Lucene search

K

23 matches found

CVE
CVE
added 2024/02/20 2:15 p.m.4642 views

CVE-2024-1553

Memory safety bugs present in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 123, Firefox ESR...

8.1CVSS8.5AI score0.00552EPSS
CVE
CVE
added 2023/04/18 8:15 p.m.644 views

CVE-2023-21930

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vul...

7.4CVSS7.4AI score0.00134EPSS
CVE
CVE
added 2023/09/21 7:15 p.m.625 views

CVE-2023-41993

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

8.8CVSS8.8AI score0.08952EPSS
CVE
CVE
added 2023/05/25 11:15 p.m.605 views

CVE-2023-32067

c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shu...

7.5CVSS7.6AI score0.00323EPSS
CVE
CVE
added 2016/05/05 6:59 p.m.490 views

CVE-2016-3714

The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."

10CVSS8AI score0.93863EPSS
CVE
CVE
added 2021/10/20 11:16 a.m.293 views

CVE-2021-35564

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Keytool). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated ...

5.3CVSS5AI score0.00081EPSS
CVE
CVE
added 2021/10/08 2:15 p.m.239 views

CVE-2021-41133

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct access to AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services into...

8.8CVSS7AI score0.00061EPSS
CVE
CVE
added 2023/04/11 9:15 p.m.195 views

CVE-2023-1989

A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.

7.1CVSS6.9AI score0.00016EPSS
CVE
CVE
added 2018/11/12 3:29 p.m.124 views

CVE-2018-19200

An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function.

7.5CVSS8.2AI score0.01186EPSS
CVE
CVE
added 2015/04/21 10:59 a.m.106 views

CVE-2015-2041

net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry.

4.6CVSS5.8AI score0.00058EPSS
CVE
CVE
added 2015/05/27 10:59 a.m.73 views

CVE-2015-3332

A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL w...

4.9CVSS6.3AI score0.00126EPSS
CVE
CVE
added 2014/03/14 3:55 p.m.69 views

CVE-2013-6474

Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file.

6.8CVSS7.7AI score0.06652EPSS
CVE
CVE
added 2014/02/05 7:55 p.m.67 views

CVE-2011-4613

The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY.

4.6CVSS6AI score0.00072EPSS
CVE
CVE
added 2007/12/18 12:46 a.m.65 views

CVE-2007-6418

The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the MySQL dspam database password in a command line argument, which might allow local users to read the password by listing the process and its arguments.

2.1CVSS6.2AI score0.00057EPSS
CVE
CVE
added 2014/03/14 3:55 p.m.62 views

CVE-2013-6475

Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers a heap-based buffer overflow.

6.8CVSS7.5AI score0.05196EPSS
CVE
CVE
added 2016/06/16 6:59 p.m.61 views

CVE-2016-3062

The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.

8.8CVSS8.7AI score0.02512EPSS
CVE
CVE
added 2012/08/07 7:55 p.m.56 views

CVE-2012-2317

The Debian php_crypt_revamped.patch patch for PHP 5.3.x, as used in the php5 package before 5.3.3-7+squeeze4 in Debian GNU/Linux squeeze, the php5 package before 5.3.2-1ubuntu4.17 in Ubuntu 10.04 LTS, and the php5 package before 5.3.5-1ubuntu7.10 in Ubuntu 11.04, does not properly handle an empty s...

4.3CVSS7.2AI score0.00974EPSS
CVE
CVE
added 2014/03/14 3:55 p.m.55 views

CVE-2013-6476

The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file.

4.4CVSS6.2AI score0.00115EPSS
CVE
CVE
added 2011/03/25 7:55 p.m.54 views

CVE-2011-1400

The default configuration of the shell_escape_commands directive in conf/texmf.d/95NonPath.cnf in the tex-common package before 2.08.1 in Debian GNU/Linux squeeze, Ubuntu 10.10 and 10.04 LTS, and possibly other operating systems lists certain programs, which might allow remote attackers to execute ...

6.8CVSS7.5AI score0.02148EPSS
CVE
CVE
added 2001/06/27 4:0 a.m.50 views

CVE-2001-0441

Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header.

7.5CVSS7.8AI score0.01437EPSS
CVE
CVE
added 2009/05/06 5:30 p.m.49 views

CVE-2009-1573

xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments.

4.6CVSS6.5AI score0.00061EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.42 views

CVE-2001-0763

Buffer overflow in Linux xinetd 2.1.8.9pre11-1 and earlier may allow remote attackers to execute arbitrary code via a long ident response, which is not properly handled by the svc_logprint function.

7.5CVSS7.9AI score0.25353EPSS
CVE
CVE
added 2001/09/18 4:0 a.m.41 views

CVE-2001-0430

Vulnerability in exuberant-ctags before 3.2.4-0.1 insecurely creates temporary files.

3.6CVSS6.5AI score0.00261EPSS