Lucene search

K
DebianDebian Linux

9134 matches found

CVE
CVE
added 2005/04/14 4:0 a.m.47 views

CVE-2004-1093

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory."

5CVSS6.3AI score0.0106EPSS
CVE
CVE
added 2019/11/20 4:15 p.m.47 views

CVE-2011-0529

Weborf before 0.12.5 is affected by a Denial of Service (DOS) due to malformed fields in HTTP.

7.5CVSS7.4AI score0.00447EPSS
CVE
CVE
added 2013/12/07 9:55 p.m.47 views

CVE-2013-0858

The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via ATRAC3 data with the joint stereo coding mode set and fewer than two channels.

9.3CVSS6.7AI score0.01154EPSS
CVE
CVE
added 2019/12/03 2:15 p.m.47 views

CVE-2013-2106

webauth before 4.6.1 has authentication credential disclosure

7.5CVSS7.5AI score0.00397EPSS
CVE
CVE
added 2013/09/16 7:14 p.m.47 views

CVE-2013-4233

Integer overflow in the abc_set_parts function in load_abc.cpp in libmodplug 0.8.8.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted P header in an ABC file, which triggers a heap-based buffer overflow.

6.8CVSS7.9AI score0.03846EPSS
CVE
CVE
added 2017/09/20 6:29 p.m.47 views

CVE-2015-5395

Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0.

8.8CVSS8.8AI score0.00365EPSS
CVE
CVE
added 2018/10/01 8:29 a.m.47 views

CVE-2015-9267

Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program.

5.5CVSS6AI score0.00042EPSS
CVE
CVE
added 2016/05/13 4:59 p.m.47 views

CVE-2016-3993

Off-by-one error in the __imlib_MergeUpdate function in lib/updates.c in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted coordinates.

7.5CVSS7.9AI score0.01098EPSS
CVE
CVE
added 2016/05/10 7:59 p.m.47 views

CVE-2016-4561

Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message.

6.1CVSS5.9AI score0.00296EPSS
CVE
CVE
added 2016/09/09 2:5 p.m.47 views

CVE-2016-6211

The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.

8.8CVSS8.3AI score0.01181EPSS
CVE
CVE
added 2016/09/21 2:25 p.m.47 views

CVE-2016-7143

The m_authenticate function in modules/m_sasl.c in Charybdis before 3.5.3 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.

8.1CVSS7.6AI score0.01006EPSS
CVE
CVE
added 2017/11/20 6:29 p.m.47 views

CVE-2017-16899

An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to a negative font value in dev/gentikz.c, and the read_textobject functions in read.c and read1_3.c.

7.1CVSS6.5AI score0.00426EPSS
CVE
CVE
added 2018/07/17 3:29 a.m.47 views

CVE-2018-14337

The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrb_str_resize function in string.c does not check for a negative length.

7.5CVSS7.5AI score0.00384EPSS
CVE
CVE
added 2018/03/08 6:29 p.m.47 views

CVE-2018-7866

A NULL pointer dereference was discovered in newVar3 in util/decompile.c in libming 0.4.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

6.5CVSS6.9AI score0.01407EPSS
CVE
CVE
added 2018/03/08 6:29 p.m.47 views

CVE-2018-7877

There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 for DOUBLE data. A Crafted input will lead to a denial of service attack.

6.5CVSS6.6AI score0.00544EPSS
CVE
CVE
added 2018/03/25 3:29 a.m.47 views

CVE-2018-9009

In libming 0.4.8, there is a use-after-free in the decompileJUMP function of the decompile.c file.

8.8CVSS8.4AI score0.00658EPSS
CVE
CVE
added 2019/05/05 6:29 a.m.47 views

CVE-2019-11766

dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature.

9.8CVSS9.5AI score0.00777EPSS
CVE
CVE
added 2021/04/06 8:15 a.m.47 views

CVE-2020-36307

Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links.

6.1CVSS6AI score0.00415EPSS
CVE
CVE
added 2021/07/19 5:15 p.m.47 views

CVE-2020-36423

An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly consider the case of a hardware accelerator.

7.5CVSS7.7AI score0.00202EPSS
CVE
CVE
added 2023/08/11 2:15 p.m.47 views

CVE-2023-39949

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.9.1 and 2.6.5, improper validation of sequence numbers may lead to remotely reachable assertion failure. This can remotely crash any Fast-DDS process. Versions 2.9...

7.5CVSS7.5AI score0.00067EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.46 views

CVE-1999-1330

The snprintf function in the db library 1.85.4 ignores the size parameter, which could allow attackers to exploit buffer overflows that would be prevented by a properly implemented snprintf.

4.6CVSS7AI score0.00097EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.46 views

CVE-2000-0366

dump in Debian GNU/Linux 2.1 does not properly restore symlinks, which allows a local user to modify the ownership of arbitrary files.

2.1CVSS6.8AI score0.00137EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.46 views

CVE-2000-0512

CUPS (Common Unix Printing System) 1.04 and earlier does not properly delete request files, which allows a remote attacker to cause a denial of service.

5CVSS7AI score0.00763EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.46 views

CVE-2001-0195

sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking.

7.8CVSS7.7AI score0.00083EPSS
CVE
CVE
added 2005/01/10 5:0 a.m.46 views

CVE-2004-0770

romload.c in DGen Emulator 1.23 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files during decompression of (1) gzip or (2) bzip ROM files.

2.1CVSS6.4AI score0.00064EPSS
CVE
CVE
added 2019/11/13 6:15 p.m.46 views

CVE-2010-4532

offlineimap before 6.3.2 does not check for SSL server certificate validation when "ssl = yes" option is specified which can allow man-in-the-middle attacks.

5.9CVSS5.7AI score0.00231EPSS
CVE
CVE
added 2018/01/30 8:29 p.m.46 views

CVE-2011-2902

zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-12+squeeze1 as packaged in Debian squeeze deletes temporary files insecurely, which allows remote attackers to delete arbitrary files via a crafted .pdf.gz file name.

6.4CVSS5.2AI score0.00587EPSS
CVE
CVE
added 2019/11/07 11:15 p.m.46 views

CVE-2013-1811

An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New".

4.3CVSS4.8AI score0.00325EPSS
CVE
CVE
added 2019/12/04 10:15 p.m.46 views

CVE-2013-2745

An SQL Injection vulnerability exists in MiniDLNA prior to 1.1.0

9.8CVSS9.7AI score0.00387EPSS
CVE
CVE
added 2017/10/20 6:29 p.m.46 views

CVE-2013-6049

apt-listbugs before 0.1.10 creates temporary files insecurely, which allows attackers to have unspecified impact via unknown vectors.

7.8CVSS7.8AI score0.00065EPSS
CVE
CVE
added 2013/12/23 10:55 p.m.46 views

CVE-2013-6890

denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service (incorrect block of IP addresses) via crafted login names.

5CVSS6.6AI score0.12171EPSS
CVE
CVE
added 2019/12/10 3:15 p.m.46 views

CVE-2016-1000108

yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HT...

6.1CVSS6.1AI score0.00573EPSS
CVE
CVE
added 2016/08/31 2:59 p.m.46 views

CVE-2016-7118

fs/fcntl.c in the "aufs 3.2.x+setfl-debian" patch in the linux-image package 3.2.0-4 (kernel 3.2.81-1) in Debian wheezy mishandles F_SETFL fcntl calls on directories, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via standard filesystem operations...

5.5CVSS5.7AI score0.00052EPSS
CVE
CVE
added 2017/06/11 5:29 p.m.46 views

CVE-2017-9527

The mark_context_stack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service (heap-based use-after-free and application crash) or possibly have unspecified other impact via a crafted .rb file.

7.8CVSS7.9AI score0.00202EPSS
CVE
CVE
added 2018/02/28 7:29 a.m.46 views

CVE-2018-7556

LimeSurvey 2.6.x before 2.6.7, 2.7x.x before 2.73.1, and 3.x before 3.4.2 mishandles application/controller/InstallerController.php after installation, which allows remote attackers to access the configuration file.

9.1CVSS9.1AI score0.00289EPSS
CVE
CVE
added 2018/03/08 6:29 p.m.46 views

CVE-2018-7867

There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 during a RegisterNumber sprintf. A Crafted input will lead to a denial of service attack.

6.5CVSS7.2AI score0.00563EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.45 views

CVE-1999-0978

htdig allows remote attackers to execute commands via filenames with shell metacharacters.

7.5CVSS7.3AI score0.0083EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.45 views

CVE-2000-0076

nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover.

2.1CVSS6.6AI score0.00099EPSS
CVE
CVE
added 2001/09/18 4:0 a.m.45 views

CVE-2001-0457

man2html before 1.5-22 allows remote attackers to cause a denial of service (memory exhaustion).

5CVSS6.6AI score0.00739EPSS
CVE
CVE
added 2005/07/14 4:0 a.m.45 views

CVE-2001-1561

Buffer overflow in Xvt 2.1 in Debian Linux 2.2 allows local users to execute arbitrary code via long (1) -name and (2) -T arguments.

7.2CVSS7.5AI score0.00219EPSS
CVE
CVE
added 2003/05/17 4:0 a.m.45 views

CVE-2003-0308

The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely create temporary files, which could allow local users to gain additional privileges via (1) expn, (2) checksendmail, or (3) doublebounce.pl.

7.2CVSS6.3AI score0.00061EPSS
CVE
CVE
added 2004/12/06 5:0 a.m.45 views

CVE-2004-0451

Multiple format string vulnerabilities in the (1) logquit, (2) logerr, or (3) loginfo functions in Software Upgrade Protocol (SUP) allows remote attackers to execute arbitrary code via format string specifiers in messages that are logged by syslog.

10CVSS7.5AI score0.03657EPSS
CVE
CVE
added 2004/12/06 5:0 a.m.45 views

CVE-2004-0455

Buffer overflow in cgi.c in www-sql before 0.5.7 allows local users to execute arbitrary code via a web page that is processed by www-sql.

7.2CVSS7.3AI score0.00135EPSS
CVE
CVE
added 2005/02/11 5:0 a.m.45 views

CVE-2004-1180

Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on little endian architectures, allows remote attackers to cause a denial of service (application crash).

5CVSS6.3AI score0.00763EPSS
CVE
CVE
added 2006/03/23 11:6 a.m.45 views

CVE-2006-0050

snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary log file.

1.2CVSS6AI score0.00064EPSS
CVE
CVE
added 2019/11/08 12:15 a.m.45 views

CVE-2008-7291

gri before 2.12.18 generates temporary files in an insecure way.

9.8CVSS9.4AI score0.00432EPSS
CVE
CVE
added 2019/11/21 2:15 p.m.45 views

CVE-2012-2350

pam_shield before 0.9.4: Default configuration does not perform protective action

7.5CVSS7.5AI score0.00425EPSS
CVE
CVE
added 2019/12/20 3:15 p.m.45 views

CVE-2012-6111

gnome-keyring does not discard stored secrets when using gnome_keyring_lock_all_sync function

7.5CVSS7.5AI score0.0039EPSS
CVE
CVE
added 2018/07/16 2:29 p.m.45 views

CVE-2014-2079

X File Explorer (aka xfe) might allow local users to bypass intended access restrictions and gain access to arbitrary files by leveraging failure to use directory masks when creating files on Samba and NFS shares.

5.5CVSS5.6AI score0.00068EPSS
Web
CVE
CVE
added 2016/05/06 5:59 p.m.45 views

CVE-2015-0857

Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell metacharacters in the name of a (1) tar file or (2) file within a tar file.

10CVSS9.6AI score0.03116EPSS
Total number of security vulnerabilities9134