Lucene search

K
DebianDebian Linux

9117 matches found

CVE
CVE
added 2021/02/22 2:15 a.m.142 views

CVE-2021-26120

Smarty before 3.1.39 allows code injection via an unexpected function name after a {function name= substring.

9.8CVSS9.4AI score0.7884EPSS
CVE
CVE
added 2021/02/14 4:15 a.m.142 views

CVE-2021-26929

An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used). The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, because bespoke ...

6.1CVSS5.8AI score0.02965EPSS
CVE
CVE
added 2021/12/30 10:15 p.m.142 views

CVE-2021-4184

Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file

7.5CVSS7.4AI score0.00037EPSS
CVE
CVE
added 2022/04/05 2:15 a.m.142 views

CVE-2021-43008

Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database.

7.5CVSS7.2AI score0.8364EPSS
CVE
CVE
added 2022/02/16 9:15 p.m.142 views

CVE-2021-43303

Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker-controlled 'buffer' argument may cause a buffer overflow, since supplying an output buffer smaller than 128 characters may overflow the output buffer, regardless of the 'maxlen' argument supplied

9.8CVSS9.5AI score0.00412EPSS
CVE
CVE
added 2022/03/10 8:15 p.m.142 views

CVE-2022-23040

Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backe...

7CVSS7.3AI score0.00073EPSS
CVE
CVE
added 2022/03/06 6:15 a.m.142 views

CVE-2022-26495

In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO,...

9.8CVSS9.4AI score0.00333EPSS
CVE
CVE
added 2022/03/10 5:47 p.m.142 views

CVE-2022-26662

An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6....

7.5CVSS7.2AI score0.04112EPSS
CVE
CVE
added 2022/04/27 2:15 p.m.142 views

CVE-2022-27239

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

7.8CVSS7.7AI score0.00103EPSS
CVE
CVE
added 2022/09/01 6:15 p.m.142 views

CVE-2022-3061

Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn't check the value of 'pixclock', so it may cause a divide by zero error.

5.5CVSS6.2AI score0.00031EPSS
CVE
CVE
added 2022/10/21 11:15 a.m.142 views

CVE-2022-3635

A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 i...

7CVSS6.4AI score0.00009EPSS
CVE
CVE
added 2023/04/10 10:15 p.m.142 views

CVE-2023-1668

A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildca...

8.2CVSS7.7AI score0.00076EPSS
CVE
CVE
added 2023/05/03 12:15 a.m.142 views

CVE-2023-2460

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium)

7.1CVSS6.7AI score0.00023EPSS
CVE
CVE
added 2023/05/16 7:15 p.m.142 views

CVE-2023-2723

Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.14058EPSS
CVE
CVE
added 2014/04/16 1:55 a.m.141 views

CVE-2014-0457

Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

10CVSS6.5AI score0.10872EPSS
CVE
CVE
added 2020/01/27 4:15 p.m.141 views

CVE-2014-8161

PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.

4.3CVSS6.2AI score0.00372EPSS
CVE
CVE
added 2015/08/31 10:59 a.m.141 views

CVE-2015-3214

The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.

6.9CVSS6.1AI score0.0147EPSS
CVE
CVE
added 2015/10/21 9:59 p.m.141 views

CVE-2015-4792

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802.

1.7CVSS5.2AI score0.01015EPSS
CVE
CVE
added 2016/01/26 7:59 p.m.141 views

CVE-2015-7974

NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."

7.7CVSS7.6AI score0.03667EPSS
CVE
CVE
added 2016/02/25 1:59 a.m.141 views

CVE-2016-0706

Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManag...

4.3CVSS6.3AI score0.0032EPSS
CVE
CVE
added 2016/05/17 2:8 p.m.141 views

CVE-2016-3627

The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.

7.5CVSS7AI score0.00263EPSS
CVE
CVE
added 2017/04/11 4:59 p.m.141 views

CVE-2016-4483

The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.

7.5CVSS7.2AI score0.0127EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.141 views

CVE-2017-5376

Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox

9.8CVSS9AI score0.02031EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.141 views

CVE-2017-5447

An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Fire...

9.1CVSS7.9AI score0.27954EPSS
CVE
CVE
added 2017/05/18 2:29 p.m.141 views

CVE-2017-9064

In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials.

8.8CVSS8.6AI score0.01222EPSS
CVE
CVE
added 2017/06/21 7:29 a.m.141 views

CVE-2017-9766

In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c.

7.5CVSS7.1AI score0.00889EPSS
CVE
CVE
added 2018/04/16 9:58 a.m.141 views

CVE-2018-10101

Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server.

6.1CVSS6.1AI score0.06979EPSS
CVE
CVE
added 2018/04/26 5:29 a.m.141 views

CVE-2018-10393

bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.

7.5CVSS7.9AI score0.00351EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.141 views

CVE-2018-12367

In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could be used as a precision timer. This vulnerability ...

4.3CVSS5.2AI score0.00737EPSS
CVE
CVE
added 2018/10/31 8:29 p.m.141 views

CVE-2018-14661

It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service.

6.5CVSS6.9AI score0.03273EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.141 views

CVE-2018-5096

A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Thunderbird

9.8CVSS9.2AI score0.01646EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.141 views

CVE-2018-5097

A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, a...

9.8CVSS9.3AI score0.22107EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.141 views

CVE-2018-5154

A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR

9.8CVSS7AI score0.03792EPSS
CVE
CVE
added 2020/04/14 1:15 p.m.141 views

CVE-2020-11739

An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service or possibly gain privileges because of missing memory barriers in read-write unlock paths. The read-write unlock paths don't contain a memory barrier. On Arm, this means a processor is allowed to re-...

7.8CVSS8.2AI score0.00053EPSS
CVE
CVE
added 2020/08/13 3:15 a.m.141 views

CVE-2020-16307

A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51.

5.5CVSS5.7AI score0.01336EPSS
CVE
CVE
added 2021/06/02 6:15 p.m.141 views

CVE-2020-22054

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in dict.c.

6.5CVSS7.4AI score0.01553EPSS
CVE
CVE
added 2020/12/15 6:15 p.m.141 views

CVE-2020-29484

An issue was discovered in Xen through 4.14.x. When a Xenstore watch fires, the xenstore client that registered the watch will receive a Xenstore message containing the path of the modified Xenstore entry that triggered the watch, and the tag that was specified when registering the watch. Any commu...

6CVSS6.7AI score0.00064EPSS
CVE
CVE
added 2020/01/13 7:15 p.m.141 views

CVE-2020-5390

PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). The signature information and the node/object that is signed can be in different places and thus the signature verif...

7.5CVSS7.3AI score0.00665EPSS
CVE
CVE
added 2021/04/26 5:15 p.m.141 views

CVE-2021-21214

Use after free in Network API in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.

8.8CVSS9AI score0.01094EPSS
CVE
CVE
added 2021/05/11 5:15 p.m.141 views

CVE-2021-29509

Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same proc...

7.5CVSS6.1AI score0.00363EPSS
CVE
CVE
added 2021/04/06 6:15 a.m.141 views

CVE-2021-30151

Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.

6.1CVSS6AI score0.19112EPSS
CVE
CVE
added 2021/08/09 6:15 p.m.141 views

CVE-2021-34334

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of serv...

5.5CVSS5.8AI score0.00113EPSS
CVE
CVE
added 2021/10/08 10:15 p.m.141 views

CVE-2021-37970

Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.02501EPSS
CVE
CVE
added 2021/11/02 10:15 p.m.141 views

CVE-2021-37981

Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

9.6CVSS9AI score0.01622EPSS
CVE
CVE
added 2021/12/08 10:15 p.m.141 views

CVE-2021-43534

Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects F...

8.8CVSS9.4AI score0.01788EPSS
CVE
CVE
added 2022/06/02 2:15 p.m.141 views

CVE-2022-1419

The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in vgem_gem_dumb_create ) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object.

7.8CVSS7.5AI score0.00016EPSS
CVE
CVE
added 2022/05/27 9:15 a.m.141 views

CVE-2022-1898

Use After Free in GitHub repository vim/vim prior to 8.2.

7.8CVSS7.8AI score0.00187EPSS
CVE
CVE
added 2022/06/24 3:15 p.m.141 views

CVE-2022-32209

Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XS...

6.1CVSS6AI score0.04955EPSS
CVE
CVE
added 2023/09/09 3:15 p.m.141 views

CVE-2023-4874

Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2

6.5CVSS5.2AI score0.00111EPSS
CVE
CVE
added 2024/04/17 10:15 a.m.141 views

CVE-2024-26843

In the Linux kernel, the following vulnerability has been resolved: efi: runtime: Fix potential overflow of soft-reserved region size md_size will have been narrowed if we have >= 4GB worth of pages in asoft-reserved region.

6CVSS6.7AI score0.00006EPSS
Total number of security vulnerabilities9117