Lucene search

K
DebianDebian Linux3.1

109 matches found

CVE
CVE
added 2008/01/09 9:46 p.m.71 views

CVE-2007-6601

The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fi...

7.2CVSS6.8AI score0.00584EPSS
CVE
CVE
added 2005/08/15 4:0 a.m.70 views

CVE-2005-2498

Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should n...

7.5CVSS9.8AI score0.86898EPSS
CVE
CVE
added 2007/10/30 10:46 p.m.70 views

CVE-2007-1321

Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 "receive" integer signedness error. NOTE: this identifier was ...

7.2CVSS6.8AI score0.00145EPSS
CVE
CVE
added 2007/05/02 5:19 p.m.69 views

CVE-2007-1322

QEMU 0.8.2 allows local users to halt a virtual machine by executing the icebp instruction.

2.1CVSS5.7AI score0.00114EPSS
CVE
CVE
added 2005/05/19 4:0 a.m.68 views

CVE-2005-1260

bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").

5CVSS7.1AI score0.09796EPSS
CVE
CVE
added 2005/07/26 4:0 a.m.68 views

CVE-2005-1920

The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could allow local users and possibly remote attackers to obtain sensitive information.

7.5CVSS7.3AI score0.02823EPSS
CVE
CVE
added 2005/10/12 1:4 p.m.68 views

CVE-2005-3181

The audit system in Linux kernel 2.6.6, and other versions before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, uses an incorrect function to free names_cache memory, which prevents the memory from being tracked by AUDITSYSCALL code and leads to a memory leak that allows attackers to cause a denia...

2.1CVSS5.1AI score0.00153EPSS
CVE
CVE
added 2006/03/15 7:6 p.m.67 views

CVE-2006-1244

Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) J...

7.6CVSS6.6AI score0.07223EPSS
CVE
CVE
added 2005/08/23 4:0 a.m.66 views

CVE-2005-2459

The huft_build function in inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 returns the wrong value, which allows remote attackers to cause a denial of service (kernel crash) via a certain compressed file that leads to a null pointer dereference, a different vulnerability than CVE...

5CVSS5.9AI score0.12945EPSS
CVE
CVE
added 2005/08/16 4:0 a.m.66 views

CVE-2005-2555

Linux kernel 2.6.x does not properly restrict socket policy access to users with the CAP_NET_ADMIN capability, which could allow local users to conduct unauthorized activities via (1) ipv4/ip_sockglue.c and (2) ipv6/ipv6_sockglue.c.

4.6CVSS5.3AI score0.00093EPSS
CVE
CVE
added 2006/05/30 7:2 p.m.66 views

CVE-2006-2661

ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference.

5CVSS6.1AI score0.10345EPSS
CVE
CVE
added 2007/04/06 1:19 a.m.66 views

CVE-2007-0956

The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.

10CVSS9.6AI score0.9135EPSS
CVE
CVE
added 2007/10/30 10:46 p.m.66 views

CVE-2007-5729

The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the MTU to the EN0_TCNT register, which triggers a heap-based buffer overflow in the slirp library, aka NE2000 "mtu" heap overflow. NOTE: some sources have used CVE-2007...

7.2CVSS7.2AI score0.00145EPSS
CVE
CVE
added 2005/08/04 4:0 a.m.65 views

CVE-2005-2456

Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c in Linux kernel 2.6 allows local users to cause a denial of service (oops or deadlock) and possibly execute arbitrary code via a p->dir value that is larger than XFRM_POLICY_OUT, which is used as an index in the sock->s...

5.5CVSS6.8AI score0.00116EPSS
CVE
CVE
added 2005/09/26 7:3 p.m.65 views

CVE-2005-3055

Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial of service (kernel OOPS) via a userspace process that issues a USB Request Block (URB) to a USB device and terminates before the URB is finished, which leads to a stale pointer reference.

2.1CVSS4.9AI score0.0009EPSS
CVE
CVE
added 2006/04/14 10:2 a.m.65 views

CVE-2006-1531

Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the ...

7.5CVSS7.4AI score0.30625EPSS
CVE
CVE
added 2007/02/16 7:28 p.m.65 views

CVE-2007-0897

Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return ...

7.5CVSS7.3AI score0.05072EPSS
CVE
CVE
added 2007/06/11 10:30 p.m.64 views

CVE-2007-2875

Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file.

2.1CVSS5.5AI score0.00094EPSS
CVE
CVE
added 2006/11/22 1:7 a.m.63 views

CVE-2006-5868

Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image.

9.3CVSS6.2AI score0.01166EPSS
CVE
CVE
added 2007/05/02 5:19 p.m.63 views

CVE-2007-1366

QEMU 0.8.2 allows local users to crash a virtual machine via the divisor operand to the aam instruction, as demonstrated by "aam 0x0," which triggers a divide-by-zero error.

2.1CVSS5.7AI score0.00088EPSS
CVE
CVE
added 2007/10/11 10:17 a.m.63 views

CVE-2007-5365

Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum ...

7.2CVSS7.8AI score0.41631EPSS
CVE
CVE
added 2006/04/18 8:2 p.m.62 views

CVE-2006-1753

A cron job in fcheck before 2.7.59 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

3.6CVSS6AI score0.00064EPSS
CVE
CVE
added 2007/09/18 9:17 p.m.62 views

CVE-2007-2834

Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of me...

9.3CVSS7.7AI score0.10713EPSS
CVE
CVE
added 2005/09/28 9:3 p.m.61 views

CVE-2005-2557

Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090.

4.3CVSS5.4AI score0.08432EPSS
CVE
CVE
added 2006/08/21 9:4 p.m.61 views

CVE-2006-4093

Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on PowerPC PPC970 systems allows local users to cause a denial of service (crash) related to the "HID0 attention enable on PPC970 at boot time."

4.9CVSS7AI score0.00062EPSS
CVE
CVE
added 2005/07/18 4:0 a.m.60 views

CVE-2005-1689

Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions.

9.8CVSS9.7AI score0.55203EPSS
CVE
CVE
added 2005/10/21 1:2 a.m.60 views

CVE-2005-3274

Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 before 2.4.32-pre2, when running on SMP systems, allows local users to cause a denial of service (null dereference) by causing a connection timer to expire while the connection table is being flushed before the appropriate lock i...

4.7CVSS5.5AI score0.00126EPSS
CVE
CVE
added 2005/12/12 9:3 p.m.60 views

CVE-2005-4178

Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations.

6.5CVSS7.3AI score0.01719EPSS
CVE
CVE
added 2008/03/19 10:44 a.m.60 views

CVE-2008-0063

The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."

7.5CVSS8.6AI score0.04745EPSS
CVE
CVE
added 2006/12/20 1:28 a.m.59 views

CVE-2006-6500

Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by setting the CSS cursor to certain images that cause an i...

6.8CVSS7.7AI score0.36685EPSS
CVE
CVE
added 2007/01/19 2:28 a.m.59 views

CVE-2006-6942

Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the newname parameter to db_o...

6.8CVSS5.6AI score0.01846EPSS
CVE
CVE
added 2007/02/26 8:28 p.m.58 views

CVE-2007-0778

The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 can generate hash collisions that cause page data to be appended to the wrong page cache, which allows remote attackers to obtain sensitive information or enable further attack vectors when ...

5.4CVSS5.7AI score0.01036EPSS
CVE
CVE
added 2007/11/30 1:46 a.m.58 views

CVE-2007-6170

SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments.

6.5CVSS7.6AI score0.00369EPSS
CVE
CVE
added 2005/07/06 4:0 a.m.57 views

CVE-2005-1916

linki.py in ekg 2005-06-05 and earlier allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.

5.5CVSS5.5AI score0.00042EPSS
CVE
CVE
added 2005/09/30 10:5 a.m.57 views

CVE-2005-3106

Race condition in Linux 2.6, when threads are sharing memory mapping via CLONE_VM (such as linuxthreads and vfork), might allow local users to cause a denial of service (deadlock) by triggering a core dump while waiting for a thread that has just performed an exec.

4.7CVSS4.8AI score0.00078EPSS
CVE
CVE
added 2005/10/27 10:2 a.m.57 views

CVE-2005-3323

docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows remote attackers to include arbitrary files via include directives in RestructuredText functionality.

7.5CVSS6.4AI score0.02297EPSS
CVE
CVE
added 2006/02/18 9:2 p.m.57 views

CVE-2006-0042

Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers to cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.

5CVSS6.2AI score0.07081EPSS
CVE
CVE
added 2006/08/31 9:4 p.m.57 views

CVE-2006-4482

Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990.

9.3CVSS6.7AI score0.03727EPSS
CVE
CVE
added 2007/05/14 9:19 p.m.57 views

CVE-2007-2650

The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file.

4.3CVSS6.1AI score0.0398EPSS
CVE
CVE
added 2008/01/12 2:46 a.m.56 views

CVE-2007-6284

The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.

5CVSS5.9AI score0.05559EPSS
CVE
CVE
added 2005/10/24 10:2 a.m.55 views

CVE-2005-3302

Eval injection vulnerability in bvh_import.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call.

7.5CVSS7.3AI score0.04914EPSS
CVE
CVE
added 2006/12/12 12:28 a.m.53 views

CVE-2006-5873

Buffer overflow in the cluster_process_heartbeat function in cluster.c in layer 2 tunneling protocol network server (l2tpns) before 2.1.21 allows remote attackers to cause a denial of service via a large heartbeat packet.

7.8CVSS6.6AI score0.01455EPSS
CVE
CVE
added 2007/10/30 10:46 p.m.53 views

CVE-2007-5730

Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code via crafted data in the "net socket listen" option, aka QEMU "net socket" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "N...

7.2CVSS7.2AI score0.00139EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.52 views

CVE-2005-1111

Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.

4.7CVSS4.4AI score0.00075EPSS
CVE
CVE
added 2005/11/27 12:3 a.m.52 views

CVE-2005-3847

The handle_stop_signal function in signal.c in Linux kernel 2.6.11 up to other versions before 2.6.13 and 2.6.12.6 allows local users to cause a denial of service (deadlock) by sending a SIGKILL to a real-time threaded process while it is performing a core dump.

5.5CVSS5.1AI score0.00067EPSS
CVE
CVE
added 2005/08/30 11:45 a.m.51 views

CVE-2005-1855

Backup Manager (backup-manager) before 0.5.8 creates backup files with world-readable default permissions, which allows local users to obtain sensitive information.

2.1CVSS5.8AI score0.00059EPSS
CVE
CVE
added 2006/04/25 12:50 p.m.50 views

CVE-2006-2016

Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope p...

2.6CVSS5.5AI score0.25074EPSS
CVE
CVE
added 2007/04/10 6:19 p.m.50 views

CVE-2006-4250

Buffer overflow in man and mandb (man-db) 2.4.3 and earlier allows local users to execute arbitrary code via crafted arguments to the -H flag.

4.6CVSS7.1AI score0.00315EPSS
CVE
CVE
added 2008/01/04 2:46 a.m.50 views

CVE-2007-6599

Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list operat...

4.3CVSS6.3AI score0.01346EPSS
CVE
CVE
added 2005/10/05 7:2 p.m.48 views

CVE-2005-2960

cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137.

2.1CVSS6AI score0.00074EPSS
Total number of security vulnerabilities109