4AI score0.00651EPSS
CVE
CVE
added 2011/01/14 5:0 p.m.47 views

CVE-2011-0474

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a ...

10CVSS7.3AI score0.02875EPSS
CVE
CVE
added 2019/11/19 4:15 p.m.47 views

CVE-2012-0843

uzbl: Information disclosure via world-readable cookies storage file

5.5CVSS5.2AI score0.00146EPSS
CVE
CVE
added 2019/11/25 3:15 p.m.47 views

CVE-2012-5644

libuser has information disclosure when moving user's home directory

5.5CVSS5.6AI score0.00066EPSS
CVE
CVE
added 2013/11/05 9:55 p.m.47 views

CVE-2013-4134

OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key.

4.3CVSS6.4AI score0.00152EPSS
CVE
CVE
added 2019/11/05 3:15 p.m.47 views

CVE-2013-6461

Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits

6.5CVSS6.4AI score0.02046EPSS
CVE
CVE
added 2015/01/09 6:59 p.m.47 views

CVE-2014-9271

Cross-site scripting (XSS) vulnerability in file_download.php in MantisBT before 1.2.18 allows remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image extension, related to inline attachments, as demonstrated by a .swf.jpeg filename.

5.4CVSS5AI score0.00833EPSS
CVE
CVE
added 2015/05/14 2:59 p.m.47 views

CVE-2015-0971

The DER parser in Suricata before 2.0.8 allows remote attackers to cause a denial of service (crash) via vectors related to SSL/TLS certificates.

5CVSS6.3AI score0.00255EPSS
CVE
CVE
added 2015/09/02 10:59 a.m.47 views

CVE-2015-6587

The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC.

4CVSS6AI score0.00625EPSS
CVE
CVE
added 2017/04/13 2:59 p.m.47 views

CVE-2015-6674

Buffer underflow vulnerability in the Debian inspircd package before 2.0.5-1+deb7u1 for wheezy and before 2.0.16-1 for jessie and sid. NOTE: This issue exists as an additional issue from an incomplete fix of CVE-2012-1836.

9.8CVSS9.3AI score0.07419EPSS
CVE
CVE
added 2017/09/01 9:29 p.m.47 views

CVE-2017-12874

The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities.

7.5CVSS7.7AI score0.00282EPSS
CVE
CVE
added 2017/05/17 2:29 p.m.47 views

CVE-2017-8849

smb4k before 2.0.1 allows local users to gain root privileges by leveraging failure to verify arguments to the mount helper DBUS service.

7.8CVSS7.4AI score0.00242EPSS
CVE
CVE
added 2017/06/28 6:29 a.m.47 views

CVE-2017-9989

util/outputtxt.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack.

6.5CVSS6.9AI score0.00625EPSS
CVE
CVE
added 2018/02/09 11:29 p.m.47 views

CVE-2018-1000041

GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable via...

8.8CVSS8.4AI score0.0048EPSS
CVE
CVE
added 2018/02/23 9:29 p.m.47 views

CVE-2018-7440

An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836.

9.8CVSS7.1AI score0.01748EPSS
CVE
CVE
added 2018/02/28 6:29 a.m.47 views

CVE-2018-7553

There is a heap-based buffer overflow in the pcxLoadRaster function of in_pcx.cpp in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.

9.8CVSS9.7AI score0.00589EPSS
CVE
CVE
added 2018/03/08 6:29 p.m.47 views

CVE-2018-7868

There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input will lead to a denial of service attack.

6.5CVSS7.1AI score0.00571EPSS
CVE
CVE
added 2019/04/28 4:29 p.m.47 views

CVE-2019-11579

dhcp.c in dhcpcd before 7.2.1 contains a 1-byte read overflow with DHO_OPTSOVERLOADED.

5.3CVSS5.2AI score0.00473EPSS
CVE
CVE
added 2022/06/07 6:15 p.m.47 views

CVE-2019-9972

PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of " followed by " mishandling.

9CVSS8.6AI score0.00446EPSS
CVE
CVE
added 2022/09/02 6:15 p.m.47 views

CVE-2020-22669

Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications.

9.8CVSS9.6AI score0.0006EPSS
CVE
CVE
added 2022/08/23 8:15 p.m.47 views

CVE-2020-35511

A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file.

7.8CVSS7.4AI score0.00057EPSS
CVE
CVE
added 2021/09/01 3:15 p.m.47 views

CVE-2021-36048

XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

9.3CVSS7.5AI score0.00879EPSS
Total number of security vulnerabilities9110