Lucene search

K
DebianDebian Linux7.0

1248 matches found

CVE
CVE
added 2013/06/05 12:55 a.m.69 views

CVE-2013-2862

Skia, as used in Google Chrome before 27.0.1453.110, does not properly handle GPU acceleration, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

7.5CVSS7AI score0.00622EPSS
CVE
CVE
added 2013/07/31 1:20 p.m.69 views

CVE-2013-2884

Use-after-free vulnerability in the DOM implementation in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to improper tracking of which document owns an Attr object.

7.5CVSS7AI score0.00887EPSS
CVE
CVE
added 2013/08/19 11:55 p.m.69 views

CVE-2013-4852

Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the S...

6.8CVSS7.7AI score0.01751EPSS
CVE
CVE
added 2016/05/13 4:59 p.m.69 views

CVE-2014-9763

imlib2 before 1.4.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted PNM file.

7.5CVSS7AI score0.0352EPSS
CVE
CVE
added 2016/04/13 5:59 p.m.69 views

CVE-2015-3146

The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet.

7.5CVSS7AI score0.02405EPSS
CVE
CVE
added 2016/01/12 8:59 p.m.69 views

CVE-2016-1232

The mod_dialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack.

7.5CVSS7AI score0.00708EPSS
CVE
CVE
added 2016/02/19 4:59 p.m.69 views

CVE-2016-2270

Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings.

6.8CVSS6.8AI score0.00284EPSS
CVE
CVE
added 2018/03/01 11:29 p.m.69 views

CVE-2017-6929

A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability was already fixed in Drupal 8.4.0 in the Drupal cor...

6.1CVSS5.9AI score0.00738EPSS
CVE
CVE
added 2018/02/23 9:29 p.m.69 views

CVE-2018-7437

An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a memcpy call of the parse_SST function.

8.8CVSS8.5AI score0.00701EPSS
CVE
CVE
added 2013/06/15 7:55 p.m.68 views

CVE-2013-2064

Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function.

6.8CVSS9.2AI score0.01017EPSS
CVE
CVE
added 2013/05/25 3:18 a.m.68 views

CVE-2013-3561

Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector.

7.8CVSS6.2AI score0.01522EPSS
CVE
CVE
added 2014/01/16 12:17 p.m.68 views

CVE-2013-6645

Use-after-free vulnerability in the OnWindowRemovingFromRootWindow function in content/browser/web_contents/web_contents_view_aura.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows user-assisted remote attackers to cause a denial of service or p...

6.8CVSS7AI score0.01406EPSS
CVE
CVE
added 2014/04/23 3:55 p.m.68 views

CVE-2014-2709

lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified parameters.

7.5CVSS8.9AI score0.01868EPSS
CVE
CVE
added 2014/05/16 3:55 p.m.68 views

CVE-2014-3730

The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\djangoproject.com."

4.3CVSS6.3AI score0.00988EPSS
CVE
CVE
added 2014/11/25 11:59 p.m.68 views

CVE-2014-9035

Cross-site scripting (XSS) vulnerability in Press This in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.5AI score0.00586EPSS
CVE
CVE
added 2014/11/25 11:59 p.m.68 views

CVE-2014-9036

Cross-site scripting (XSS) vulnerability in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted Cascading Style Sheets (CSS) token sequence in a post.

4.3CVSS5.4AI score0.00586EPSS
CVE
CVE
added 2015/03/31 2:59 p.m.68 views

CVE-2014-9706

The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree.

7.5CVSS7.4AI score0.02765EPSS
CVE
CVE
added 2015/04/19 10:59 a.m.68 views

CVE-2015-3334

browser/ui/website_settings/website_settings.cc in Google Chrome before 42.0.2311.90 does not always display "Media: Allowed by you" in a Permissions table after the user has granted camera permission to a web site, which might make it easier for user-assisted remote attackers to obtain sensitive v...

4.3CVSS5.4AI score0.00637EPSS
CVE
CVE
added 2018/01/29 8:29 p.m.68 views

CVE-2016-10711

Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751.

9.8CVSS9.1AI score0.0177EPSS
CVE
CVE
added 2018/02/03 3:29 p.m.68 views

CVE-2017-18123

The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs.

9.3CVSS8.3AI score0.00354EPSS
CVE
CVE
added 2018/03/15 7:29 p.m.68 views

CVE-2017-18238

An issue was discovered in Exempi before 2.4.4. The TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .qt file.

5.5CVSS5.8AI score0.00519EPSS
CVE
CVE
added 2012/07/25 10:42 a.m.67 views

CVE-2012-3571

ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier.

6.1CVSS6.3AI score0.22137EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.67 views

CVE-2012-4201

The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the handling of JavaScript code that sets the location.href property, which allo...

4.3CVSS7.9AI score0.02609EPSS
CVE
CVE
added 2013/07/10 10:55 a.m.67 views

CVE-2013-2867

Google Chrome before 28.0.1500.71 does not properly prevent pop-under windows, which allows remote attackers to have an unspecified impact via a crafted web site.

7.5CVSS6.2AI score0.00656EPSS
CVE
CVE
added 2014/03/27 4:55 p.m.67 views

CVE-2014-2326

Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.4AI score0.01268EPSS
CVE
CVE
added 2014/08/27 1:55 a.m.67 views

CVE-2014-3168

Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper caching associated with animation.

7.5CVSS7AI score0.01558EPSS
CVE
CVE
added 2014/11/25 11:59 p.m.67 views

CVE-2014-9037

WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.

6.8CVSS6.5AI score0.02617EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.67 views

CVE-2014-9666

The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact v...

6.8CVSS7.9AI score0.01778EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.67 views

CVE-2014-9672

Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file.

5.8CVSS7.1AI score0.01931EPSS
CVE
CVE
added 2015/04/19 10:59 a.m.67 views

CVE-2015-1248

The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem and then referencing this file with a filesystem:http: URL.

4.3CVSS9AI score0.00553EPSS
CVE
CVE
added 2015/04/14 6:59 p.m.67 views

CVE-2015-2788

Multiple stack-based buffer overflows in the ib_fill_isqlda function in dbdimp.c in DBD-Firebird before 1.19 allow remote attackers to have unspecified impact via unknown vectors that trigger an error condition, related to binding octets to columns.

10CVSS7AI score0.07802EPSS
CVE
CVE
added 2015/06/22 7:59 p.m.67 views

CVE-2015-3234

The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by the Verisign, LiveJournal, and StackExchange providers.

4.3CVSS6.4AI score0.00498EPSS
CVE
CVE
added 2016/06/07 2:6 p.m.67 views

CVE-2015-5261

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.

7.1CVSS7.4AI score0.00092EPSS
CVE
CVE
added 2016/04/13 4:59 p.m.67 views

CVE-2016-2191

The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image.

6.5CVSS6.2AI score0.02263EPSS
CVE
CVE
added 2017/11/17 5:29 a.m.67 views

CVE-2017-1000229

Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service.

7.8CVSS7.5AI score0.00473EPSS
CVE
CVE
added 2018/03/08 6:29 p.m.67 views

CVE-2018-7872

An invalid memory address dereference was discovered in the function getName in libming 0.4.8 for CONSTANT16 data. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

6.5CVSS7AI score0.00664EPSS
CVE
CVE
added 2010/07/28 8:0 p.m.66 views

CVE-2010-2901

The rendering implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

10CVSS9.1AI score0.01549EPSS
CVE
CVE
added 2011/12/08 11:55 a.m.66 views

CVE-2011-4539

dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet.

5CVSS6.2AI score0.34285EPSS
CVE
CVE
added 2015/01/08 1:59 a.m.66 views

CVE-2012-6684

Cross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI.

4.3CVSS7.5AI score0.00226EPSS
CVE
CVE
added 2013/06/05 12:55 a.m.66 views

CVE-2013-2863

Google Chrome before 27.0.1453.110 does not properly handle SSL sockets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

10CVSS7.6AI score0.03175EPSS
CVE
CVE
added 2013/08/21 12:17 p.m.66 views

CVE-2013-2905

The SharedMemory::Create function in memory/shared_memory_posix.cc in Google Chrome before 29.0.1547.57 uses weak permissions under /dev/shm/, which allows attackers to obtain sensitive information via direct access to a POSIX shared-memory file.

5CVSS5.3AI score0.00135EPSS
CVE
CVE
added 2013/10/02 10:35 a.m.66 views

CVE-2013-2919

Google V8, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

7.5CVSS7AI score0.02329EPSS
CVE
CVE
added 2013/06/09 9:55 p.m.66 views

CVE-2013-4078

epan/dissectors/packet-rdp.c in the RDP dissector in Wireshark 1.8.x before 1.8.8 does not validate return values during checks for data availability, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

5CVSS6.3AI score0.01429EPSS
CVE
CVE
added 2019/12/31 7:15 p.m.66 views

CVE-2013-4357

The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service.

7.5CVSS7.2AI score0.01161EPSS
CVE
CVE
added 2019/11/04 1:15 p.m.66 views

CVE-2013-4412

slim has NULL pointer dereference when using crypt() method from glibc 2.17

7.5CVSS7.5AI score0.00938EPSS
CVE
CVE
added 2013/11/13 3:55 p.m.66 views

CVE-2013-6621

Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the x-webkit-speech attribute in a text INPUT element.

7.5CVSS6.9AI score0.01481EPSS
CVE
CVE
added 2014/11/25 11:59 p.m.66 views

CVE-2014-9039

wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message.

4.3CVSS6.4AI score0.01681EPSS
CVE
CVE
added 2014/12/01 3:59 p.m.66 views

CVE-2014-9087

Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow.

7.5CVSS6.5AI score0.05055EPSS
CVE
CVE
added 2015/03/31 2:59 p.m.66 views

CVE-2015-2754

FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) and possibly execute arbitrary code via a crafted workbook, related to a "premature EOF."

6.8CVSS7.6AI score0.02149EPSS
CVE
CVE
added 2016/12/29 10:59 p.m.66 views

CVE-2016-1922

QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit Windows guests support is vulnerable to a null pointer dereference flaw. It occurs while doing I/O port write operations via hmp interface. In that, 'current_cpu' remains null, which leads to the null pointer dereference. A user o...

5.5CVSS6.7AI score0.00062EPSS
Total number of security vulnerabilities1248