Lucene search

K
DebianDebian Linux6.0

253 matches found

CVE
CVE
added 2011/01/14 5:0 p.m.65 views

CVE-2011-0482

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of anchors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document.

4.3CVSS9.2AI score0.0327EPSS
CVE
CVE
added 2011/01/20 7:0 p.m.65 views

CVE-2011-0495

Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary ...

6CVSS7.6AI score0.00573EPSS
CVE
CVE
added 2011/02/10 7:0 p.m.65 views

CVE-2011-0983

Google Chrome before 9.0.597.94 does not properly handle anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

7.5CVSS8.7AI score0.01845EPSS
CVE
CVE
added 2011/07/11 8:55 p.m.65 views

CVE-2011-1526

ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FT...

6.5CVSS4.6AI score0.00228EPSS
CVE
CVE
added 2011/08/03 12:55 a.m.65 views

CVE-2011-2359

Google Chrome before 13.0.782.107 does not properly track line boxes during rendering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

6.8CVSS7AI score0.03596EPSS
CVE
CVE
added 2011/07/17 8:55 p.m.65 views

CVE-2011-2692

The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly ha...

8.8CVSS9.2AI score0.03564EPSS
CVE
CVE
added 2010/10/21 7:0 p.m.64 views

CVE-2010-4040

Google Chrome before 7.0.517.41 does not properly handle animated GIF images, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted image.

7.8CVSS8.6AI score0.00599EPSS
CVE
CVE
added 2010/12/07 9:0 p.m.64 views

CVE-2010-4492

Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animations.

7.5CVSS9.2AI score0.01918EPSS
CVE
CVE
added 2012/06/02 3:55 p.m.64 views

CVE-2012-2947

chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call o...

2.6CVSS6.3AI score0.04301EPSS
CVE
CVE
added 2012/11/11 1:0 p.m.64 views

CVE-2012-4564

ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow.

6.8CVSS8.7AI score0.2646EPSS
CVE
CVE
added 2010/12/22 1:0 a.m.63 views

CVE-2010-4578

Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 do not properly perform cursor handling, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale pointers."

7.5CVSS8.7AI score0.01771EPSS
CVE
CVE
added 2012/06/05 10:55 p.m.63 views

CVE-2012-1798

The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image.

6.5CVSS6.7AI score0.01412EPSS
CVE
CVE
added 2012/07/22 4:55 p.m.62 views

CVE-2012-2751

ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform ot...

4.3CVSS5.7AI score0.01759EPSS
CVE
CVE
added 2012/07/24 7:55 p.m.62 views

CVE-2012-4048

The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump.

3.3CVSS6.2AI score0.00209EPSS
CVE
CVE
added 2010/12/07 9:0 p.m.61 views

CVE-2010-4493

Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service via vectors related to the handling of mouse dragging events.

4.3CVSS8.3AI score0.01582EPSS
CVE
CVE
added 2011/08/03 12:55 a.m.61 views

CVE-2011-2818

Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to display box rendering.

6.8CVSS6.9AI score0.02962EPSS
CVE
CVE
added 2011/11/11 11:55 a.m.61 views

CVE-2011-3892

Double free vulnerability in the Theora decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream.

7.5CVSS9.3AI score0.02107EPSS
CVE
CVE
added 2011/11/11 11:55 a.m.61 views

CVE-2011-3895

Heap-based buffer overflow in the Vorbis decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream.

7.5CVSS9.6AI score0.03439EPSS
CVE
CVE
added 2012/11/24 8:55 p.m.61 views

CVE-2012-2239

Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attackers to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack, as demonstrated by reading config.php.

9.1CVSS9.2AI score0.00352EPSS
CVE
CVE
added 2012/09/05 11:55 p.m.61 views

CVE-2012-3527

view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature (HMAC)."

4.6CVSS7.2AI score0.02065EPSS
CVE
CVE
added 2013/01/03 1:55 a.m.61 views

CVE-2012-5653

The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 allows remote authenticated users to bypass the protection mechanism and execute arbitrary PHP code via a null byte in a file name.

6CVSS7AI score0.00829EPSS
CVE
CVE
added 2011/08/03 12:55 a.m.60 views

CVE-2011-2800

Google Chrome before 13.0.782.107 allows remote attackers to obtain potentially sensitive information about client-side redirect targets via a crafted web site.

4.3CVSS5.5AI score0.01071EPSS
CVE
CVE
added 2011/02/10 7:0 p.m.59 views

CVE-2011-0984

Google Chrome before 9.0.597.94 does not properly handle plug-ins, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5CVSS6.2AI score0.01759EPSS
CVE
CVE
added 2012/09/18 6:55 p.m.59 views

CVE-2012-1183

Stack-based buffer overflow in the milliwatt_generate function in the Miliwatt application in Asterisk 1.4.x before 1.4.44, 1.6.x before 1.6.2.23, 1.8.x before 1.8.10.1, and 10.x before 10.2.1, when the o option is used and the internal_timing option is off, allows remote attackers to cause a denia...

4.3CVSS6.8AI score0.00219EPSS
CVE
CVE
added 2010/11/06 12:0 a.m.58 views

CVE-2010-4199

Google Chrome before 7.0.517.44 does not properly perform a cast of an unspecified variable during processing of an SVG use element, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SVG document.

8.8CVSS9.2AI score0.0081EPSS
CVE
CVE
added 2013/03/07 3:55 p.m.58 views

CVE-2013-2481

Integer signedness error in the dissect_mount_dirpath_call function in epan/dissectors/packet-mount.c in the Mount dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6, when nfs_file_name_snooping is enabled, allows remote attackers to cause a denial of service (application crash) via ...

2.9CVSS6.3AI score0.01198EPSS
CVE
CVE
added 2018/01/08 7:29 p.m.58 views

CVE-2015-2318

The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue.

8.1CVSS8.1AI score0.01358EPSS
CVE
CVE
added 2012/01/08 11:55 a.m.57 views

CVE-2011-4360

MediaWiki before 1.17.1 allows remote attackers to obtain the page titles of all restricted pages via a series of requests involving the (1) curid or (2) oldid parameter.

5CVSS6.4AI score0.00587EPSS
CVE
CVE
added 2013/12/07 8:55 p.m.56 views

CVE-2013-6410

nbd-server in Network Block Device (nbd) before 3.5 does not properly check IP addresses, which might allow remote attackers to bypass intended access restrictions via an IP address that has a partial match in the authfile configuration file.

7.5CVSS6.2AI score0.0032EPSS
CVE
CVE
added 2011/02/04 6:0 p.m.55 views

CVE-2011-0779

Google Chrome before 9.0.597.84 does not properly handle a missing key in an extension, which allows remote attackers to cause a denial of service (application crash) via a crafted extension.

5CVSS6.1AI score0.01479EPSS
CVE
CVE
added 2019/11/14 4:15 p.m.55 views

CVE-2012-1155

Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to

7.5CVSS7.4AI score0.01269EPSS
CVE
CVE
added 2012/07/25 10:42 a.m.55 views

CVE-2012-3954

Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests.

3.3CVSS6.3AI score0.06481EPSS
CVE
CVE
added 2011/03/25 7:55 p.m.54 views

CVE-2011-1292

Use-after-free vulnerability in the frame-loader implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5CVSS7AI score0.01366EPSS
CVE
CVE
added 2011/09/23 10:55 a.m.54 views

CVE-2011-2766

The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers.

7.5CVSS6.7AI score0.00261EPSS
CVE
CVE
added 2012/07/12 8:55 p.m.54 views

CVE-2012-2351

The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username.

5CVSS6.8AI score0.00331EPSS
CVE
CVE
added 2013/09/16 7:14 p.m.54 views

CVE-2013-4234

Multiple heap-based buffer overflows in the (1) abc_MIDI_drum and (2) abc_MIDI_gchord functions in load_abc.cpp in libmodplug 0.8.8.4 and earlier allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted ABC.

6.8CVSS7.8AI score0.03086EPSS
CVE
CVE
added 2019/11/15 5:15 p.m.53 views

CVE-2011-0703

In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an administrator X11 session.

9.8CVSS9.4AI score0.00432EPSS
CVE
CVE
added 2011/05/03 10:55 p.m.53 views

CVE-2011-1444

Race condition in the sandbox launcher implementation in Google Chrome before 11.0.696.57 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

6.8CVSS7.1AI score0.00692EPSS
CVE
CVE
added 2019/12/17 6:15 p.m.53 views

CVE-2012-2237

Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript innerHTML as used when generating login forms, (2) links or (3) resources URLs, and (4) the Dis...

6.1CVSS5.9AI score0.06623EPSS
CVE
CVE
added 2014/07/22 2:55 p.m.53 views

CVE-2014-4911

The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersuites, as demonstrated using the Codenomicon Defensics toolkit.

5CVSS6.3AI score0.00535EPSS
CVE
CVE
added 2011/05/16 5:55 p.m.51 views

CVE-2011-1799

Google Chrome before 11.0.696.68 does not properly perform casts of variables during interaction with the WebKit engine, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

6.8CVSS7.1AI score0.00614EPSS
CVE
CVE
added 2013/03/07 3:55 p.m.51 views

CVE-2013-2480

The RTPS and RTPS2 dissectors in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allow remote attackers to cause a denial of service (application crash) via a malformed packet.

3.3CVSS6.4AI score0.01423EPSS
CVE
CVE
added 2011/02/04 6:0 p.m.50 views

CVE-2011-0783

Unspecified vulnerability in Google Chrome before 9.0.597.84 allows user-assisted remote attackers to cause a denial of service (application crash) via vectors involving a "bad volume setting."

4.3CVSS6AI score0.01219EPSS
CVE
CVE
added 2019/11/07 6:15 p.m.50 views

CVE-2012-0049

OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server.

4.3CVSS4.3AI score0.00622EPSS
CVE
CVE
added 2012/01/08 11:55 a.m.49 views

CVE-2011-4361

MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote attackers to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function, or by (2) leveraging an extension, as demonstrated by the CategoryTree, ...

5CVSS6.1AI score0.00231EPSS
CVE
CVE
added 2012/10/10 6:55 p.m.49 views

CVE-2012-4430

The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified vectors.

4CVSS5.7AI score0.00607EPSS
CVE
CVE
added 2012/11/19 12:55 a.m.49 views

CVE-2012-4533

Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated users with repository commit access to inject arbitrary web script or HTML via the "function name" l...

4.3CVSS5.2AI score0.01286EPSS
CVE
CVE
added 2011/02/10 7:0 p.m.48 views

CVE-2011-0985

Google Chrome before 9.0.597.94 does not properly perform process termination upon memory exhaustion, which has unspecified impact and remote attack vectors.

7.5CVSS6.3AI score0.00422EPSS
CVE
CVE
added 2019/11/06 5:15 p.m.48 views

CVE-2011-4900

TYPO3 before 4.5.4 allows Information Disclosure in the backend.

6.5CVSS6.4AI score0.00338EPSS
CVE
CVE
added 2011/01/14 5:0 p.m.47 views

CVE-2011-0474

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a ...

10CVSS7.3AI score0.02875EPSS
Total number of security vulnerabilities253