Lucene search

K
DebianDebian Linux

9127 matches found

CVE
CVE
added 2020/07/06 2:15 p.m.47 views

CVE-2020-15569

PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-after-free in the PlayerGeneric destructor.

5.5CVSS5.6AI score0.002EPSS
CVE
CVE
added 2021/04/06 8:15 a.m.47 views

CVE-2020-36307

Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links.

6.1CVSS6AI score0.00415EPSS
CVE
CVE
added 2023/08/31 8:15 p.m.47 views

CVE-2023-39355

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Versions of FreeRDP on the 3.x release branch before beta3 are subject to a Use-After-Free in processing RDPGFX_CMDID_RESETGRAPHICS packets. If context->maxPlaneSize is 0, context->planes...

9.8CVSS8.2AI score0.00277EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.46 views

CVE-1999-0914

Buffer overflow in the FTP client in the Debian GNU/Linux netstd package.

7.2CVSS7.3AI score0.0041EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.46 views

CVE-1999-1330

The snprintf function in the db library 1.85.4 ignores the size parameter, which could allow attackers to exploit buffer overflows that would be prevented by a properly implemented snprintf.

4.6CVSS7AI score0.00097EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.46 views

CVE-2000-0366

dump in Debian GNU/Linux 2.1 does not properly restore symlinks, which allows a local user to modify the ownership of arbitrary files.

2.1CVSS6.8AI score0.00137EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.46 views

CVE-2000-0512

CUPS (Common Unix Printing System) 1.04 and earlier does not properly delete request files, which allows a remote attacker to cause a denial of service.

5CVSS7AI score0.00763EPSS
CVE
CVE
added 2001/01/22 5:0 a.m.46 views

CVE-2000-0888

named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by sending an SRV record to the server, aka the "srv bug."

5CVSS6.6AI score0.15771EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.46 views

CVE-2001-0195

sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking.

7.8CVSS7.7AI score0.00083EPSS
CVE
CVE
added 2004/05/04 4:0 a.m.46 views

CVE-2003-0618

Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local user to obtain sensitive information about files for which the user does not have appropriate permissions.

2.1CVSS5.8AI score0.00054EPSS
CVE
CVE
added 2005/01/10 5:0 a.m.46 views

CVE-2004-0770

romload.c in DGen Emulator 1.23 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files during decompression of (1) gzip or (2) bzip ROM files.

2.1CVSS6.4AI score0.00064EPSS
CVE
CVE
added 2019/11/13 6:15 p.m.46 views

CVE-2010-4532

offlineimap before 6.3.2 does not check for SSL server certificate validation when "ssl = yes" option is specified which can allow man-in-the-middle attacks.

5.9CVSS5.7AI score0.00231EPSS
CVE
CVE
added 2019/11/07 11:15 p.m.46 views

CVE-2013-1811

An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New".

4.3CVSS4.8AI score0.00325EPSS
CVE
CVE
added 2013/09/16 7:14 p.m.46 views

CVE-2013-4233

Integer overflow in the abc_set_parts function in load_abc.cpp in libmodplug 0.8.8.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted P header in an ABC file, which triggers a heap-based buffer overflow.

6.8CVSS7.9AI score0.03846EPSS
CVE
CVE
added 2017/10/20 6:29 p.m.46 views

CVE-2013-6049

apt-listbugs before 0.1.10 creates temporary files insecurely, which allows attackers to have unspecified impact via unknown vectors.

7.8CVSS7.8AI score0.00065EPSS
CVE
CVE
added 2013/12/23 10:55 p.m.46 views

CVE-2013-6890

denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service (incorrect block of IP addresses) via crafted login names.

5CVSS6.6AI score0.12171EPSS
CVE
CVE
added 2018/10/01 8:29 a.m.46 views

CVE-2015-9267

Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program.

5.5CVSS6AI score0.00042EPSS
CVE
CVE
added 2019/12/10 3:15 p.m.46 views

CVE-2016-1000108

yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HT...

6.1CVSS6.1AI score0.00573EPSS
CVE
CVE
added 2018/07/17 3:29 a.m.46 views

CVE-2018-14337

The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrb_str_resize function in string.c does not check for a negative length.

7.5CVSS7.5AI score0.00384EPSS
CVE
CVE
added 2018/02/28 7:29 a.m.46 views

CVE-2018-7556

LimeSurvey 2.6.x before 2.6.7, 2.7x.x before 2.73.1, and 3.x before 3.4.2 mishandles application/controller/InstallerController.php after installation, which allows remote attackers to access the configuration file.

9.1CVSS9.1AI score0.00304EPSS
CVE
CVE
added 2018/03/08 6:29 p.m.46 views

CVE-2018-7867

There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 during a RegisterNumber sprintf. A Crafted input will lead to a denial of service attack.

6.5CVSS7.2AI score0.00563EPSS
CVE
CVE
added 2018/03/08 6:29 p.m.46 views

CVE-2018-7877

There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 for DOUBLE data. A Crafted input will lead to a denial of service attack.

6.5CVSS6.6AI score0.00544EPSS
CVE
CVE
added 2019/05/05 6:29 a.m.46 views

CVE-2019-11766

dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature.

9.8CVSS9.5AI score0.00777EPSS
CVE
CVE
added 2021/07/19 5:15 p.m.46 views

CVE-2020-36423

An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly consider the case of a hardware accelerator.

7.5CVSS7.7AI score0.00101EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.45 views

CVE-1999-0978

htdig allows remote attackers to execute commands via filenames with shell metacharacters.

7.5CVSS7.3AI score0.0083EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.45 views

CVE-2000-0076

nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover.

2.1CVSS6.6AI score0.00099EPSS
CVE
CVE
added 2001/09/18 4:0 a.m.45 views

CVE-2001-0457

man2html before 1.5-22 allows remote attackers to cause a denial of service (memory exhaustion).

5CVSS6.6AI score0.00739EPSS
CVE
CVE
added 2005/07/14 4:0 a.m.45 views

CVE-2001-1561

Buffer overflow in Xvt 2.1 in Debian Linux 2.2 allows local users to execute arbitrary code via long (1) -name and (2) -T arguments.

7.2CVSS7.5AI score0.00219EPSS
CVE
CVE
added 2003/05/17 4:0 a.m.45 views

CVE-2003-0308

The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely create temporary files, which could allow local users to gain additional privileges via (1) expn, (2) checksendmail, or (3) doublebounce.pl.

7.2CVSS6.3AI score0.00061EPSS
CVE
CVE
added 2004/12/06 5:0 a.m.45 views

CVE-2004-0451

Multiple format string vulnerabilities in the (1) logquit, (2) logerr, or (3) loginfo functions in Software Upgrade Protocol (SUP) allows remote attackers to execute arbitrary code via format string specifiers in messages that are logged by syslog.

10CVSS7.5AI score0.03657EPSS
CVE
CVE
added 2004/12/06 5:0 a.m.45 views

CVE-2004-0455

Buffer overflow in cgi.c in www-sql before 0.5.7 allows local users to execute arbitrary code via a web page that is processed by www-sql.

7.2CVSS7.3AI score0.00135EPSS
CVE
CVE
added 2005/02/11 5:0 a.m.45 views

CVE-2004-1180

Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on little endian architectures, allows remote attackers to cause a denial of service (application crash).

5CVSS6.3AI score0.00763EPSS
CVE
CVE
added 2018/01/30 8:29 p.m.45 views

CVE-2011-2902

zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-12+squeeze1 as packaged in Debian squeeze deletes temporary files insecurely, which allows remote attackers to delete arbitrary files via a crafted .pdf.gz file name.

6.4CVSS5.2AI score0.00587EPSS
CVE
CVE
added 2019/11/21 2:15 p.m.45 views

CVE-2012-2350

pam_shield before 0.9.4: Default configuration does not perform protective action

7.5CVSS7.5AI score0.00425EPSS
CVE
CVE
added 2016/05/06 5:59 p.m.45 views

CVE-2015-0857

Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell metacharacters in the name of a (1) tar file or (2) file within a tar file.

10CVSS9.6AI score0.03116EPSS
CVE
CVE
added 2016/08/31 2:59 p.m.45 views

CVE-2016-7118

fs/fcntl.c in the "aufs 3.2.x+setfl-debian" patch in the linux-image package 3.2.0-4 (kernel 3.2.81-1) in Debian wheezy mishandles F_SETFL fcntl calls on directories, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via standard filesystem operations...

5.5CVSS5.7AI score0.00052EPSS
CVE
CVE
added 2017/06/11 5:29 p.m.45 views

CVE-2017-9527

The mark_context_stack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service (heap-based use-after-free and application crash) or possibly have unspecified other impact via a crafted .rb file.

7.8CVSS7.9AI score0.00202EPSS
CVE
CVE
added 2018/02/16 4:29 p.m.45 views

CVE-2018-7186

Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and pta...

9.8CVSS7.7AI score0.02895EPSS
CVE
CVE
added 2018/03/08 6:29 p.m.45 views

CVE-2018-7873

There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 for INTEGER data. A Crafted input will lead to a denial of service attack.

6.5CVSS7.2AI score0.01383EPSS
CVE
CVE
added 2023/04/06 5:15 a.m.45 views

CVE-2023-29415

An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A denial of service (process hang) can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais.

6.5CVSS6.9AI score0.00116EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.44 views

CVE-2001-0193

Format string vulnerability in man in some Linux distributions allows local users to gain privileges via a malformed -l parameter.

7.2CVSS6.5AI score0.00205EPSS
CVE
CVE
added 2004/05/04 4:0 a.m.44 views

CVE-2003-0648

Multiple buffer overflows in vfte, based on FTE, before 0.50, allow local users to execute arbitrary code.

10CVSS6.9AI score0.01762EPSS
CVE
CVE
added 2005/02/09 5:0 a.m.44 views

CVE-2004-0964

Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for Linux, allows remote attackers or local users to execute arbitrary code via certain values in a .pls file.

10CVSS7.5AI score0.85695EPSS
CVE
CVE
added 2006/03/23 11:6 a.m.44 views

CVE-2006-0050

snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary log file.

1.2CVSS6AI score0.00064EPSS
CVE
CVE
added 2019/11/08 12:15 a.m.44 views

CVE-2008-7291

gri before 2.12.18 generates temporary files in an insecure way.

9.8CVSS9.4AI score0.00432EPSS
CVE
CVE
added 2019/11/12 7:15 p.m.44 views

CVE-2010-3359

If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. This can allow a local user to trick another user into running gargoyle in a directory with a cracked libgarglk.so and gain access to the user's account.

4.8CVSS5AI score0.00127EPSS
CVE
CVE
added 2019/11/27 9:15 p.m.44 views

CVE-2011-2515

PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code.

5.3CVSS5.4AI score0.00165EPSS
CVE
CVE
added 2019/12/20 3:15 p.m.44 views

CVE-2012-6111

gnome-keyring does not discard stored secrets when using gnome_keyring_lock_all_sync function

7.5CVSS7.5AI score0.0039EPSS
CVE
CVE
added 2019/11/07 10:15 p.m.44 views

CVE-2013-1429

Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using crafted symlinks.

6.3CVSS6.2AI score0.00786EPSS
CVE
CVE
added 2019/12/04 10:15 p.m.44 views

CVE-2013-2745

An SQL Injection vulnerability exists in MiniDLNA prior to 1.1.0

9.8CVSS9.7AI score0.00387EPSS
Total number of security vulnerabilities9127