Lucene search

K
DebianDebian Linux7.0

1248 matches found

CVE
CVE
added 2016/04/12 3:59 p.m.66 views

CVE-2016-3164

Drupal 6.x before 6.38, 7.x before 7.43, and 8.x before 8.0.4 might allow remote attackers to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on a 404 error page, related to path manipulation.

7.4CVSS7.4AI score0.00659EPSS
CVE
CVE
added 2018/02/23 9:29 p.m.66 views

CVE-2018-7435

An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the freexl::destroy_cell function.

8.8CVSS8.5AI score0.00813EPSS
CVE
CVE
added 2018/03/06 6:29 p.m.66 views

CVE-2018-7728

An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FileHandlers/TIFF_Handler.cpp mishandles a case of a zero length, leading to a heap-based buffer over-read in the MD5Update() function in third-party/zuid/interfaces/MD5.cpp.

5.5CVSS5.5AI score0.00303EPSS
CVE
CVE
added 2011/01/14 5:0 p.m.65 views

CVE-2011-0482

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of anchors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document.

4.3CVSS9.2AI score0.0327EPSS
CVE
CVE
added 2011/02/10 7:0 p.m.65 views

CVE-2011-0983

Google Chrome before 9.0.597.94 does not properly handle anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

7.5CVSS8.7AI score0.01845EPSS
CVE
CVE
added 2011/08/03 12:55 a.m.65 views

CVE-2011-2359

Google Chrome before 13.0.782.107 does not properly track line boxes during rendering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

6.8CVSS7AI score0.03596EPSS
CVE
CVE
added 2013/03/07 3:55 p.m.65 views

CVE-2013-2486

The dissect_diagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer...

6.1CVSS5.4AI score0.01648EPSS
CVE
CVE
added 2013/06/05 12:55 a.m.65 views

CVE-2013-2860

Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving access to a database API by a worker process.

7.5CVSS7AI score0.0061EPSS
CVE
CVE
added 2013/07/10 10:55 a.m.65 views

CVE-2013-2870

Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote servers to execute arbitrary code via crafted response traffic after a URL request.

9.3CVSS7.2AI score0.01324EPSS
CVE
CVE
added 2013/08/21 12:17 p.m.65 views

CVE-2013-2900

The FilePath::ReferencesParent function in files/file_path.cc in Google Chrome before 29.0.1547.57 on Windows does not properly handle pathname components composed entirely of . (dot) and whitespace characters, which allows remote attackers to conduct directory traversal attacks via a crafted direc...

7.5CVSS6AI score0.0274EPSS
CVE
CVE
added 2013/08/21 12:17 p.m.65 views

CVE-2013-2904

Use-after-free vulnerability in the Document::finishedParsing function in core/dom/Document.cpp in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via an onload event that changes an IFRAME element s...

7.5CVSS7AI score0.01018EPSS
CVE
CVE
added 2013/05/25 3:18 a.m.65 views

CVE-2013-3560

The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

5CVSS6.3AI score0.0345EPSS
CVE
CVE
added 2014/01/16 12:17 p.m.65 views

CVE-2013-6646

Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the shutting down of a w...

7.5CVSS7AI score0.01763EPSS
CVE
CVE
added 2014/01/28 2:30 p.m.65 views

CVE-2013-6650

The StoreBuffer::ExemptPopularPages function in store-buffer.cc in Google V8 before 3.22.24.16, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors that trigger incorrect handli...

7.5CVSS6.9AI score0.02383EPSS
CVE
CVE
added 2014/07/20 11:12 a.m.65 views

CVE-2014-3162

Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.125 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

5CVSS6.8AI score0.00436EPSS
CVE
CVE
added 2015/04/01 2:59 p.m.65 views

CVE-2014-9713

The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors.

4CVSS6AI score0.00142EPSS
CVE
CVE
added 2015/02/19 3:59 p.m.65 views

CVE-2015-1592

Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote attackers to include and execute arbitrary local Perl files and possibly execute arbitrary code via unspecified vectors.

7.5CVSS7.5AI score0.81049EPSS
CVE
CVE
added 2015/03/31 2:59 p.m.65 views

CVE-2015-2753

FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) or possibly execute arbitrary code via a crafted sector in a workbook.

6.8CVSS7.8AI score0.01918EPSS
CVE
CVE
added 2015/08/05 10:59 a.m.65 views

CVE-2015-3439

Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript functions via the target parameter, as demons...

4.3CVSS5.7AI score0.03106EPSS
CVE
CVE
added 2015/09/28 8:59 p.m.65 views

CVE-2015-5400

Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.

6.8CVSS6.9AI score0.2154EPSS
CVE
CVE
added 2016/02/12 5:59 a.m.65 views

CVE-2016-2326

Integer overflow in the asf_write_packet function in libavformat/asfenc.c in FFmpeg before 2.8.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PTS (aka presentation timestamp) value in a .mov file.

8.8CVSS8.8AI score0.01072EPSS
CVE
CVE
added 2016/04/12 3:59 p.m.65 views

CVE-2016-3170

The "have you forgotten your password" links in the User module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allow remote attackers to obtain sensitive username information by leveraging a configuration that permits using an email address to login and a module that permits logging in.

5.3CVSS5.2AI score0.00498EPSS
CVE
CVE
added 2017/09/01 1:29 p.m.65 views

CVE-2017-12869

The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input.

7.5CVSS7.8AI score0.00418EPSS
CVE
CVE
added 2010/10/21 7:0 p.m.64 views

CVE-2010-4040

Google Chrome before 7.0.517.41 does not properly handle animated GIF images, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted image.

7.8CVSS8.6AI score0.00599EPSS
CVE
CVE
added 2010/12/07 9:0 p.m.64 views

CVE-2010-4492

Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animations.

7.5CVSS9.2AI score0.01918EPSS
CVE
CVE
added 2012/11/11 1:0 p.m.64 views

CVE-2012-4564

ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow.

6.8CVSS8.7AI score0.2646EPSS
CVE
CVE
added 2013/08/21 12:17 p.m.64 views

CVE-2013-2902

Use-after-free vulnerability in the XSLT ProcessingInstruction implementation in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to an applyXSLTransform call involving (1) an HTML...

7.5CVSS6.9AI score0.00887EPSS
CVE
CVE
added 2014/08/13 4:57 a.m.64 views

CVE-2014-3165

Use-after-free vulnerability in modules/websockets/WorkerThreadableWebSocketChannel.cpp in the Web Sockets implementation in Blink, as used in Google Chrome before 36.0.1985.143, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger ...

7.5CVSS7AI score0.01215EPSS
CVE
CVE
added 2014/12/03 9:59 p.m.64 views

CVE-2014-9157

Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.

7.5CVSS7.6AI score0.01899EPSS
CVE
CVE
added 2015/04/19 10:59 a.m.64 views

CVE-2015-1246

Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5CVSS6.2AI score0.0303EPSS
CVE
CVE
added 2015/11/02 7:59 p.m.64 views

CVE-2015-8036

Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly han...

6.8CVSS8AI score0.01704EPSS
CVE
CVE
added 2016/04/07 11:59 p.m.64 views

CVE-2016-2851

Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.

9.8CVSS9.7AI score0.23058EPSS
CVE
CVE
added 2016/04/12 3:59 p.m.64 views

CVE-2016-3162

The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files.

8.1CVSS7.5AI score0.00294EPSS
CVE
CVE
added 2010/12/22 1:0 a.m.63 views

CVE-2010-4578

Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 do not properly perform cursor handling, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale pointers."

7.5CVSS8.7AI score0.01771EPSS
CVE
CVE
added 2013/07/10 10:55 a.m.63 views

CVE-2013-2869

Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted JPEG2000 image.

4.3CVSS6AI score0.00686EPSS
CVE
CVE
added 2014/08/27 1:55 a.m.63 views

CVE-2014-3169

Use-after-free vulnerability in core/dom/ContainerNode.cpp in the DOM implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging script execution that occurs before notification ...

7.5CVSS7.1AI score0.03248EPSS
CVE
CVE
added 2014/12/03 6:59 p.m.63 views

CVE-2014-8104

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.

6.8CVSS5.9AI score0.01465EPSS
CVE
CVE
added 2014/11/19 6:59 p.m.63 views

CVE-2014-8594

The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer dereference) by leveraging hardware emulation services for HVM guests using Hardware Assisted Pagi...

5.4CVSS5.3AI score0.01876EPSS
CVE
CVE
added 2016/06/07 2:6 p.m.63 views

CVE-2014-9746

The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix function in type42/t42parse.c, and (4) ps_parser_load_field function in psaux/psobjs.c in FreeType before 2.5.4 do not check return values, which allows remote att...

9.8CVSS9.5AI score0.01853EPSS
CVE
CVE
added 2015/03/12 2:59 p.m.63 views

CVE-2015-2045

The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors.

2.1CVSS4.6AI score0.00076EPSS
CVE
CVE
added 2016/04/12 3:59 p.m.63 views

CVE-2016-3163

The XML-RPC system in Drupal 6.x before 6.38 and 7.x before 7.43 might make it easier for remote attackers to conduct brute-force attacks via a large number of calls made at once to the same method.

7.5CVSS7.3AI score0.00855EPSS
CVE
CVE
added 2016/04/12 3:59 p.m.63 views

CVE-2016-3169

The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the user_save function with an explicit category and loads all roles into the array.

8.1CVSS8.1AI score0.01016EPSS
CVE
CVE
added 2017/02/17 2:59 a.m.63 views

CVE-2016-9955

The SimpleSAML_XML_Validator class constructor in SimpleSAMLphp before 1.14.11 might allow remote attackers to spoof signatures on SAML 1 responses or possibly cause a denial of service (memory consumption) by leveraging improper conversion of return values to boolean.

6.3CVSS6.4AI score0.0041EPSS
CVE
CVE
added 2018/04/13 3:29 p.m.63 views

CVE-2017-0356

A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters.

9.8CVSS7.2AI score0.10038EPSS
CVE
CVE
added 2018/04/13 4:29 p.m.63 views

CVE-2017-0364

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link.

6.1CVSS6.3AI score0.00184EPSS
CVE
CVE
added 2018/03/15 7:29 p.m.63 views

CVE-2017-18236

An issue was discovered in Exempi before 2.4.4. The ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted .asf file.

5.5CVSS5.7AI score0.00173EPSS
CVE
CVE
added 2012/07/22 4:55 p.m.62 views

CVE-2012-2751

ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform ot...

4.3CVSS5.7AI score0.01759EPSS
CVE
CVE
added 2013/06/05 12:55 a.m.62 views

CVE-2013-2858

Use-after-free vulnerability in the HTML5 Audio implementation in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5CVSS7AI score0.0061EPSS
CVE
CVE
added 2014/01/16 12:17 p.m.62 views

CVE-2013-6644

Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

7.5CVSS6.9AI score0.01698EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.62 views

CVE-2014-9656

The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font.

7.5CVSS7.8AI score0.01793EPSS
Total number of security vulnerabilities1248