Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
DebianDebian Linux11.0

1282 matches found

CVE
CVEadded 2022/07/06 7:15 p.m.115 views

CVE-2022-2318

There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.

5.5CVSS6.8AI score0.00073EPSS
CVE
CVEadded 2022/06/27 10:15 p.m.115 views

CVE-2022-31090

Guzzle, an extensible PHP HTTP client. Authorization headers on requests are sensitive information. In affected versions when using our Curl handler, it is possible to use the CURLOPT_HTTPAUTH option to specify an Authorization header. On making a request which responds with a redirect to a URI wit...

7.7CVSS7.4AI score0.04306EPSS
CVE
CVEadded 2023/11/15 6:15 p.m.115 views

CVE-2023-5997

Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.008EPSS
CVE
CVEadded 2021/11/02 10:15 p.m.114 views

CVE-2021-37985

Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had convinced a user to allow for connection to debugger to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.01094EPSS
CVE
CVEadded 2021/11/02 10:15 p.m.114 views

CVE-2021-37995

Inappropriate implementation in WebApp Installer in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially overlay and spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

6.5CVSS6.4AI score0.00355EPSS
CVE
CVEadded 2021/12/23 1:15 a.m.114 views

CVE-2021-38010

Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.

6.5CVSS6.5AI score0.00357EPSS
CVE
CVEadded 2022/01/31 8:15 a.m.114 views

CVE-2021-45079

In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.

9.1CVSS9.1AI score0.0006EPSS
CVE
CVEadded 2022/01/01 12:15 a.m.114 views

CVE-2021-45949

Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp).

5.5CVSS5.7AI score0.00035EPSS
CVE
CVEadded 2022/04/05 1:15 p.m.114 views

CVE-2022-26357

race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain ID associating a physical device with a particular domain. Therefore internally Xen domain IDs are mapped to the smaller value range. The cleaning up of the hous...

7CVSS6.9AI score0.00012EPSS
CVE
CVEadded 2022/03/10 5:48 p.m.114 views

CVE-2022-26846

SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code.

8.8CVSS8.6AI score0.00834EPSS
CVE
CVEadded 2022/04/20 11:15 p.m.114 views

CVE-2022-29536

In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.

7.5CVSS7.4AI score0.00121EPSS
CVE
CVEadded 2023/04/19 4:15 a.m.114 views

CVE-2023-2135

Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

7.5CVSS8.2AI score0.00402EPSS
CVE
CVEadded 2022/04/05 1:15 p.m.113 views

CVE-2022-26356

Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram (was named HVMOP_track_dirty_vram before Xen 4.9) is racy with ongoing log dirty hypercalls. A suitably timed call to XEN_DMOP_track_dirty_vram can enable log...

5.6CVSS6AI score0.00032EPSS
CVE
CVEadded 2022/04/05 1:15 p.m.113 views

CVE-2022-26358

IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region ...

7.8CVSS7.5AI score0.0008EPSS
CVE
CVEadded 2022/05/26 4:15 p.m.113 views

CVE-2022-30785

A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite.

7.2CVSS6.7AI score0.00011EPSS
CVE
CVEadded 2023/08/15 6:15 p.m.113 views

CVE-2023-4366

Use after free in Extensions in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

8.8CVSS8.8AI score0.00143EPSS
CVE
CVEadded 2021/12/23 1:15 a.m.112 views

CVE-2021-4052

Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.

8.8CVSS8.8AI score0.00102EPSS
CVE
CVEadded 2021/12/23 1:15 a.m.112 views

CVE-2021-4054

Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

6.5CVSS6.4AI score0.00345EPSS
CVE
CVEadded 2022/05/26 4:15 p.m.112 views

CVE-2022-30789

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22.

7.8CVSS7.5AI score0.00034EPSS
CVE
CVEadded 2022/10/17 1:15 p.m.112 views

CVE-2022-3550

A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability ...

8.8CVSS7.2AI score0.00241EPSS
CVE
CVEadded 2023/02/21 4:15 p.m.112 views

CVE-2023-23009

Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length.

6.5CVSS6.2AI score0.00302EPSS
CVE
CVEadded 2021/05/25 8:15 p.m.111 views

CVE-2020-20453

FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aaccoder, which allows a remote malicious user to cause a Denial of Service

6.5CVSS7.5AI score0.0028EPSS
CVE
CVEadded 2021/11/23 10:15 p.m.111 views

CVE-2021-37997

Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allowed a remote attacker who convinced a user to sign into Chrome to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.00989EPSS
CVE
CVEadded 2021/08/12 4:15 p.m.111 views

CVE-2021-38291

FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c.

7.5CVSS8.3AI score0.00135EPSS
CVE
CVEadded 2022/01/25 2:15 p.m.111 views

CVE-2022-23033

arm: guest_physmap_remove_page not removing the p2m mappings The functions to remove one or more entries from a guest p2m pagetable on Arm (p2m_remove_mapping, guest_physmap_remove_page, and p2m_set_entry with mfn set to INVALID_MFN) do not actually clear the pagetable entry if the entry doesn't ha...

7.8CVSS7.3AI score0.00045EPSS
CVE
CVEadded 2022/08/27 12:15 p.m.110 views

CVE-2022-2787

Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session.

4.3CVSS4.5AI score0.00066EPSS
CVE
CVEadded 2021/09/09 3:15 p.m.109 views

CVE-2020-19143

Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "TIFFVGetField" funtion in the component 'libtiff/tif_dir.c'.

6.5CVSS6.2AI score0.00972EPSS
CVE
CVEadded 2021/05/25 7:15 p.m.109 views

CVE-2020-20450

FFmpeg 4.2 is affected by null pointer dereference passed as argument to libavformat/aviobuf.c, which could cause a Denial of Service.

7.5CVSS8.2AI score0.00471EPSS
CVE
CVEadded 2021/12/23 1:15 a.m.109 views

CVE-2021-4055

Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.

8.8CVSS8.7AI score0.00276EPSS
CVE
CVEadded 2021/12/23 1:15 a.m.109 views

CVE-2021-4066

Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.3AI score0.00948EPSS
CVE
CVEadded 2021/12/23 1:15 a.m.109 views

CVE-2021-4068

Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS6.2AI score0.00425EPSS
CVE
CVEadded 2022/12/09 6:15 p.m.109 views

CVE-2022-23484

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).xrdp

9.8CVSS8.8AI score0.00158EPSS
CVE
CVEadded 2022/05/25 6:15 p.m.109 views

CVE-2022-29248

Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server to...

8.1CVSS7.8AI score0.00397EPSS
CVE
CVEadded 2022/11/09 6:15 a.m.109 views

CVE-2022-45060

An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce inva...

7.5CVSS7.3AI score0.00329EPSS
CVE
CVEadded 2023/05/03 12:15 a.m.109 views

CVE-2023-2464

Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS5AI score0.00126EPSS
CVE
CVEadded 2023/06/05 9:15 p.m.109 views

CVE-2023-3111

A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag().

7.8CVSS7.4AI score0.00014EPSS
CVE
CVEadded 2021/12/23 1:15 a.m.108 views

CVE-2021-38016

Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

8.8CVSS8AI score0.00199EPSS
CVE
CVEadded 2022/04/05 1:15 p.m.108 views

CVE-2022-26359

IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region ...

7.8CVSS7.5AI score0.0008EPSS
CVE
CVEadded 2022/05/18 11:15 a.m.108 views

CVE-2022-30974

compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413.

5.5CVSS6.2AI score0.01088EPSS
CVE
CVEadded 2023/08/15 6:15 p.m.108 views

CVE-2023-4353

Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.7AI score0.01287EPSS
CVE
CVEadded 2021/11/23 10:15 p.m.107 views

CVE-2021-37999

Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page.

6.1CVSS6.4AI score0.0054EPSS
CVE
CVEadded 2021/11/22 8:15 p.m.107 views

CVE-2021-44143

A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote c...

9.8CVSS9.4AI score0.04682EPSS
CVE
CVEadded 2022/12/09 6:15 p.m.107 views

CVE-2022-23477

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).xrdp

9.8CVSS9.4AI score0.00132EPSS
CVE
CVEadded 2023/04/19 4:15 a.m.107 views

CVE-2023-2134

Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.7AI score0.00427EPSS
CVE
CVEadded 2023/12/11 12:15 p.m.107 views

CVE-2023-6185

Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run...

8.8CVSS8.9AI score0.01318EPSS
CVE
CVEadded 2022/01/10 11:15 p.m.106 views

CVE-2021-36408

An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decoding file using dec265.

5.5CVSS5.5AI score0.00093EPSS
CVE
CVEadded 2021/12/23 1:15 a.m.106 views

CVE-2021-38006

Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.01208EPSS
CVE
CVEadded 2021/12/23 1:15 a.m.106 views

CVE-2021-38008

Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.01985EPSS
CVE
CVEadded 2021/12/23 1:15 a.m.106 views

CVE-2021-38014

Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.7AI score0.01208EPSS
CVE
CVEadded 2022/12/09 6:15 p.m.106 views

CVE-2022-23482

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).xrdp

9.1CVSS6.2AI score0.00128EPSS
Total number of security vulnerabilities1282