Lucene search

K
DebianDebian Linux

9110 matches found

CVE
CVE
added 2000/01/04 5:0 a.m.44 views

CVE-1999-0978

htdig allows remote attackers to execute commands via filenames with shell metacharacters.

7.5CVSS7.3AI score0.0083EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.44 views

CVE-2000-0076

nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover.

2.1CVSS6.6AI score0.00099EPSS
CVE
CVE
added 2001/09/18 4:0 a.m.44 views

CVE-2001-0457

man2html before 1.5-22 allows remote attackers to cause a denial of service (memory exhaustion).

5CVSS6.6AI score0.00739EPSS
CVE
CVE
added 2005/07/14 4:0 a.m.44 views

CVE-2001-1561

Buffer overflow in Xvt 2.1 in Debian Linux 2.2 allows local users to execute arbitrary code via long (1) -name and (2) -T arguments.

7.2CVSS7.5AI score0.00219EPSS
CVE
CVE
added 2004/05/04 4:0 a.m.44 views

CVE-2003-0618

Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local user to obtain sensitive information about files for which the user does not have appropriate permissions.

2.1CVSS5.8AI score0.00054EPSS
CVE
CVE
added 2004/12/06 5:0 a.m.44 views

CVE-2004-0451

Multiple format string vulnerabilities in the (1) logquit, (2) logerr, or (3) loginfo functions in Software Upgrade Protocol (SUP) allows remote attackers to execute arbitrary code via format string specifiers in messages that are logged by syslog.

10CVSS7.5AI score0.03657EPSS
CVE
CVE
added 2004/12/06 5:0 a.m.44 views

CVE-2004-0455

Buffer overflow in cgi.c in www-sql before 0.5.7 allows local users to execute arbitrary code via a web page that is processed by www-sql.

7.2CVSS7.3AI score0.00135EPSS
CVE
CVE
added 2005/01/10 5:0 a.m.44 views

CVE-2004-0770

romload.c in DGen Emulator 1.23 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files during decompression of (1) gzip or (2) bzip ROM files.

2.1CVSS6.4AI score0.00064EPSS
CVE
CVE
added 2019/11/13 6:15 p.m.44 views

CVE-2010-4532

offlineimap before 6.3.2 does not check for SSL server certificate validation when "ssl = yes" option is specified which can allow man-in-the-middle attacks.

5.9CVSS5.7AI score0.00231EPSS
CVE
CVE
added 2019/11/21 2:15 p.m.44 views

CVE-2012-2350

pam_shield before 0.9.4: Default configuration does not perform protective action

7.5CVSS7.5AI score0.00425EPSS
CVE
CVE
added 2013/09/16 7:14 p.m.44 views

CVE-2013-4233

Integer overflow in the abc_set_parts function in load_abc.cpp in libmodplug 0.8.8.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted P header in an ABC file, which triggers a heap-based buffer overflow.

6.8CVSS7.9AI score0.02274EPSS
CVE
CVE
added 2016/05/06 5:59 p.m.44 views

CVE-2015-0857

Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell metacharacters in the name of a (1) tar file or (2) file within a tar file.

10CVSS9.6AI score0.01501EPSS
CVE
CVE
added 2016/09/09 2:5 p.m.44 views

CVE-2016-6211

The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.

8.8CVSS8.3AI score0.01747EPSS
CVE
CVE
added 2016/08/31 2:59 p.m.44 views

CVE-2016-7118

fs/fcntl.c in the "aufs 3.2.x+setfl-debian" patch in the linux-image package 3.2.0-4 (kernel 3.2.81-1) in Debian wheezy mishandles F_SETFL fcntl calls on directories, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via standard filesystem operations...

5.5CVSS5.7AI score0.00052EPSS
CVE
CVE
added 2017/06/11 5:29 p.m.44 views

CVE-2017-9527

The mark_context_stack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service (heap-based use-after-free and application crash) or possibly have unspecified other impact via a crafted .rb file.

7.8CVSS7.9AI score0.00202EPSS
CVE
CVE
added 2018/07/17 3:29 a.m.44 views

CVE-2018-14337

The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrb_str_resize function in string.c does not check for a negative length.

7.5CVSS7.5AI score0.00384EPSS
CVE
CVE
added 2018/02/16 4:29 p.m.44 views

CVE-2018-7186

Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and pta...

9.8CVSS7.7AI score0.03045EPSS
CVE
CVE
added 2018/03/08 6:29 p.m.44 views

CVE-2018-7867

There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 during a RegisterNumber sprintf. A Crafted input will lead to a denial of service attack.

6.5CVSS7.2AI score0.00563EPSS
CVE
CVE
added 2021/07/19 5:15 p.m.44 views

CVE-2020-36423

An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly consider the case of a hardware accelerator.

7.5CVSS7.7AI score0.00077EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.43 views

CVE-2001-0193

Format string vulnerability in man in some Linux distributions allows local users to gain privileges via a malformed -l parameter.

7.2CVSS6.5AI score0.00205EPSS
CVE
CVE
added 2003/05/17 4:0 a.m.43 views

CVE-2003-0308

The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely create temporary files, which could allow local users to gain additional privileges via (1) expn, (2) checksendmail, or (3) doublebounce.pl.

7.2CVSS6.3AI score0.00061EPSS
CVE
CVE
added 2004/05/04 4:0 a.m.43 views

CVE-2003-0648

Multiple buffer overflows in vfte, based on FTE, before 0.50, allow local users to execute arbitrary code.

10CVSS6.9AI score0.01762EPSS
CVE
CVE
added 2005/02/09 5:0 a.m.43 views

CVE-2004-0964

Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for Linux, allows remote attackers or local users to execute arbitrary code via certain values in a .pls file.

10CVSS7.5AI score0.83984EPSS
CVE
CVE
added 2005/02/11 5:0 a.m.43 views

CVE-2004-1180

Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on little endian architectures, allows remote attackers to cause a denial of service (application crash).

5CVSS6.3AI score0.00763EPSS
CVE
CVE
added 2019/11/08 12:15 a.m.43 views

CVE-2008-7291

gri before 2.12.18 generates temporary files in an insecure way.

9.8CVSS9.4AI score0.00432EPSS
CVE
CVE
added 2019/11/12 7:15 p.m.43 views

CVE-2010-3359

If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. This can allow a local user to trick another user into running gargoyle in a directory with a cracked libgarglk.so and gain access to the user's account.

4.8CVSS5AI score0.00127EPSS
CVE
CVE
added 2018/01/30 8:29 p.m.43 views

CVE-2011-2902

zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-12+squeeze1 as packaged in Debian squeeze deletes temporary files insecurely, which allows remote attackers to delete arbitrary files via a crafted .pdf.gz file name.

6.4CVSS5.2AI score0.00587EPSS
CVE
CVE
added 2013/11/05 9:55 p.m.43 views

CVE-2013-4135

The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.

4.3CVSS6.1AI score0.00283EPSS
CVE
CVE
added 2018/07/16 2:29 p.m.43 views

CVE-2014-2079

X File Explorer (aka xfe) might allow local users to bypass intended access restrictions and gain access to arbitrary files by leveraging failure to use directory masks when creating files on Samba and NFS shares.

5.5CVSS5.6AI score0.00085EPSS
CVE
CVE
added 2014/12/16 6:59 p.m.43 views

CVE-2014-9057

SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5CVSS8.3AI score0.00356EPSS
CVE
CVE
added 2018/11/30 10:29 a.m.43 views

CVE-2018-19777

In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool.

5.5CVSS5.6AI score0.00282EPSS
CVE
CVE
added 2018/03/08 6:29 p.m.43 views

CVE-2018-7873

There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 for INTEGER data. A Crafted input will lead to a denial of service attack.

6.5CVSS7.2AI score0.01383EPSS
CVE
CVE
added 2020/07/01 11:15 a.m.43 views

CVE-2020-15476

In nDPI through 3.2, the Oracle protocol dissector has a heap-based buffer over-read in ndpi_search_oracle in lib/protocols/oracle.c.

7.5CVSS7.4AI score0.00221EPSS
CVE
CVE
added 2023/02/22 7:15 a.m.43 views

CVE-2023-26314

The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.

8.8CVSS8.9AI score0.00529EPSS
CVE
CVE
added 2023/04/06 5:15 a.m.43 views

CVE-2023-29415

An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A denial of service (process hang) can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais.

6.5CVSS6.9AI score0.00116EPSS
CVE
CVE
added 2023/05/09 2:15 p.m.43 views

CVE-2023-31137

MaraDNS is open-source software that implements the Domain Name System (DNS). In version 3.5.0024 and prior, a remotely exploitable integer underflow vulnerability in the DNS packet decompression function allows an attacker to cause a Denial of Service by triggering an abnormal program termination....

7.5CVSS7.3AI score0.00865EPSS
CVE
CVE
added 2023/08/11 2:15 p.m.43 views

CVE-2023-39949

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.9.1 and 2.6.5, improper validation of sequence numbers may lead to remotely reachable assertion failure. This can remotely crash any Fast-DDS process. Versions 2.9...

7.5CVSS7.5AI score0.00067EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.42 views

CVE-1999-0939

Denial of service in Debian IRC Epic/epic4 client via a long string.

5CVSS6.9AI score0.0052EPSS
CVE
CVE
added 2001/09/12 4:0 a.m.42 views

CVE-1999-1182

Buffer overflow in run-time linkers (1) ld.so or (2) ld-linux.so for Linux systems allows local users to gain privileges by calling a setuid program with a long program name (argv[0]) and forcing ld.so/ld-linux.so to report an error.

7.2CVSS7.7AI score0.00068EPSS
CVE
CVE
added 2001/01/22 5:0 a.m.42 views

CVE-2000-1135

fshd (fsh daemon) in Debian GNU/Linux allows local users to overwrite files of other users via a symlink attack.

4.6CVSS6.6AI score0.00066EPSS
CVE
CVE
added 2001/09/18 4:0 a.m.42 views

CVE-2001-0235

Vulnerability in crontab allows local users to read crontab files of other users by replacing the temporary file that is being edited while crontab is running.

2.1CVSS6AI score0.00102EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.42 views

CVE-2001-0763

Buffer overflow in Linux xinetd 2.1.8.9pre11-1 and earlier may allow remote attackers to execute arbitrary code via a long ident response, which is not properly handled by the svc_logprint function.

7.5CVSS7.9AI score0.25353EPSS
CVE
CVE
added 2006/03/23 11:6 a.m.42 views

CVE-2006-0050

snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary log file.

1.2CVSS6AI score0.00064EPSS
CVE
CVE
added 2019/11/07 10:15 p.m.42 views

CVE-2007-5743

viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option.

7.5CVSS7.4AI score0.00346EPSS
CVE
CVE
added 2019/10/31 4:15 p.m.42 views

CVE-2009-5043

burn allows file names to escape via mishandled quotation marks

9.8CVSS9.3AI score0.00432EPSS
CVE
CVE
added 2019/12/20 3:15 p.m.42 views

CVE-2012-6111

gnome-keyring does not discard stored secrets when using gnome_keyring_lock_all_sync function

7.5CVSS7.5AI score0.0039EPSS
CVE
CVE
added 2019/12/05 5:15 p.m.42 views

CVE-2013-0326

OpenStack nova base images permissions are world readable

5.5CVSS5.5AI score0.00112EPSS
CVE
CVE
added 2019/11/07 10:15 p.m.42 views

CVE-2013-1429

Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using crafted symlinks.

6.3CVSS6.2AI score0.00786EPSS
CVE
CVE
added 2019/12/04 10:15 p.m.42 views

CVE-2013-2745

An SQL Injection vulnerability exists in MiniDLNA prior to 1.1.0

9.8CVSS9.7AI score0.00387EPSS
CVE
CVE
added 2020/07/01 11:15 a.m.42 views

CVE-2020-15472

In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based buffer over-read in ndpi_search_h323 in lib/protocols/h323.c, as demonstrated by a payload packet length that is too short.

9.1CVSS9.1AI score0.0029EPSS
Total number of security vulnerabilities9110