Lucene search

K
DebianDebian Linux

9127 matches found

CVE
CVE
added 2013/11/05 9:55 p.m.44 views

CVE-2013-4135

The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.

4.3CVSS6.1AI score0.00283EPSS
CVE
CVE
added 2018/07/16 2:29 p.m.44 views

CVE-2014-2079

X File Explorer (aka xfe) might allow local users to bypass intended access restrictions and gain access to arbitrary files by leveraging failure to use directory masks when creating files on Samba and NFS shares.

5.5CVSS5.6AI score0.00068EPSS
CVE
CVE
added 2014/12/16 6:59 p.m.44 views

CVE-2014-9057

SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5CVSS8.3AI score0.00356EPSS
CVE
CVE
added 2017/12/14 4:29 p.m.44 views

CVE-2017-17514

boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER en...

8.8CVSS8.4AI score0.0056EPSS
CVE
CVE
added 2018/11/30 10:29 a.m.44 views

CVE-2018-19777

In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool.

5.5CVSS5.6AI score0.00282EPSS
CVE
CVE
added 2020/07/01 11:15 a.m.44 views

CVE-2020-15472

In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based buffer over-read in ndpi_search_h323 in lib/protocols/h323.c, as demonstrated by a payload packet length that is too short.

9.1CVSS9.1AI score0.00599EPSS
CVE
CVE
added 2020/07/01 11:15 a.m.44 views

CVE-2020-15476

In nDPI through 3.2, the Oracle protocol dissector has a heap-based buffer over-read in ndpi_search_oracle in lib/protocols/oracle.c.

7.5CVSS7.4AI score0.01026EPSS
CVE
CVE
added 2023/02/22 7:15 a.m.44 views

CVE-2023-26314

The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.

8.8CVSS8.9AI score0.00529EPSS
CVE
CVE
added 2023/05/09 2:15 p.m.44 views

CVE-2023-31137

MaraDNS is open-source software that implements the Domain Name System (DNS). In version 3.5.0024 and prior, a remotely exploitable integer underflow vulnerability in the DNS packet decompression function allows an attacker to cause a Denial of Service by triggering an abnormal program termination....

7.5CVSS7.3AI score0.00865EPSS
CVE
CVE
added 2023/08/11 2:15 p.m.44 views

CVE-2023-39947

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, even after the fix at commit 3492270, malformed PID_PROPERTY_LIST parameters cause heap overflow at a different program counter. Th...

8.2CVSS7.8AI score0.00081EPSS
CVE
CVE
added 2023/08/11 2:15 p.m.44 views

CVE-2023-39949

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.9.1 and 2.6.5, improper validation of sequence numbers may lead to remotely reachable assertion failure. This can remotely crash any Fast-DDS process. Versions 2.9...

7.5CVSS7.5AI score0.00067EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.43 views

CVE-1999-0939

Denial of service in Debian IRC Epic/epic4 client via a long string.

5CVSS6.9AI score0.0052EPSS
CVE
CVE
added 2001/09/12 4:0 a.m.43 views

CVE-1999-1182

Buffer overflow in run-time linkers (1) ld.so or (2) ld-linux.so for Linux systems allows local users to gain privileges by calling a setuid program with a long program name (argv[0]) and forcing ld.so/ld-linux.so to report an error.

7.2CVSS7.7AI score0.00068EPSS
CVE
CVE
added 2000/07/19 4:0 a.m.43 views

CVE-2000-0607

Buffer overflow in fld program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via an input file containing long CHARSET_REGISTRY or CHARSET_ENCODING settings.

7.2CVSS7.3AI score0.00111EPSS
CVE
CVE
added 2001/01/22 5:0 a.m.43 views

CVE-2000-1135

fshd (fsh daemon) in Debian GNU/Linux allows local users to overwrite files of other users via a symlink attack.

4.6CVSS6.6AI score0.00066EPSS
CVE
CVE
added 2001/09/18 4:0 a.m.43 views

CVE-2001-0235

Vulnerability in crontab allows local users to read crontab files of other users by replacing the temporary file that is being edited while crontab is running.

2.1CVSS6AI score0.00102EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.43 views

CVE-2001-0763

Buffer overflow in Linux xinetd 2.1.8.9pre11-1 and earlier may allow remote attackers to execute arbitrary code via a long ident response, which is not properly handled by the svc_logprint function.

7.5CVSS7.9AI score0.25353EPSS
CVE
CVE
added 2019/11/07 10:15 p.m.43 views

CVE-2007-5743

viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option.

7.5CVSS7.4AI score0.00346EPSS
CVE
CVE
added 2019/10/31 4:15 p.m.43 views

CVE-2009-5043

burn allows file names to escape via mishandled quotation marks

9.8CVSS9.3AI score0.00432EPSS
CVE
CVE
added 2019/12/05 5:15 p.m.43 views

CVE-2013-0326

OpenStack nova base images permissions are world readable

5.5CVSS5.5AI score0.00112EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.42 views

CVE-2000-0584

Buffer overflow in Canna input system allows remote attackers to execute arbitrary commands via an SR_INIT command with a long user name or group name.

10CVSS7.9AI score0.05328EPSS
CVE
CVE
added 2001/09/18 4:0 a.m.42 views

CVE-2001-0430

Vulnerability in exuberant-ctags before 3.2.4-0.1 insecurely creates temporary files.

3.6CVSS6.5AI score0.00261EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.42 views

CVE-2002-0401

SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via malformed packets that cause Ethereal to dereference a NULL pointer.

7.5CVSS7.9AI score0.05817EPSS
CVE
CVE
added 2019/11/06 3:15 a.m.42 views

CVE-2006-4245

archivemail 0.6.2 uses temporary files insecurely leading to a possible race condition.

8.1CVSS7.9AI score0.00335EPSS
CVE
CVE
added 2019/11/27 6:15 p.m.42 views

CVE-2012-2248

An issue was discovered in dhclient 4.3.1-6 due to an embedded path variable.

9.3CVSS7.9AI score0.0244EPSS
CVE
CVE
added 2019/11/13 4:15 p.m.42 views

CVE-2012-4384

letodms has multiple XSS issues: Reflected XSS in Login Page, Stored XSS in Document Owner/User name, Stored XSS in Calendar

6.1CVSS5.9AI score0.0045EPSS
CVE
CVE
added 2025/06/26 9:15 p.m.42 views

CVE-2014-7210

pdns specific as packaged in Debian in version before 3.3.1-1 creates a too privileged MySQL user. It was discovered that the maintainer scripts of pdns-backend-mysql grant too wide database permissions for the pdns user. Other backendsare not affected.

9.8CVSS6.4AI score0.00067EPSS
CVE
CVE
added 2018/02/26 3:29 p.m.42 views

CVE-2018-7487

There is a heap-based buffer overflow in the LoadPCX function of in_pcx.cpp in sam2p 0.49.4. A Crafted input will lead to a denial of service or possibly unspecified other impact.

7.8CVSS8.9AI score0.00198EPSS
CVE
CVE
added 2018/02/28 6:29 a.m.42 views

CVE-2018-7551

There is an invalid free in MiniPS::delete0 in minips.cpp that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.

9.8CVSS9.5AI score0.00597EPSS
CVE
CVE
added 2018/02/28 6:29 a.m.42 views

CVE-2018-7554

There is an invalid free in ReadImage in input-bmp.ci that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.

9.8CVSS9.5AI score0.00597EPSS
CVE
CVE
added 2022/01/01 9:15 p.m.42 views

CVE-2021-45972

The giftrans function in giftrans 1.12.2 contains a stack-based buffer overflow because a value inside the input file determines the amount of data to write. This allows an attacker to overwrite up to 250 bytes outside of the allocated buffer with arbitrary data.

7.1CVSS7AI score0.00258EPSS
CVE
CVE
added 2001/10/18 4:0 a.m.41 views

CVE-2001-0755

Buffer overflow in ftp daemon (ftpd) 6.2 in Debian GNU/Linux allows attackers to cause a denial of service and possibly execute arbitrary code via a long SITE command.

7.5CVSS8.2AI score0.00873EPSS
CVE
CVE
added 2003/08/18 4:0 a.m.41 views

CVE-2003-0440

The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and possibly other versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

4.6CVSS6.1AI score0.00061EPSS
CVE
CVE
added 2006/03/31 11:6 a.m.41 views

CVE-2006-1564

Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that...

4.6CVSS6.5AI score0.00074EPSS
CVE
CVE
added 2006/03/31 11:6 a.m.41 views

CVE-2006-1565

Untrusted search path vulnerability in libgpib-perl 3.2.06-2 in Debian GNU/Linux includes an RPATH value under the /tmp/buildd directory for the LinuxGpib.so module, which might allow local users to gain privileges by installing malicious libraries in that directory.

4.6CVSS6.6AI score0.00117EPSS
CVE
CVE
added 2019/11/07 9:15 p.m.41 views

CVE-2010-2450

The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable b...

7.5CVSS7.4AI score0.00163EPSS
CVE
CVE
added 2019/11/14 2:15 a.m.41 views

CVE-2011-1588

Thunar before 1.3.1 could crash when copy and pasting a file name with % format characters due to a format string error.

7.8CVSS7.5AI score0.0032EPSS
CVE
CVE
added 2019/11/27 7:15 p.m.41 views

CVE-2011-2207

dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate.

5.3CVSS5.3AI score0.01445EPSS
CVE
CVE
added 2019/11/12 3:15 p.m.41 views

CVE-2011-3618

atop: symlink attack possible due to insecure tempfile handling

7.8CVSS7.5AI score0.00107EPSS
CVE
CVE
added 2018/04/20 8:29 p.m.41 views

CVE-2014-10073

The create_response function in server/server.c in Psensor before 1.1.4 allows Directory Traversal because it lacks a check for whether a file is under the webserver directory.

7.5CVSS7.4AI score0.00353EPSS
CVE
CVE
added 2023/02/09 10:15 p.m.41 views

CVE-2023-0770

Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.

7.8CVSS7.7AI score0.00034EPSS
CVE
CVE
added 2023/08/11 2:15 p.m.41 views

CVE-2023-39534

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0, 2.9.2, and 2.6.5, a malformed GAP submessage can trigger assertion failure, crashing FastDDS. Version 2.10.0, 2.9.2, and 2.6.5 contain a patch for this issue...

7.5CVSS7.4AI score0.00068EPSS
CVE
CVE
added 2023/08/11 2:15 p.m.41 views

CVE-2023-39946

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, heap can be overflowed by providing a PID_PROPERTY_LIST parameter that contains a CDR string with length larger than the size of ac...

8.2CVSS7.6AI score0.00068EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.40 views

CVE-1999-0341

Buffer overflow in the Linux mail program "deliver" allows local users to gain root access.

7.2CVSS7.6AI score0.00063EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.40 views

CVE-2001-0069

dialog before 0.9a-20000118-3bis in Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack.

2.1CVSS6.7AI score0.00109EPSS
CVE
CVE
added 2002/05/03 4:0 a.m.40 views

CVE-2001-1331

mandb in the man-db package before 2.3.16-3 allows local users to overwrite arbitrary files via the command line options (1) -u or (2) -c, which do not drop privileges and follow symlinks.

1.2CVSS6.5AI score0.00066EPSS
CVE
CVE
added 2019/11/14 1:15 a.m.40 views

CVE-2011-1136

In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's file.

6.3CVSS4.8AI score0.00256EPSS
CVE
CVE
added 2018/06/20 6:29 p.m.40 views

CVE-2018-12601

There is a heap-based buffer overflow in ReadImage in input-tga.ci in sam2p 0.49.4 that leads to a denial of service or possibly unspecified other impact.

9.8CVSS9.7AI score0.00569EPSS
CVE
CVE
added 2018/02/28 6:29 a.m.40 views

CVE-2018-7552

There is an invalid free in Mapping::DoubleHash::clear in mapping.cpp that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.

9.8CVSS9.5AI score0.00597EPSS
CVE
CVE
added 2001/09/12 4:0 a.m.39 views

CVE-1999-1390

suidexec in suidmanager 0.18 on Debian 2.0 allows local users to gain root privileges by specifying a malicious program on the command line.

7.2CVSS7.4AI score0.00148EPSS
Total number of security vulnerabilities9127