Lucene search

K
DebianDebian Linux6.0

253 matches found

CVE
CVE
added 2014/01/07 6:55 p.m.80 views

CVE-2013-4969

Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.

2.1CVSS6.1AI score0.00045EPSS
CVE
CVE
added 2011/07/17 8:55 p.m.79 views

CVE-2011-2501

The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of erro...

6.5CVSS7AI score0.02457EPSS
CVE
CVE
added 2011/12/13 9:55 p.m.78 views

CVE-2011-3905

libxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5CVSS7.1AI score0.01327EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.78 views

CVE-2012-4182

Use-after-free vulnerability in the nsTextEditRules::WillInsert function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of serv...

9.3CVSS9.4AI score0.04752EPSS
CVE
CVE
added 2015/12/16 9:59 p.m.78 views

CVE-2015-8476

Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF sequences in an (1) email address to the validateAddress function in class.phpmailer.php or (2) SMTP command to the sendCommand function in class.smtp.php, a different vulne...

5CVSS9.6AI score0.00948EPSS
CVE
CVE
added 2010/12/22 1:0 a.m.77 views

CVE-2010-4577

The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers ...

7.5CVSS7.5AI score0.04266EPSS
CVE
CVE
added 2011/07/29 8:55 p.m.77 views

CVE-2011-2694

Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user f...

2.6CVSS4.7AI score0.03385EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.77 views

CVE-2012-4188

Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.

9.3CVSS9.6AI score0.55611EPSS
CVE
CVE
added 2014/01/18 7:55 p.m.77 views

CVE-2013-6424

Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.

5CVSS6.9AI score0.05566EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.76 views

CVE-2012-4216

Use-after-free vulnerability in the gfxFont::GetFontEntry function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service ...

9.3CVSS9AI score0.0639EPSS
CVE
CVE
added 2014/07/23 11:12 a.m.76 views

CVE-2014-1557

The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolon...

9.3CVSS9.6AI score0.01507EPSS
CVE
CVE
added 2014/04/23 3:55 p.m.76 views

CVE-2014-2983

Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate the cached data of different anonymous users, which allows remote anonymous users to obtain sensitive interim form input information in opportunistic situations via unspecified vectors.

5CVSS5.8AI score0.00434EPSS
CVE
CVE
added 2011/08/15 9:55 p.m.75 views

CVE-2011-2748

The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet.

7.8CVSS6.2AI score0.87881EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.75 views

CVE-2012-4207

The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly handle a ~ (tilde) character in proximity to a chunk delimiter, which allows remote ...

4.3CVSS7.8AI score0.01708EPSS
CVE
CVE
added 2014/10/16 12:55 a.m.75 views

CVE-2014-3686

wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame.

6.8CVSS6AI score0.04511EPSS
CVE
CVE
added 2010/03/03 7:30 p.m.74 views

CVE-2010-0205

The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of ser...

4.3CVSS8.8AI score0.08131EPSS
CVE
CVE
added 2011/07/17 8:55 p.m.74 views

CVE-2011-2691

The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) v...

6.5CVSS6.8AI score0.03384EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.74 views

CVE-2012-3986

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote attackers to bypass intended access restrictions v...

4.3CVSS9AI score0.01538EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.74 views

CVE-2012-5842

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application ...

9.3CVSS9.4AI score0.0178EPSS
CVE
CVE
added 2013/02/13 1:55 a.m.74 views

CVE-2012-6075

Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet.

9.3CVSS7.8AI score0.0597EPSS
CVE
CVE
added 2012/02/01 4:55 p.m.73 views

CVE-2012-0449

Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedde...

9.3CVSS9.9AI score0.10935EPSS
CVE
CVE
added 2012/05/17 11:0 a.m.73 views

CVE-2012-0879

The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle the CLONE_IO feature, which allows local users to cause a denial of service (I/O instability) by starting multiple processes that share an I/O context.

5.5CVSS5AI score0.00016EPSS
CVE
CVE
added 2012/06/05 10:55 p.m.73 views

CVE-2012-1186

Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0248.

5.5CVSS6.7AI score0.00286EPSS
CVE
CVE
added 2012/09/14 10:33 a.m.73 views

CVE-2012-3955

ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced.

7.1CVSS6.2AI score0.20025EPSS
CVE
CVE
added 2013/02/23 9:55 p.m.73 views

CVE-2013-0900

Race condition in the International Components for Unicode (ICU) functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

6.8CVSS7AI score0.01608EPSS
CVE
CVE
added 2013/09/10 7:55 p.m.73 views

CVE-2013-4243

Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image.

6.8CVSS9.1AI score0.18626EPSS
CVE
CVE
added 2011/08/15 9:55 p.m.72 views

CVE-2011-2749

The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet.

7.8CVSS6.2AI score0.83085EPSS
CVE
CVE
added 2012/06/05 10:55 p.m.72 views

CVE-2012-0248

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.

5.5CVSS6.2AI score0.00286EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.72 views

CVE-2012-3982

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application cr...

9.3CVSS9.8AI score0.01275EPSS
CVE
CVE
added 2013/04/25 11:55 p.m.72 views

CVE-2013-1915

ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability.

7.5CVSS6.7AI score0.04848EPSS
CVE
CVE
added 2011/02/10 7:0 p.m.71 views

CVE-2011-0981

Google Chrome before 9.0.597.94 does not properly perform event handling for animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

7.5CVSS8.8AI score0.02239EPSS
CVE
CVE
added 2011/03/25 7:55 p.m.71 views

CVE-2011-1293

Use-after-free vulnerability in the HTMLCollection implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5CVSS8.6AI score0.01451EPSS
CVE
CVE
added 2012/06/05 10:55 p.m.71 views

CVE-2012-1185

Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image. N...

7.8CVSS8.5AI score0.04205EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.70 views

CVE-2012-4179

Use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denia...

9.3CVSS9.4AI score0.05468EPSS
CVE
CVE
added 2013/09/10 7:55 p.m.70 views

CVE-2013-4232

Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted TIFF image.

6.8CVSS8.9AI score0.0167EPSS
CVE
CVE
added 2014/01/18 7:55 p.m.70 views

CVE-2013-6425

Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.

5CVSS6AI score0.02998EPSS
CVE
CVE
added 2012/01/07 11:55 a.m.69 views

CVE-2011-3919

Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5CVSS8.5AI score0.0248EPSS
CVE
CVE
added 2012/06/17 3:41 a.m.69 views

CVE-2012-0037

Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF documen...

6.5CVSS6.2AI score0.00534EPSS
CVE
CVE
added 2012/06/05 10:55 p.m.69 views

CVE-2012-0260

The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.

6.5CVSS6.7AI score0.01936EPSS
CVE
CVE
added 2013/08/19 1:7 p.m.69 views

CVE-2013-2175

HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to t...

5CVSS6.5AI score0.00076EPSS
CVE
CVE
added 2013/08/19 11:55 p.m.69 views

CVE-2013-4852

Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the S...

6.8CVSS7.7AI score0.01751EPSS
CVE
CVE
added 2012/09/07 10:55 p.m.68 views

CVE-2012-4388

The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to impr...

4.3CVSS6.3AI score0.10313EPSS
CVE
CVE
added 2013/06/15 7:55 p.m.68 views

CVE-2013-2064

Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function.

6.8CVSS9.2AI score0.01017EPSS
CVE
CVE
added 2013/12/09 4:36 p.m.68 views

CVE-2013-7020

The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not properly enforce certain bit-count and colorspace constraints, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data.

6.8CVSS7.3AI score0.01472EPSS
CVE
CVE
added 2012/07/25 10:42 a.m.67 views

CVE-2012-3571

ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier.

6.1CVSS6.3AI score0.22137EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.67 views

CVE-2012-4201

The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the handling of JavaScript code that sets the location.href property, which allo...

4.3CVSS7.9AI score0.02609EPSS
CVE
CVE
added 2010/07/28 8:0 p.m.66 views

CVE-2010-2901

The rendering implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

10CVSS9.1AI score0.01549EPSS
CVE
CVE
added 2011/12/08 11:55 a.m.66 views

CVE-2011-4539

dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet.

5CVSS6.2AI score0.34285EPSS
CVE
CVE
added 2019/12/31 7:15 p.m.66 views

CVE-2013-4357

The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service.

7.5CVSS7.2AI score0.01161EPSS
CVE
CVE
added 2019/11/04 1:15 p.m.66 views

CVE-2013-4412

slim has NULL pointer dereference when using crypt() method from glibc 2.17

7.5CVSS7.5AI score0.00938EPSS
Total number of security vulnerabilities253