Lucene search

K
DebianDebian Linux

9127 matches found

CVE
CVE
added 2001/05/07 4:0 a.m.48 views

CVE-2001-0138

privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack.

1.2CVSS6.3AI score0.00076EPSS
CVE
CVE
added 2002/11/04 5:0 a.m.48 views

CVE-2002-1235

The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before 1.2.1, and (3) kadmind in KTH Kerberos 5 (Heimdal) before 0.5.1 when compiled with Kerberos 4 support, doe...

10CVSS7.7AI score0.32917EPSS
CVE
CVE
added 2003/06/09 4:0 a.m.48 views

CVE-2003-0360

Multiple buffer overflows in gPS before 1.0.0 allow attackers to cause a denial of service and possibly execute arbitrary code.

7.5CVSS7.4AI score0.0092EPSS
CVE
CVE
added 2004/06/01 4:0 a.m.48 views

CVE-2004-0179

Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code.

6.8CVSS7.1AI score0.07826EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.48 views

CVE-2005-0076

Multiple buffer overflows in the XView library 3.2 may allow local users to execute arbitrary code via setuid applications that use the library.

7.2CVSS7.1AI score0.00057EPSS
CVE
CVE
added 2006/12/18 2:28 a.m.48 views

CVE-2006-6614

The save_log_local function in Fully Automatic Installation (FAI) 2.10.1, and possibly 3.1.2, when verbose mode is enabled, stores the root password hash in /var/log/fai/current/fai.log, whose file permissions allow it to be copied to other hosts when fai-savelog is called and allows attackers to o...

1.9CVSS6.8AI score0.00069EPSS
CVE
CVE
added 2019/11/07 11:15 p.m.48 views

CVE-2007-6745

clamav 0.91.2 suffers from a floating point exception when using ScanOLE2.

9.8CVSS9.4AI score0.00651EPSS
CVE
CVE
added 2019/11/12 9:15 p.m.48 views

CVE-2010-3299

The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks.

6.5CVSS6.4AI score0.00152EPSS
CVE
CVE
added 2011/01/14 5:0 p.m.48 views

CVE-2011-0474

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a ...

10CVSS7.3AI score0.02875EPSS
CVE
CVE
added 2019/11/19 4:15 p.m.48 views

CVE-2012-0843

uzbl: Information disclosure via world-readable cookies storage file

5.5CVSS5.2AI score0.00146EPSS
CVE
CVE
added 2020/03/10 5:15 p.m.48 views

CVE-2012-1096

NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection.

5.5CVSS5.4AI score0.00352EPSS
CVE
CVE
added 2019/10/31 7:15 p.m.48 views

CVE-2013-1910

yum does not properly handle bad metadata, which allows an attacker to cause a denial of service and possibly have other unspecified impact via a Trojan horse file in the metadata of a remote repository.

9.8CVSS9.2AI score0.00854EPSS
CVE
CVE
added 2013/11/05 9:55 p.m.48 views

CVE-2013-4134

OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key.

4.3CVSS6.4AI score0.00152EPSS
CVE
CVE
added 2019/11/05 3:15 p.m.48 views

CVE-2013-6461

Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits

6.5CVSS6.4AI score0.02046EPSS
CVE
CVE
added 2015/01/09 6:59 p.m.48 views

CVE-2014-9271

Cross-site scripting (XSS) vulnerability in file_download.php in MantisBT before 1.2.18 allows remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image extension, related to inline attachments, as demonstrated by a .swf.jpeg filename.

5.4CVSS5AI score0.00833EPSS
CVE
CVE
added 2015/05/14 2:59 p.m.48 views

CVE-2015-0971

The DER parser in Suricata before 2.0.8 allows remote attackers to cause a denial of service (crash) via vectors related to SSL/TLS certificates.

5CVSS6.3AI score0.00255EPSS
CVE
CVE
added 2015/09/02 10:59 a.m.48 views

CVE-2015-6587

The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC.

4CVSS6AI score0.00625EPSS
CVE
CVE
added 2017/04/13 2:59 p.m.48 views

CVE-2015-6674

Buffer underflow vulnerability in the Debian inspircd package before 2.0.5-1+deb7u1 for wheezy and before 2.0.16-1 for jessie and sid. NOTE: This issue exists as an additional issue from an incomplete fix of CVE-2012-1836.

9.8CVSS9.3AI score0.07419EPSS
CVE
CVE
added 2016/05/13 2:59 p.m.48 views

CVE-2015-7827

Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding.

7.5CVSS7.4AI score0.00435EPSS
CVE
CVE
added 2018/04/13 4:29 p.m.48 views

CVE-2017-0368

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages.

5.3CVSS5.4AI score0.00258EPSS
CVE
CVE
added 2017/05/17 2:29 p.m.48 views

CVE-2017-8849

smb4k before 2.0.1 allows local users to gain root privileges by leveraging failure to verify arguments to the mount helper DBUS service.

7.8CVSS7.4AI score0.00242EPSS
Web
CVE
CVE
added 2018/02/09 11:29 p.m.48 views

CVE-2018-1000041

GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable via...

8.8CVSS8.4AI score0.00456EPSS
CVE
CVE
added 2018/02/28 6:29 a.m.48 views

CVE-2018-7553

There is a heap-based buffer overflow in the pcxLoadRaster function of in_pcx.cpp in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.

9.8CVSS9.7AI score0.00589EPSS
CVE
CVE
added 2018/03/08 6:29 p.m.48 views

CVE-2018-7868

There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input will lead to a denial of service attack.

6.5CVSS7.1AI score0.00571EPSS
CVE
CVE
added 2018/03/08 6:29 p.m.48 views

CVE-2018-7871

There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 for CONSTANT16 data. A crafted input will lead to a denial of service or possibly unspecified other impact.

8.8CVSS8.7AI score0.00558EPSS
CVE
CVE
added 2018/03/08 6:29 p.m.48 views

CVE-2018-7876

In libming 0.4.8, a memory exhaustion vulnerability was found in the function parseSWF_ACTIONRECORD in util/parser.c, which allows remote attackers to cause a denial of service via a crafted file.

6.5CVSS6.7AI score0.01379EPSS
CVE
CVE
added 2019/04/28 4:29 p.m.48 views

CVE-2019-11579

dhcp.c in dhcpcd before 7.2.1 contains a 1-byte read overflow with DHO_OPTSOVERLOADED.

5.3CVSS5.2AI score0.00473EPSS
CVE
CVE
added 2022/06/07 6:15 p.m.48 views

CVE-2019-9972

PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of " followed by " mishandling.

9CVSS8.6AI score0.00446EPSS
CVE
CVE
added 2020/07/27 7:15 a.m.48 views

CVE-2020-15954

KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use.

6.5CVSS6.2AI score0.00142EPSS
CVE
CVE
added 2021/07/19 5:15 p.m.48 views

CVE-2020-36426

An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_crl_parse_der has a buffer over-read (of one byte).

7.5CVSS7.5AI score0.00225EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.47 views

CVE-1999-0804

Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, and IP header lengths.

5CVSS7AI score0.03718EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.47 views

CVE-2001-0233

Buffer overflow in micq client 0.4.6 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Description field.

10CVSS7.8AI score0.14821EPSS
CVE
CVE
added 2005/04/14 4:0 a.m.47 views

CVE-2004-1009

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.

5CVSS6.2AI score0.01288EPSS
CVE
CVE
added 2005/04/14 4:0 a.m.47 views

CVE-2004-1093

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory."

5CVSS6.3AI score0.0106EPSS
CVE
CVE
added 2005/01/29 5:0 a.m.47 views

CVE-2004-1340

Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the pam_radius_auth.conf set to be world-readable, which allows local users to obtain sensitive information.

2.1CVSS5.8AI score0.00058EPSS
CVE
CVE
added 2019/11/20 4:15 p.m.47 views

CVE-2011-0529

Weborf before 0.12.5 is affected by a Denial of Service (DOS) due to malformed fields in HTTP.

7.5CVSS7.4AI score0.00447EPSS
CVE
CVE
added 2019/11/20 3:15 p.m.47 views

CVE-2011-1028

The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.

9.8CVSS9.7AI score0.00517EPSS
CVE
CVE
added 2013/12/07 9:55 p.m.47 views

CVE-2013-0858

The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via ATRAC3 data with the joint stereo coding mode set and fewer than two channels.

9.3CVSS6.7AI score0.01154EPSS
CVE
CVE
added 2019/12/03 2:15 p.m.47 views

CVE-2013-2106

webauth before 4.6.1 has authentication credential disclosure

7.5CVSS7.5AI score0.00397EPSS
CVE
CVE
added 2017/09/20 6:29 p.m.47 views

CVE-2015-5395

Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0.

8.8CVSS8.8AI score0.00365EPSS
CVE
CVE
added 2016/04/13 4:59 p.m.47 views

CVE-2016-2054

Multiple buffer overflows in xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long filename, involving handling a "config" command.

9.8CVSS9.6AI score0.04093EPSS
CVE
CVE
added 2016/07/26 5:59 p.m.47 views

CVE-2016-3992

cronic before 3 allows local users to write to arbitrary files via a symlink attack on a (1) cronic.out.$$, (2) cronic.err.$$, or (3) cronic.trace.$$ file in /tmp.

6.2CVSS6.1AI score0.00059EPSS
CVE
CVE
added 2016/05/13 4:59 p.m.47 views

CVE-2016-3993

Off-by-one error in the __imlib_MergeUpdate function in lib/updates.c in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted coordinates.

7.5CVSS7.9AI score0.01098EPSS
CVE
CVE
added 2016/05/10 7:59 p.m.47 views

CVE-2016-4561

Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message.

6.1CVSS5.9AI score0.00296EPSS
CVE
CVE
added 2016/09/09 2:5 p.m.47 views

CVE-2016-6211

The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.

8.8CVSS8.3AI score0.01181EPSS
CVE
CVE
added 2016/09/21 2:25 p.m.47 views

CVE-2016-7143

The m_authenticate function in modules/m_sasl.c in Charybdis before 3.5.3 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.

8.1CVSS7.6AI score0.01006EPSS
CVE
CVE
added 2017/11/20 6:29 p.m.47 views

CVE-2017-16899

An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to a negative font value in dev/gentikz.c, and the read_textobject functions in read.c and read1_3.c.

7.1CVSS6.5AI score0.00426EPSS
CVE
CVE
added 2018/04/12 4:29 p.m.47 views

CVE-2018-10061

Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used).

5.4CVSS5.4AI score0.00955EPSS
CVE
CVE
added 2018/03/08 6:29 p.m.47 views

CVE-2018-7866

A NULL pointer dereference was discovered in newVar3 in util/decompile.c in libming 0.4.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

6.5CVSS6.9AI score0.01407EPSS
CVE
CVE
added 2018/03/25 3:29 a.m.47 views

CVE-2018-9009

In libming 0.4.8, there is a use-after-free in the decompileJUMP function of the decompile.c file.

8.8CVSS8.4AI score0.00658EPSS
Total number of security vulnerabilities9127