Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
DebianDebian Linux

9110 matches found

CVE
CVEadded 2020/02/11 1:15 p.m.344 views

CVE-2018-14553

gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).

7.5CVSS7.3AI score0.00646EPSS
CVE
CVEadded 2018/10/17 1:31 a.m.344 views

CVE-2018-3180

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with...

6.8CVSS5.8AI score0.00087EPSS
CVE
CVEadded 2019/10/12 9:15 p.m.344 views

CVE-2019-17531

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an a...

9.8CVSS9.2AI score0.0119EPSS
CVE
CVEadded 2020/02/06 1:15 a.m.344 views

CVE-2020-8649

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.

5.9CVSS6.2AI score0.00094EPSS
CVE
CVEadded 2023/09/05 10:15 p.m.344 views

CVE-2023-4762

Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.7AI score0.11497EPSS
CVE
CVEadded 2020/02/04 9:15 p.m.342 views

CVE-2019-12528

An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.

7.5CVSS7.6AI score0.20521EPSS
CVE
CVEadded 2019/11/26 5:15 p.m.342 views

CVE-2019-18676

An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy. Severity is high due to this vulnerability occurring before normal security checks; any remote clie...

7.5CVSS8.4AI score0.01854EPSS
CVE
CVEadded 2019/11/19 10:15 p.m.342 views

CVE-2019-19126

On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR...

3.3CVSS4.8AI score0.00016EPSS
CVE
CVEadded 2020/10/21 3:15 p.m.342 views

CVE-2020-14781

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple pro...

4.3CVSS3.5AI score0.00117EPSS
CVE
CVEadded 2021/03/17 3:15 p.m.342 views

CVE-2021-28660

rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system inte...

8.8CVSS7.6AI score0.00093EPSS
CVE
CVEadded 2021/05/12 11:15 p.m.341 views

CVE-2021-23134

Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability.

7.8CVSS7.5AI score0.00018EPSS
CVE
CVEadded 2016/07/04 10:59 p.m.340 views

CVE-2016-3092

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

7.8CVSS7.5AI score0.44747EPSS
CVE
CVEadded 2019/11/18 6:15 a.m.340 views

CVE-2019-19062

A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042.

4.7CVSS6.5AI score0.00087EPSS
CVE
CVEadded 2021/01/05 5:15 a.m.340 views

CVE-2020-36158

mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.

8.8CVSS7.7AI score0.00579EPSS
CVE
CVEadded 2020/11/04 6:15 p.m.340 views

CVE-2020-8037

The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.

7.5CVSS7.5AI score0.00212EPSS
CVE
CVEadded 2021/07/20 3:15 p.m.340 views

CVE-2021-3246

A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file.

8.8CVSS8.9AI score0.01201EPSS
CVE
CVEadded 2021/07/13 5:15 p.m.340 views

CVE-2021-34552

Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.

9.8CVSS9.6AI score0.0032EPSS
CVE
CVEadded 2021/10/20 11:16 a.m.340 views

CVE-2021-35550

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attac...

7.1CVSS5.8AI score0.00093EPSS
CVE
CVEadded 2022/07/20 6:15 a.m.340 views

CVE-2021-46828

In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.

7.5CVSS7.3AI score0.0032EPSS
CVE
CVEadded 2017/03/28 1:59 a.m.339 views

CVE-2017-6964

dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the (1) setuid or (2) setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root. This affects eject through 2.1.5+deb1...

7.8CVSS7.5AI score0.00086EPSS
CVE
CVEadded 2019/12/24 12:15 a.m.339 views

CVE-2019-19947

In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c.

4.6CVSS5.1AI score0.00112EPSS
CVE
CVEadded 2020/04/15 2:15 p.m.339 views

CVE-2020-2803

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

8.3CVSS8.2AI score0.03208EPSS
CVE
CVEadded 2020/12/09 5:15 p.m.339 views

CVE-2020-29660

A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.

4.4CVSS6.3AI score0.00105EPSS
CVE
CVEadded 2022/01/10 2:12 p.m.339 views

CVE-2022-22822

addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

9.8CVSS9.5AI score0.01329EPSS
CVE
CVEadded 2018/12/03 6:29 a.m.338 views

CVE-2018-19788

A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.

9CVSS6.4AI score0.41245EPSS
CVE
CVEadded 2020/04/15 7:15 p.m.338 views

CVE-2019-12521

An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements...

5.9CVSS7.5AI score0.00565EPSS
CVE
CVEadded 2021/05/11 8:15 p.m.338 views

CVE-2020-26147

An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames a...

5.4CVSS6.3AI score0.00478EPSS
CVE
CVEadded 2020/11/16 9:15 p.m.338 views

CVE-2020-26217

XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is ...

9.3CVSS8.2AI score0.93566EPSS
CVE
CVEadded 2020/12/03 5:15 p.m.338 views

CVE-2020-27783

A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.

6.1CVSS6.4AI score0.01026EPSS
CVE
CVEadded 2021/10/12 6:15 p.m.338 views

CVE-2021-3671

A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server.

6.5CVSS7.1AI score0.01131EPSS
CVE
CVEadded 2021/08/05 8:15 p.m.338 views

CVE-2021-3679

A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service...

5.5CVSS6.1AI score0.01289EPSS
CVE
CVEadded 2016/02/08 3:59 a.m.337 views

CVE-2016-0728

The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.

7.8CVSS6.5AI score0.55395EPSS
CVE
CVEadded 2019/10/07 12:15 a.m.337 views

CVE-2019-17267

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.

9.8CVSS9.1AI score0.01357EPSS
CVE
CVEadded 2020/02/02 2:15 p.m.337 views

CVE-2019-20446

In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.

6.5CVSS6.3AI score0.01495EPSS
CVE
CVEadded 2020/04/15 2:15 p.m.337 views

CVE-2020-2830

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multipl...

5.3CVSS5AI score0.0018EPSS
CVE
CVEadded 2020/01/09 10:15 p.m.337 views

CVE-2020-5504

In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.

8.8CVSS8.6AI score0.19756EPSS
CVE
CVEadded 2021/03/19 4:15 a.m.337 views

CVE-2021-25290

An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.

7.5CVSS8.3AI score0.00185EPSS
CVE
CVEadded 2022/01/01 5:15 a.m.337 views

CVE-2021-44716

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.

7.5CVSS7.6AI score0.0008EPSS
CVE
CVEadded 2018/12/17 7:29 a.m.336 views

CVE-2018-20169

An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.

7.2CVSS6.7AI score0.00075EPSS
CVE
CVEadded 2020/05/04 3:15 p.m.336 views

CVE-2020-10933

An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous v...

5.3CVSS6.1AI score0.00288EPSS
CVE
CVEadded 2022/02/09 11:15 p.m.336 views

CVE-2022-0530

A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.

5.5CVSS5.3AI score0.00123EPSS
CVE
CVEadded 2012/10/17 12:55 a.m.335 views

CVE-2012-3163

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.

9CVSS4.2AI score0.00866EPSS
CVE
CVEadded 2019/09/27 7:15 p.m.335 views

CVE-2019-9278

In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID...

8.8CVSS8.5AI score0.04889EPSS
CVE
CVEadded 2020/05/19 2:15 p.m.335 views

CVE-2020-12662

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

7.5CVSS7.5AI score0.14036EPSS
CVE
CVEadded 2021/02/26 11:15 p.m.335 views

CVE-2020-27618

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a deni...

5.5CVSS6.5AI score0.00644EPSS
CVE
CVEadded 2020/02/04 8:15 p.m.335 views

CVE-2020-8449

An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.

7.5CVSS7.4AI score0.09391EPSS
CVE
CVEadded 2021/02/26 3:15 a.m.335 views

CVE-2021-23961

Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox

7.4CVSS6.8AI score0.00417EPSS
CVE
CVEadded 2021/03/11 10:15 p.m.334 views

CVE-2021-28153

An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the syml...

5.3CVSS5.6AI score0.00444EPSS
CVE
CVEadded 2021/07/22 6:15 p.m.334 views

CVE-2021-36222

ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.

7.5CVSS7.4AI score0.05576EPSS
CVE
CVEadded 2022/02/09 11:15 p.m.334 views

CVE-2022-0529

A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.

5.5CVSS5.3AI score0.00236EPSS
Total number of security vulnerabilities9110