Lucene search

K
DebianDebian Linux

9110 matches found

CVE
CVE
added 2000/02/04 5:0 a.m.46 views

CVE-1999-0389

Buffer overflow in the bootp server in the Debian Linux netstd package.

7.2CVSS7.3AI score0.00055EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.46 views

CVE-1999-0804

Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, and IP header lengths.

5CVSS7AI score0.03718EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.46 views

CVE-2001-0233

Buffer overflow in micq client 0.4.6 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Description field.

10CVSS7.8AI score0.14821EPSS
CVE
CVE
added 2002/11/04 5:0 a.m.46 views

CVE-2002-1235

The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before 1.2.1, and (3) kadmind in KTH Kerberos 5 (Heimdal) before 0.5.1 when compiled with Kerberos 4 support, doe...

10CVSS7.7AI score0.32917EPSS
CVE
CVE
added 2004/06/01 4:0 a.m.46 views

CVE-2004-0179

Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code.

6.8CVSS7.1AI score0.0797EPSS
CVE
CVE
added 2005/01/29 5:0 a.m.46 views

CVE-2004-1340

Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the pam_radius_auth.conf set to be world-readable, which allows local users to obtain sensitive information.

2.1CVSS5.8AI score0.00058EPSS
CVE
CVE
added 2019/11/12 9:15 p.m.46 views

CVE-2010-3299

The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks.

6.5CVSS6.4AI score0.00224EPSS
CVE
CVE
added 2019/11/20 4:15 p.m.46 views

CVE-2011-0529

Weborf before 0.12.5 is affected by a Denial of Service (DOS) due to malformed fields in HTTP.

7.5CVSS7.4AI score0.00447EPSS
CVE
CVE
added 2019/11/20 3:15 p.m.46 views

CVE-2011-1028

The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.

9.8CVSS9.7AI score0.00517EPSS
CVE
CVE
added 2020/03/10 5:15 p.m.46 views

CVE-2012-1096

NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection.

5.5CVSS5.4AI score0.00352EPSS
CVE
CVE
added 2016/04/11 3:59 p.m.46 views

CVE-2012-6700

The decode_search function in dhcp.c in dhcpcd 3.x does not properly free allocated memory, which allows remote DHCP servers to cause a denial of service via a crafted response.

7.5CVSS7.1AI score0.00514EPSS
CVE
CVE
added 2013/12/07 9:55 p.m.46 views

CVE-2013-0858

The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via ATRAC3 data with the joint stereo coding mode set and fewer than two channels.

9.3CVSS6.7AI score0.01154EPSS
CVE
CVE
added 2019/10/31 7:15 p.m.46 views

CVE-2013-1910

yum does not properly handle bad metadata, which allows an attacker to cause a denial of service and possibly have other unspecified impact via a Trojan horse file in the metadata of a remote repository.

9.8CVSS9.2AI score0.00849EPSS
CVE
CVE
added 2019/12/03 2:15 p.m.46 views

CVE-2013-2106

webauth before 4.6.1 has authentication credential disclosure

7.5CVSS7.5AI score0.00397EPSS
CVE
CVE
added 2016/05/13 2:59 p.m.46 views

CVE-2015-7827

Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding.

7.5CVSS7.4AI score0.00583EPSS
CVE
CVE
added 2016/04/13 4:59 p.m.46 views

CVE-2016-2054

Multiple buffer overflows in xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long filename, involving handling a "config" command.

9.8CVSS9.6AI score0.02908EPSS
CVE
CVE
added 2016/07/26 5:59 p.m.46 views

CVE-2016-3992

cronic before 3 allows local users to write to arbitrary files via a symlink attack on a (1) cronic.out.$$, (2) cronic.err.$$, or (3) cronic.trace.$$ file in /tmp.

6.2CVSS6.1AI score0.00059EPSS
CVE
CVE
added 2016/05/13 4:59 p.m.46 views

CVE-2016-3993

Off-by-one error in the __imlib_MergeUpdate function in lib/updates.c in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted coordinates.

7.5CVSS7.9AI score0.02595EPSS
CVE
CVE
added 2016/05/10 7:59 p.m.46 views

CVE-2016-4561

Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message.

6.1CVSS5.9AI score0.00359EPSS
CVE
CVE
added 2016/09/21 2:25 p.m.46 views

CVE-2016-7143

The m_authenticate function in modules/m_sasl.c in Charybdis before 3.5.3 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.

8.1CVSS7.6AI score0.01006EPSS
CVE
CVE
added 2018/04/13 4:29 p.m.46 views

CVE-2017-0368

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages.

5.3CVSS5.4AI score0.00287EPSS
CVE
CVE
added 2018/03/08 6:29 p.m.46 views

CVE-2018-7871

There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 for CONSTANT16 data. A crafted input will lead to a denial of service or possibly unspecified other impact.

8.8CVSS8.7AI score0.00558EPSS
CVE
CVE
added 2018/03/08 6:29 p.m.46 views

CVE-2018-7876

In libming 0.4.8, a memory exhaustion vulnerability was found in the function parseSWF_ACTIONRECORD in util/parser.c, which allows remote attackers to cause a denial of service via a crafted file.

6.5CVSS6.7AI score0.01379EPSS
CVE
CVE
added 2018/03/25 3:29 a.m.46 views

CVE-2018-9009

In libming 0.4.8, there is a use-after-free in the decompileJUMP function of the decompile.c file.

8.8CVSS8.4AI score0.00658EPSS
CVE
CVE
added 2020/07/06 2:15 p.m.46 views

CVE-2020-15569

PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-after-free in the PlayerGeneric destructor.

5.5CVSS5.6AI score0.002EPSS
CVE
CVE
added 2020/07/27 7:15 a.m.46 views

CVE-2020-15954

KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use.

6.5CVSS6.2AI score0.00142EPSS
CVE
CVE
added 2021/04/06 8:15 a.m.46 views

CVE-2020-36307

Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links.

6.1CVSS6AI score0.00415EPSS
CVE
CVE
added 2021/07/19 5:15 p.m.46 views

CVE-2020-36426

An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_crl_parse_der has a buffer over-read (of one byte).

7.5CVSS7.5AI score0.00226EPSS
CVE
CVE
added 2023/08/31 8:15 p.m.46 views

CVE-2023-39355

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Versions of FreeRDP on the 3.x release branch before beta3 are subject to a Use-After-Free in processing RDPGFX_CMDID_RESETGRAPHICS packets. If context->maxPlaneSize is 0, context->planes...

9.8CVSS8.2AI score0.00277EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.45 views

CVE-1999-0914

Buffer overflow in the FTP client in the Debian GNU/Linux netstd package.

7.2CVSS7.3AI score0.0041EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.45 views

CVE-1999-1330

The snprintf function in the db library 1.85.4 ignores the size parameter, which could allow attackers to exploit buffer overflows that would be prevented by a properly implemented snprintf.

4.6CVSS7AI score0.00097EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.45 views

CVE-2000-0366

dump in Debian GNU/Linux 2.1 does not properly restore symlinks, which allows a local user to modify the ownership of arbitrary files.

2.1CVSS6.8AI score0.00137EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.45 views

CVE-2000-0512

CUPS (Common Unix Printing System) 1.04 and earlier does not properly delete request files, which allows a remote attacker to cause a denial of service.

5CVSS7AI score0.00763EPSS
CVE
CVE
added 2001/01/22 5:0 a.m.45 views

CVE-2000-0888

named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by sending an SRV record to the server, aka the "srv bug."

5CVSS6.6AI score0.15771EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.45 views

CVE-2001-0195

sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking.

7.8CVSS7.7AI score0.00083EPSS
CVE
CVE
added 2005/04/14 4:0 a.m.45 views

CVE-2004-1009

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.

5CVSS6.2AI score0.01288EPSS
CVE
CVE
added 2005/04/14 4:0 a.m.45 views

CVE-2004-1093

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory."

5CVSS6.3AI score0.0106EPSS
CVE
CVE
added 2019/11/07 11:15 p.m.45 views

CVE-2013-1811

An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New".

4.3CVSS4.8AI score0.00325EPSS
CVE
CVE
added 2017/10/20 6:29 p.m.45 views

CVE-2013-6049

apt-listbugs before 0.1.10 creates temporary files insecurely, which allows attackers to have unspecified impact via unknown vectors.

7.8CVSS7.8AI score0.00065EPSS
CVE
CVE
added 2013/12/23 10:55 p.m.45 views

CVE-2013-6890

denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service (incorrect block of IP addresses) via crafted login names.

5CVSS6.6AI score0.12964EPSS
CVE
CVE
added 2017/09/20 6:29 p.m.45 views

CVE-2015-5395

Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0.

8.8CVSS8.8AI score0.00365EPSS
CVE
CVE
added 2018/10/01 8:29 a.m.45 views

CVE-2015-9267

Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program.

5.5CVSS6AI score0.00044EPSS
CVE
CVE
added 2019/12/10 3:15 p.m.45 views

CVE-2016-1000108

yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HT...

6.1CVSS6.1AI score0.00728EPSS
CVE
CVE
added 2017/11/20 6:29 p.m.45 views

CVE-2017-16899

An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to a negative font value in dev/gentikz.c, and the read_textobject functions in read.c and read1_3.c.

7.1CVSS6.5AI score0.00426EPSS
CVE
CVE
added 2017/12/14 4:29 p.m.45 views

CVE-2017-17515

etc/ObjectList in Metview 4.7.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has indicated that the code to access this environmen...

8.8CVSS8.6AI score0.00545EPSS
CVE
CVE
added 2018/04/12 4:29 p.m.45 views

CVE-2018-10061

Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used).

5.4CVSS5.4AI score0.00955EPSS
CVE
CVE
added 2018/02/28 7:29 a.m.45 views

CVE-2018-7556

LimeSurvey 2.6.x before 2.6.7, 2.7x.x before 2.73.1, and 3.x before 3.4.2 mishandles application/controller/InstallerController.php after installation, which allows remote attackers to access the configuration file.

9.1CVSS9.1AI score0.00304EPSS
CVE
CVE
added 2018/03/08 6:29 p.m.45 views

CVE-2018-7866

A NULL pointer dereference was discovered in newVar3 in util/decompile.c in libming 0.4.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

6.5CVSS6.9AI score0.01407EPSS
CVE
CVE
added 2018/03/08 6:29 p.m.45 views

CVE-2018-7877

There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 for DOUBLE data. A Crafted input will lead to a denial of service attack.

6.5CVSS6.6AI score0.00544EPSS
CVE
CVE
added 2019/05/05 6:29 a.m.45 views

CVE-2019-11766

dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature.

9.8CVSS9.5AI score0.00777EPSS
Total number of security vulnerabilities9110