Lucene search

K
DebianDebian Linux

9134 matches found

CVE
CVE
added 2019/11/06 3:15 p.m.49 views

CVE-2011-4625

simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages.

7.5CVSS7.4AI score0.00274EPSS
CVE
CVE
added 2013/11/05 9:55 p.m.49 views

CVE-2013-4134

OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key.

4.3CVSS6.4AI score0.00152EPSS
CVE
CVE
added 2019/11/22 3:15 p.m.49 views

CVE-2015-5694

Designate does not enforce the DNS protocol limit concerning record set sizes

6.5CVSS6.4AI score0.0094EPSS
CVE
CVE
added 2016/05/13 2:59 p.m.49 views

CVE-2015-5727

The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, related to a length field.

7.8CVSS8.1AI score0.00607EPSS
CVE
CVE
added 2015/09/02 10:59 a.m.49 views

CVE-2015-6587

The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC.

4CVSS6AI score0.00625EPSS
CVE
CVE
added 2016/04/12 2:59 p.m.49 views

CVE-2015-8702

The DNS::GetResult function in dns.cpp in InspIRCd before 2.0.19 allows remote DNS servers to cause a denial of service (netsplit) via an invalid character in a PTR response, as demonstrated by a "\032" (whitespace) character in a hostname.

8.6CVSS8AI score0.00756EPSS
CVE
CVE
added 2016/05/13 2:59 p.m.49 views

CVE-2016-2849

Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via a timing side-channel attack.

7.5CVSS7.3AI score0.00583EPSS
CVE
CVE
added 2017/10/28 9:29 p.m.49 views

CVE-2017-15954

bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow (with a resultant invalid free) and crash when processing a malformed CUE (.cue) file.

5.5CVSS5.4AI score0.00308EPSS
CVE
CVE
added 2017/06/28 6:29 a.m.49 views

CVE-2017-9989

util/outputtxt.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack.

6.5CVSS6.9AI score0.00625EPSS
CVE
CVE
added 2018/07/02 2:29 p.m.49 views

CVE-2018-13054

An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of (for example) other users' icon files in _on_face_browse_menuitem_activated and _on_face_menuitem_activated. These icon files are written to the respective user's $HO...

8.1CVSS7.8AI score0.00364EPSS
CVE
CVE
added 2018/02/23 9:29 p.m.49 views

CVE-2018-7440

An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836.

9.8CVSS7.1AI score0.0166EPSS
CVE
CVE
added 2018/03/08 6:29 p.m.49 views

CVE-2018-7876

In libming 0.4.8, a memory exhaustion vulnerability was found in the function parseSWF_ACTIONRECORD in util/parser.c, which allows remote attackers to cause a denial of service via a crafted file.

6.5CVSS6.7AI score0.01379EPSS
CVE
CVE
added 2019/04/28 4:29 p.m.49 views

CVE-2019-11579

dhcp.c in dhcpcd before 7.2.1 contains a 1-byte read overflow with DHO_OPTSOVERLOADED.

5.3CVSS5.2AI score0.00473EPSS
CVE
CVE
added 2020/07/06 2:15 p.m.49 views

CVE-2020-15569

PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-after-free in the PlayerGeneric destructor.

5.5CVSS5.6AI score0.002EPSS
CVE
CVE
added 2020/07/27 7:15 a.m.49 views

CVE-2020-15954

KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use.

6.5CVSS6.2AI score0.00142EPSS
CVE
CVE
added 2021/07/19 5:15 p.m.49 views

CVE-2020-36426

An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_crl_parse_der has a buffer over-read (of one byte).

7.5CVSS7.5AI score0.00225EPSS
CVE
CVE
added 2001/09/12 4:0 a.m.48 views

CVE-1999-1496

Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to determine the existence of arbitrary files by attempting to execute the target filename as a program, which generates a different error message when the file does not exist.

2.1CVSS7AI score0.00089EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.48 views

CVE-2000-0513

CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service by authenticating with a user name that does not exist or does not have a shadow password.

5CVSS7.1AI score0.00763EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.48 views

CVE-2001-0138

privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack.

1.2CVSS6.3AI score0.00076EPSS
CVE
CVE
added 2002/11/04 5:0 a.m.48 views

CVE-2002-1235

The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before 1.2.1, and (3) kadmind in KTH Kerberos 5 (Heimdal) before 0.5.1 when compiled with Kerberos 4 support, doe...

10CVSS7.7AI score0.32917EPSS
CVE
CVE
added 2003/06/09 4:0 a.m.48 views

CVE-2003-0360

Multiple buffer overflows in gPS before 1.0.0 allow attackers to cause a denial of service and possibly execute arbitrary code.

7.5CVSS7.4AI score0.0092EPSS
CVE
CVE
added 2005/01/29 5:0 a.m.48 views

CVE-2004-1340

Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the pam_radius_auth.conf set to be world-readable, which allows local users to obtain sensitive information.

2.1CVSS5.8AI score0.00058EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.48 views

CVE-2005-0076

Multiple buffer overflows in the XView library 3.2 may allow local users to execute arbitrary code via setuid applications that use the library.

7.2CVSS7.1AI score0.00057EPSS
CVE
CVE
added 2006/12/18 2:28 a.m.48 views

CVE-2006-6614

The save_log_local function in Fully Automatic Installation (FAI) 2.10.1, and possibly 3.1.2, when verbose mode is enabled, stores the root password hash in /var/log/fai/current/fai.log, whose file permissions allow it to be copied to other hosts when fai-savelog is called and allows attackers to o...

1.9CVSS6.8AI score0.00069EPSS
CVE
CVE
added 2011/01/14 5:0 p.m.48 views

CVE-2011-0474

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a ...

10CVSS7.3AI score0.02875EPSS
CVE
CVE
added 2019/11/19 4:15 p.m.48 views

CVE-2012-0843

uzbl: Information disclosure via world-readable cookies storage file

5.5CVSS5.2AI score0.00146EPSS
CVE
CVE
added 2020/03/10 5:15 p.m.48 views

CVE-2012-1096

NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection.

5.5CVSS5.4AI score0.00352EPSS
CVE
CVE
added 2019/10/31 7:15 p.m.48 views

CVE-2013-1910

yum does not properly handle bad metadata, which allows an attacker to cause a denial of service and possibly have other unspecified impact via a Trojan horse file in the metadata of a remote repository.

9.8CVSS9.2AI score0.00854EPSS
CVE
CVE
added 2019/11/05 3:15 p.m.48 views

CVE-2013-6461

Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits

6.5CVSS6.4AI score0.02046EPSS
CVE
CVE
added 2015/01/09 6:59 p.m.48 views

CVE-2014-9271

Cross-site scripting (XSS) vulnerability in file_download.php in MantisBT before 1.2.18 allows remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image extension, related to inline attachments, as demonstrated by a .swf.jpeg filename.

5.4CVSS5AI score0.00833EPSS
CVE
CVE
added 2015/05/14 2:59 p.m.48 views

CVE-2015-0971

The DER parser in Suricata before 2.0.8 allows remote attackers to cause a denial of service (crash) via vectors related to SSL/TLS certificates.

5CVSS6.3AI score0.00392EPSS
CVE
CVE
added 2017/04/13 2:59 p.m.48 views

CVE-2015-6674

Buffer underflow vulnerability in the Debian inspircd package before 2.0.5-1+deb7u1 for wheezy and before 2.0.16-1 for jessie and sid. NOTE: This issue exists as an additional issue from an incomplete fix of CVE-2012-1836.

9.8CVSS9.3AI score0.07419EPSS
CVE
CVE
added 2016/05/13 2:59 p.m.48 views

CVE-2015-7827

Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding.

7.5CVSS7.4AI score0.00435EPSS
CVE
CVE
added 2016/04/13 4:59 p.m.48 views

CVE-2016-2054

Multiple buffer overflows in xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long filename, involving handling a "config" command.

9.8CVSS9.6AI score0.04093EPSS
CVE
CVE
added 2016/07/26 5:59 p.m.48 views

CVE-2016-3992

cronic before 3 allows local users to write to arbitrary files via a symlink attack on a (1) cronic.out.$$, (2) cronic.err.$$, or (3) cronic.trace.$$ file in /tmp.

6.2CVSS6.1AI score0.00059EPSS
CVE
CVE
added 2018/04/13 4:29 p.m.48 views

CVE-2017-0368

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages.

5.3CVSS5.4AI score0.00258EPSS
CVE
CVE
added 2017/05/17 2:29 p.m.48 views

CVE-2017-8849

smb4k before 2.0.1 allows local users to gain root privileges by leveraging failure to verify arguments to the mount helper DBUS service.

7.8CVSS7.4AI score0.00242EPSS
CVE
CVE
added 2018/02/09 11:29 p.m.48 views

CVE-2018-1000041

GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable via...

8.8CVSS8.4AI score0.00456EPSS
CVE
CVE
added 2018/04/12 4:29 p.m.48 views

CVE-2018-10061

Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used).

5.4CVSS5.4AI score0.00955EPSS
CVE
CVE
added 2018/02/28 6:29 a.m.48 views

CVE-2018-7553

There is a heap-based buffer overflow in the pcxLoadRaster function of in_pcx.cpp in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.

9.8CVSS9.7AI score0.00559EPSS
CVE
CVE
added 2018/03/08 6:29 p.m.48 views

CVE-2018-7868

There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input will lead to a denial of service attack.

6.5CVSS7.1AI score0.00571EPSS
CVE
CVE
added 2018/03/08 6:29 p.m.48 views

CVE-2018-7871

There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 for CONSTANT16 data. A crafted input will lead to a denial of service or possibly unspecified other impact.

8.8CVSS8.7AI score0.00529EPSS
CVE
CVE
added 2022/06/07 6:15 p.m.48 views

CVE-2019-9972

PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of " followed by " mishandling.

9CVSS8.6AI score0.00446EPSS
CVE
CVE
added 2023/08/31 8:15 p.m.48 views

CVE-2023-39355

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Versions of FreeRDP on the 3.x release branch before beta3 are subject to a Use-After-Free in processing RDPGFX_CMDID_RESETGRAPHICS packets. If context->maxPlaneSize is 0, context->planes...

9.8CVSS8.2AI score0.00277EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.47 views

CVE-1999-0804

Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, and IP header lengths.

5CVSS7AI score0.03718EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.47 views

CVE-1999-0914

Buffer overflow in the FTP client in the Debian GNU/Linux netstd package.

7.2CVSS7.3AI score0.0041EPSS
CVE
CVE
added 2001/01/22 5:0 a.m.47 views

CVE-2000-0888

named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by sending an SRV record to the server, aka the "srv bug."

5CVSS6.6AI score0.15771EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.47 views

CVE-2001-0233

Buffer overflow in micq client 0.4.6 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Description field.

10CVSS7.8AI score0.14821EPSS
CVE
CVE
added 2004/05/04 4:0 a.m.47 views

CVE-2003-0618

Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local user to obtain sensitive information about files for which the user does not have appropriate permissions.

2.1CVSS5.8AI score0.00054EPSS
CVE
CVE
added 2005/04/14 4:0 a.m.47 views

CVE-2004-1009

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.

5CVSS6.2AI score0.01288EPSS
Total number of security vulnerabilities9134