Lucene search

K
DebianDebian Linux4.0

178 matches found

CVE
CVE
added 2009/11/09 5:30 p.m.1166 views

CVE-2009-3555

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple ...

5.8CVSS6AI score0.04134EPSS
CVE
CVE
added 2009/03/26 2:30 p.m.1005 views

CVE-2009-1151

Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.

9.8CVSS7.5AI score0.9339EPSS
CVE
CVE
added 2009/07/10 3:30 p.m.872 views

CVE-2009-1891

The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).

7.1CVSS7.3AI score0.20931EPSS
CVE
CVE
added 2009/07/05 4:30 p.m.693 views

CVE-2009-1890

The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of servic...

7.1CVSS7.2AI score0.2152EPSS
CVE
CVE
added 2009/09/08 6:30 p.m.516 views

CVE-2009-3095

The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pa...

5CVSS9.4AI score0.03989EPSS
CVE
CVE
added 2008/05/13 5:20 p.m.446 views

CVE-2008-0166

OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.

7.8CVSS6.3AI score0.05512EPSS
CVE
CVE
added 2009/06/08 1:0 a.m.333 views

CVE-2009-1955

The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number ...

7.5CVSS6.9AI score0.03662EPSS
CVE
CVE
added 2009/09/15 10:30 p.m.288 views

CVE-2009-2629

Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.

7.5CVSS7.3AI score0.81297EPSS
CVE
CVE
added 2008/05/05 4:20 p.m.274 views

CVE-2008-2079

MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory...

4.6CVSS7.4AI score0.00564EPSS
CVE
CVE
added 2009/04/17 2:30 p.m.203 views

CVE-2009-1185

udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.

7.2CVSS7.4AI score0.86494EPSS
CVE
CVE
added 2007/04/24 8:19 p.m.194 views

CVE-2007-2138

Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "sear...

6CVSS8.5AI score0.01282EPSS
CVE
CVE
added 2009/08/06 3:30 p.m.183 views

CVE-2009-2625

XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as ...

5CVSS6.1AI score0.00326EPSS
CVE
CVE
added 2009/08/14 3:16 p.m.177 views

CVE-2009-2692

The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on ...

7.8CVSS7.6AI score0.18141EPSS
CVE
CVE
added 2009/09/08 6:30 p.m.162 views

CVE-2009-3094

The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.

2.6CVSS6.4AI score0.02833EPSS
CVE
CVE
added 2007/12/20 1:46 a.m.161 views

CVE-2007-6353

Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.

7.5CVSS7.4AI score0.0234EPSS
CVE
CVE
added 2009/12/30 9:30 p.m.124 views

CVE-2009-4484

Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary code ...

7.5CVSS7.7AI score0.72085EPSS
CVE
CVE
added 2008/07/07 11:41 p.m.121 views

CVE-2008-2371

Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches.

7.5CVSS9.2AI score0.03613EPSS
CVE
CVE
added 2008/05/29 4:32 p.m.119 views

CVE-2008-1105

Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response.

7.5CVSS7.8AI score0.9044EPSS
CVE
CVE
added 2007/05/10 12:19 a.m.118 views

CVE-2007-2583

The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference.

4CVSS5.8AI score0.03526EPSS
CVE
CVE
added 2010/02/16 7:30 p.m.114 views

CVE-2009-2950

Heap-based buffer overflow in the GIFLZWDecompressor::GIFLZWDecompressor function in filter.vcl/lgif/decode.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, related to LZW decom...

9.3CVSS7.1AI score0.22964EPSS
CVE
CVE
added 2008/04/18 5:5 p.m.113 views

CVE-2008-1887

Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow.

9.3CVSS7.7AI score0.02322EPSS
CVE
CVE
added 2008/10/03 5:41 p.m.113 views

CVE-2008-4360

mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a ....

7.5CVSS6.3AI score0.01139EPSS
CVE
CVE
added 2009/08/11 6:30 p.m.113 views

CVE-2009-2416

Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Cod...

6.5CVSS6.7AI score0.00296EPSS
CVE
CVE
added 2008/01/18 11:0 p.m.112 views

CVE-2007-6427

The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990.

9.3CVSS9.8AI score0.04015EPSS
CVE
CVE
added 2008/09/12 4:56 p.m.111 views

CVE-2008-3529

Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.

10CVSS7.3AI score0.58863EPSS
CVE
CVE
added 2009/06/09 5:30 p.m.111 views

CVE-2009-0949

The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED ta...

7.5CVSS7AI score0.15376EPSS
CVE
CVE
added 2010/02/16 7:30 p.m.111 views

CVE-2009-2949

Integer overflow in the XPMReader::ReadXPM function in filter.vcl/ixpm/svt_xpmread.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to execute arbitrary code via a crafted XPM file that triggers a heap-based buffer overflow.

9.3CVSS6.9AI score0.50178EPSS
CVE
CVE
added 2010/02/16 7:30 p.m.111 views

CVE-2009-3302

filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTSetBrc table property modifier in a Word document, related to a "boundary error flaw."

9.3CVSS7AI score0.42759EPSS
CVE
CVE
added 2010/02/16 7:30 p.m.109 views

CVE-2009-3301

Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTDefTable table property modifier in a Word document.

9.3CVSS7AI score0.42759EPSS
CVE
CVE
added 2010/01/12 5:30 p.m.109 views

CVE-2009-4538

drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a related issue to CVE-2009-4537.

10CVSS6.8AI score0.03723EPSS
CVE
CVE
added 2008/10/03 5:41 p.m.107 views

CVE-2008-4359

lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data.

7.5CVSS6.3AI score0.00512EPSS
CVE
CVE
added 2009/07/16 3:30 p.m.106 views

CVE-2009-1895

The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PER_CLEAR_ON_SETID setting that does not clear the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to (1) conduc...

7.2CVSS5.5AI score0.0006EPSS
CVE
CVE
added 2007/05/16 1:19 a.m.104 views

CVE-2007-2691

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.

4.9CVSS6AI score0.01016EPSS
CVE
CVE
added 2007/05/09 12:19 a.m.102 views

CVE-2007-1864

Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors.

7.5CVSS7.6AI score0.04837EPSS
CVE
CVE
added 2007/09/05 1:17 a.m.102 views

CVE-2007-4476

Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."

7.5CVSS7.5AI score0.11809EPSS
CVE
CVE
added 2007/12/04 12:46 a.m.100 views

CVE-2007-6206

The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information...

2.1CVSS5.2AI score0.00076EPSS
CVE
CVE
added 2008/05/16 12:54 p.m.100 views

CVE-2008-2136

Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3 allows remote attackers to cause a denial of service (memory consumption) via network traffic to a Simple Internet Transition (SIT) tunnel interface, related to the pskb_may_pull ...

7.8CVSS5.9AI score0.14973EPSS
CVE
CVE
added 2009/11/20 5:30 p.m.100 views

CVE-2009-3080

Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.

7.2CVSS7AI score0.0007EPSS
CVE
CVE
added 2010/01/12 5:30 p.m.100 views

CVE-2009-4536

drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafte...

7.8CVSS7AI score0.10763EPSS
CVE
CVE
added 2008/03/27 11:44 p.m.96 views

CVE-2008-1531

The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active S...

4.3CVSS6.1AI score0.03615EPSS
CVE
CVE
added 2009/03/25 1:30 a.m.95 views

CVE-2009-1072

nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.

4.9CVSS4.4AI score0.00801EPSS
CVE
CVE
added 2009/02/22 10:30 p.m.94 views

CVE-2009-0040

The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uniniti...

6.8CVSS8.1AI score0.03942EPSS
CVE
CVE
added 2009/03/06 11:30 a.m.94 views

CVE-2009-0834

The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted...

3.6CVSS4.6AI score0.00104EPSS
CVE
CVE
added 2008/05/07 9:20 p.m.92 views

CVE-2008-2108

The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against protect...

9.8CVSS9.4AI score0.04738EPSS
CVE
CVE
added 2008/06/10 12:32 a.m.91 views

CVE-2008-1673

The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of ...

10CVSS6.8AI score0.18359EPSS
CVE
CVE
added 2008/11/13 11:30 a.m.91 views

CVE-2008-5014

jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.proto .proto object in a way that ca...

10CVSS9.9AI score0.1605EPSS
CVE
CVE
added 2008/11/13 11:30 a.m.91 views

CVE-2008-5018

The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to "insufficient class checking" in the Date class.

10CVSS9.2AI score0.12478EPSS
CVE
CVE
added 2009/11/24 12:30 a.m.91 views

CVE-2009-4017

PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusi...

5CVSS9AI score0.01304EPSS
CVE
CVE
added 2007/09/04 10:17 p.m.90 views

CVE-2007-4657

Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE:...

7.5CVSS7.5AI score0.06909EPSS
CVE
CVE
added 2009/08/05 7:30 p.m.90 views

CVE-2009-2687

The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353.

4.3CVSS6.4AI score0.1227EPSS
Total number of security vulnerabilities178