Lucene search

K
DebianDebian Linux

9134 matches found

CVE
CVE
added 2018/02/16 4:29 p.m.45 views

CVE-2018-7186

Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and pta...

9.8CVSS7.7AI score0.02895EPSS
CVE
CVE
added 2018/03/08 6:29 p.m.45 views

CVE-2018-7873

There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 for INTEGER data. A Crafted input will lead to a denial of service attack.

6.5CVSS7.2AI score0.01383EPSS
CVE
CVE
added 2020/07/01 11:15 a.m.45 views

CVE-2020-15472

In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based buffer over-read in ndpi_search_h323 in lib/protocols/h323.c, as demonstrated by a payload packet length that is too short.

9.1CVSS9.1AI score0.00657EPSS
CVE
CVE
added 2020/07/01 11:15 a.m.45 views

CVE-2020-15476

In nDPI through 3.2, the Oracle protocol dissector has a heap-based buffer over-read in ndpi_search_oracle in lib/protocols/oracle.c.

7.5CVSS7.4AI score0.01065EPSS
CVE
CVE
added 2023/04/06 5:15 a.m.45 views

CVE-2023-29415

An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A denial of service (process hang) can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais.

6.5CVSS6.9AI score0.00116EPSS
CVE
CVE
added 2023/08/11 2:15 p.m.45 views

CVE-2023-39947

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, even after the fix at commit 3492270, malformed PID_PROPERTY_LIST parameters cause heap overflow at a different program counter. Th...

8.2CVSS7.8AI score0.00081EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.44 views

CVE-1999-0939

Denial of service in Debian IRC Epic/epic4 client via a long string.

5CVSS6.9AI score0.0052EPSS
CVE
CVE
added 2000/07/19 4:0 a.m.44 views

CVE-2000-0607

Buffer overflow in fld program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via an input file containing long CHARSET_REGISTRY or CHARSET_ENCODING settings.

7.2CVSS7.3AI score0.00111EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.44 views

CVE-2001-0193

Format string vulnerability in man in some Linux distributions allows local users to gain privileges via a malformed -l parameter.

7.2CVSS6.5AI score0.00205EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.44 views

CVE-2001-0763

Buffer overflow in Linux xinetd 2.1.8.9pre11-1 and earlier may allow remote attackers to execute arbitrary code via a long ident response, which is not properly handled by the svc_logprint function.

7.5CVSS7.9AI score0.25353EPSS
CVE
CVE
added 2004/05/04 4:0 a.m.44 views

CVE-2003-0648

Multiple buffer overflows in vfte, based on FTE, before 0.50, allow local users to execute arbitrary code.

10CVSS6.9AI score0.01762EPSS
CVE
CVE
added 2005/02/09 5:0 a.m.44 views

CVE-2004-0964

Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for Linux, allows remote attackers or local users to execute arbitrary code via certain values in a .pls file.

10CVSS7.5AI score0.85695EPSS
CVE
CVE
added 2019/11/12 7:15 p.m.44 views

CVE-2010-3359

If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. This can allow a local user to trick another user into running gargoyle in a directory with a cracked libgarglk.so and gain access to the user's account.

4.8CVSS5AI score0.00127EPSS
CVE
CVE
added 2019/11/27 9:15 p.m.44 views

CVE-2011-2515

PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code.

5.3CVSS5.4AI score0.00165EPSS
CVE
CVE
added 2019/12/05 5:15 p.m.44 views

CVE-2013-0326

OpenStack nova base images permissions are world readable

5.5CVSS5.5AI score0.00112EPSS
CVE
CVE
added 2019/11/07 10:15 p.m.44 views

CVE-2013-1429

Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using crafted symlinks.

6.3CVSS6.2AI score0.00786EPSS
CVE
CVE
added 2013/11/05 9:55 p.m.44 views

CVE-2013-4135

The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.

4.3CVSS6.1AI score0.00283EPSS
CVE
CVE
added 2014/12/16 6:59 p.m.44 views

CVE-2014-9057

SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5CVSS8.3AI score0.00356EPSS
CVE
CVE
added 2017/12/14 4:29 p.m.44 views

CVE-2017-17514

boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER en...

8.8CVSS8.4AI score0.0056EPSS
CVE
CVE
added 2018/11/30 10:29 a.m.44 views

CVE-2018-19777

In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool.

5.5CVSS5.6AI score0.00277EPSS
CVE
CVE
added 2023/02/22 7:15 a.m.44 views

CVE-2023-26314

The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.

8.8CVSS8.9AI score0.00529EPSS
CVE
CVE
added 2023/05/09 2:15 p.m.44 views

CVE-2023-31137

MaraDNS is open-source software that implements the Domain Name System (DNS). In version 3.5.0024 and prior, a remotely exploitable integer underflow vulnerability in the DNS packet decompression function allows an attacker to cause a Denial of Service by triggering an abnormal program termination....

7.5CVSS7.3AI score0.00865EPSS
CVE
CVE
added 2001/09/12 4:0 a.m.43 views

CVE-1999-1182

Buffer overflow in run-time linkers (1) ld.so or (2) ld-linux.so for Linux systems allows local users to gain privileges by calling a setuid program with a long program name (argv[0]) and forcing ld.so/ld-linux.so to report an error.

7.2CVSS7.7AI score0.00068EPSS
CVE
CVE
added 2001/01/22 5:0 a.m.43 views

CVE-2000-1135

fshd (fsh daemon) in Debian GNU/Linux allows local users to overwrite files of other users via a symlink attack.

4.6CVSS6.6AI score0.00066EPSS
CVE
CVE
added 2001/09/18 4:0 a.m.43 views

CVE-2001-0235

Vulnerability in crontab allows local users to read crontab files of other users by replacing the temporary file that is being edited while crontab is running.

2.1CVSS6AI score0.00102EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.43 views

CVE-2002-0401

SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via malformed packets that cause Ethereal to dereference a NULL pointer.

7.5CVSS7.9AI score0.05817EPSS
CVE
CVE
added 2019/11/07 10:15 p.m.43 views

CVE-2007-5743

viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option.

7.5CVSS7.4AI score0.00346EPSS
CVE
CVE
added 2019/10/31 4:15 p.m.43 views

CVE-2009-5043

burn allows file names to escape via mishandled quotation marks

9.8CVSS9.3AI score0.00432EPSS
CVE
CVE
added 2019/11/13 4:15 p.m.43 views

CVE-2012-4384

letodms has multiple XSS issues: Reflected XSS in Login Page, Stored XSS in Document Owner/User name, Stored XSS in Calendar

6.1CVSS5.9AI score0.0045EPSS
CVE
CVE
added 2022/01/01 9:15 p.m.43 views

CVE-2021-45972

The giftrans function in giftrans 1.12.2 contains a stack-based buffer overflow because a value inside the input file determines the amount of data to write. This allows an attacker to overwrite up to 250 bytes outside of the allocated buffer with arbitrary data.

7.1CVSS7AI score0.00258EPSS
CVE
CVE
added 2023/08/11 2:15 p.m.43 views

CVE-2023-39946

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, heap can be overflowed by providing a PID_PROPERTY_LIST parameter that contains a CDR string with length larger than the size of ac...

8.2CVSS7.6AI score0.00066EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.42 views

CVE-2000-0584

Buffer overflow in Canna input system allows remote attackers to execute arbitrary commands via an SR_INIT command with a long user name or group name.

10CVSS7.9AI score0.05328EPSS
CVE
CVE
added 2001/09/18 4:0 a.m.42 views

CVE-2001-0430

Vulnerability in exuberant-ctags before 3.2.4-0.1 insecurely creates temporary files.

3.6CVSS6.5AI score0.00261EPSS
CVE
CVE
added 2003/08/18 4:0 a.m.42 views

CVE-2003-0440

The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and possibly other versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

4.6CVSS6.1AI score0.00061EPSS
CVE
CVE
added 2006/03/31 11:6 a.m.42 views

CVE-2006-1565

Untrusted search path vulnerability in libgpib-perl 3.2.06-2 in Debian GNU/Linux includes an RPATH value under the /tmp/buildd directory for the LinuxGpib.so module, which might allow local users to gain privileges by installing malicious libraries in that directory.

4.6CVSS6.6AI score0.00117EPSS
CVE
CVE
added 2019/11/06 3:15 a.m.42 views

CVE-2006-4245

archivemail 0.6.2 uses temporary files insecurely leading to a possible race condition.

8.1CVSS7.9AI score0.00335EPSS
CVE
CVE
added 2019/11/27 6:15 p.m.42 views

CVE-2012-2248

An issue was discovered in dhclient 4.3.1-6 due to an embedded path variable.

9.3CVSS7.9AI score0.0244EPSS
CVE
CVE
added 2025/06/26 9:15 p.m.42 views

CVE-2014-7210

pdns specific as packaged in Debian in version before 3.3.1-1 creates a too privileged MySQL user. It was discovered that the maintainer scripts of pdns-backend-mysql grant too wide database permissions for the pdns user. Other backendsare not affected.

9.8CVSS6.4AI score0.00067EPSS
CVE
CVE
added 2018/02/26 3:29 p.m.42 views

CVE-2018-7487

There is a heap-based buffer overflow in the LoadPCX function of in_pcx.cpp in sam2p 0.49.4. A Crafted input will lead to a denial of service or possibly unspecified other impact.

7.8CVSS8.9AI score0.00198EPSS
CVE
CVE
added 2018/02/28 6:29 a.m.42 views

CVE-2018-7551

There is an invalid free in MiniPS::delete0 in minips.cpp that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.

9.8CVSS9.5AI score0.00567EPSS
CVE
CVE
added 2018/02/28 6:29 a.m.42 views

CVE-2018-7554

There is an invalid free in ReadImage in input-bmp.ci that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.

9.8CVSS9.5AI score0.00567EPSS
CVE
CVE
added 2023/08/11 2:15 p.m.42 views

CVE-2023-39534

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0, 2.9.2, and 2.6.5, a malformed GAP submessage can trigger assertion failure, crashing FastDDS. Version 2.10.0, 2.9.2, and 2.6.5 contain a patch for this issue...

7.5CVSS7.4AI score0.00068EPSS
CVE
CVE
added 2001/10/18 4:0 a.m.41 views

CVE-2001-0755

Buffer overflow in ftp daemon (ftpd) 6.2 in Debian GNU/Linux allows attackers to cause a denial of service and possibly execute arbitrary code via a long SITE command.

7.5CVSS8.2AI score0.00873EPSS
CVE
CVE
added 2006/03/31 11:6 a.m.41 views

CVE-2006-1564

Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that...

4.6CVSS6.5AI score0.00074EPSS
CVE
CVE
added 2019/11/07 9:15 p.m.41 views

CVE-2010-2450

The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable b...

7.5CVSS7.4AI score0.00163EPSS
CVE
CVE
added 2019/11/14 1:15 a.m.41 views

CVE-2011-1136

In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's file.

6.3CVSS4.8AI score0.00256EPSS
CVE
CVE
added 2019/11/14 2:15 a.m.41 views

CVE-2011-1588

Thunar before 1.3.1 could crash when copy and pasting a file name with % format characters due to a format string error.

7.8CVSS7.5AI score0.0032EPSS
CVE
CVE
added 2019/11/27 7:15 p.m.41 views

CVE-2011-2207

dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate.

5.3CVSS5.3AI score0.01445EPSS
CVE
CVE
added 2019/11/12 3:15 p.m.41 views

CVE-2011-3618

atop: symlink attack possible due to insecure tempfile handling

7.8CVSS7.5AI score0.00107EPSS
CVE
CVE
added 2018/04/20 8:29 p.m.41 views

CVE-2014-10073

The create_response function in server/server.c in Psensor before 1.1.4 allows Directory Traversal because it lacks a check for whether a file is under the webserver directory.

7.5CVSS7.4AI score0.00353EPSS
Total number of security vulnerabilities9134