Lucene search

K
DebianDebian Linux7.0

1248 matches found

CVE
CVE
added 2015/05/08 2:59 p.m.59 views

CVE-2015-3011

Multiple cross-site scripting (XSS) vulnerabilities in the contacts application in ownCloud Server Community Edition before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted contact.

3.5CVSS5.2AI score0.00209EPSS
CVE
CVE
added 2018/10/24 9:29 p.m.59 views

CVE-2016-10729

An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root.

7.8CVSS7.7AI score0.00213EPSS
CVE
CVE
added 2016/04/12 3:59 p.m.59 views

CVE-2016-3166

CRLF injection vulnerability in the drupal_set_header function in Drupal 6.x before 6.38, when used with PHP before 5.1.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by leveraging a module that allows user-submitted data to appear in HTTP he...

5.9CVSS6.1AI score0.00497EPSS
CVE
CVE
added 2018/04/13 4:29 p.m.59 views

CVE-2017-0372

Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.

9.8CVSS9.6AI score0.59378EPSS
CVE
CVE
added 2017/12/20 5:29 p.m.59 views

CVE-2017-17476

Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email.

8.8CVSS8.4AI score0.00891EPSS
CVE
CVE
added 2010/11/06 12:0 a.m.58 views

CVE-2010-4199

Google Chrome before 7.0.517.44 does not properly perform a cast of an unspecified variable during processing of an SVG use element, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SVG document.

8.8CVSS9.2AI score0.0081EPSS
CVE
CVE
added 2013/05/25 3:18 a.m.58 views

CVE-2013-3558

The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

5CVSS6.3AI score0.03264EPSS
CVE
CVE
added 2014/03/18 5:3 p.m.58 views

CVE-2014-1608

SQL injection vulnerability in the mci_file_get function in api/soap/mc_file_api.php in MantisBT before 1.2.16 allows remote attackers to execute arbitrary SQL commands via a crafted envelope tag in a mc_issue_attachment_get SOAP request.

7.5CVSS6.8AI score0.00605EPSS
CVE
CVE
added 2016/05/13 4:59 p.m.58 views

CVE-2014-9764

imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a crafted GIF file.

7.5CVSS7AI score0.01474EPSS
CVE
CVE
added 2018/03/08 6:29 p.m.58 views

CVE-2018-7875

There is a heap-based buffer over-read in the getString function of util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input will lead to a denial of service attack.

6.5CVSS7.1AI score0.00571EPSS
CVE
CVE
added 2013/03/07 3:55 p.m.57 views

CVE-2013-2484

The CIMD dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet.

3.3CVSS6.3AI score0.01423EPSS
CVE
CVE
added 2013/03/07 3:55 p.m.57 views

CVE-2013-2487

epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet, related to the (1) diss...

7.8CVSS5.4AI score0.03557EPSS
CVE
CVE
added 2015/01/21 6:59 p.m.57 views

CVE-2013-6892

WebSVN 2.3.3 allows remote authenticated users to read arbitrary files via a symlink attack in a commit.

3.5CVSS6AI score0.0017EPSS
CVE
CVE
added 2014/12/10 3:59 p.m.57 views

CVE-2014-8601

PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service ("performance degradations") via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it.

5CVSS6.4AI score0.00887EPSS
CVE
CVE
added 2014/11/24 3:59 p.m.57 views

CVE-2014-9030

The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE.

7.1CVSS6.2AI score0.0232EPSS
CVE
CVE
added 2015/12/03 8:59 p.m.57 views

CVE-2015-0859

The Debian build procedure for the smokeping package in wheezy before 2.6.8-2+deb7u1 and jessie before 2.6.9-1+deb8u1 does not properly configure the way Apache httpd passes arguments to smokeping_cgi, which allows remote attackers to execute arbitrary code via crafted CGI arguments.

7.5CVSS7.7AI score0.01323EPSS
CVE
CVE
added 2015/05/08 2:59 p.m.57 views

CVE-2015-3012

Multiple cross-site scripting (XSS) vulnerabilities in WebODF before 0.5.5, as used in ownCloud, allow remote attackers to inject arbitrary web script or HTML via a (1) style or (2) font name or (3) javascript or (4) data URI.

4.3CVSS5.5AI score0.00455EPSS
CVE
CVE
added 2016/04/12 2:59 p.m.57 views

CVE-2015-8474

Open redirect vulnerability in the valid_back_url function in app/controllers/application_controller.rb in Redmine before 2.6.7, 3.0.x before 3.0.5, and 3.1.x before 3.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted back_url parameter,...

7.4CVSS7AI score0.01817EPSS
CVE
CVE
added 2017/07/29 5:29 a.m.57 views

CVE-2017-11733

A null pointer dereference vulnerability was found in the function stackswap (called from decompileSTACKSWAP) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.

5.5CVSS6.1AI score0.00318EPSS
CVE
CVE
added 2018/02/02 3:29 p.m.57 views

CVE-2017-18121

The consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable to a Cross-Site Scripting attack, allowing an attacker to craft links that could execute arbitrary JavaScript code on the victim's web browser.

6.1CVSS6.3AI score0.00355EPSS
CVE
CVE
added 2018/01/27 9:29 p.m.57 views

CVE-2018-6358

The printDefineFont2 function (util/listfdb.c) in libming through 0.4.8 is vulnerable to a heap-based buffer overflow, which may allow attackers to cause a denial of service or unspecified other impact via a crafted FDB file.

8.8CVSS8.2AI score0.00611EPSS
CVE
CVE
added 2012/09/05 11:55 p.m.56 views

CVE-2012-3509

Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the "addition of CHUNK_HEADER_SIZE to the le...

5CVSS8.8AI score0.01748EPSS
CVE
CVE
added 2013/06/09 9:55 p.m.56 views

CVE-2013-4077

Array index error in the NBAP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to nbap.cnf and packet-nbap.c.

5CVSS6.2AI score0.01061EPSS
CVE
CVE
added 2013/12/07 8:55 p.m.56 views

CVE-2013-6410

nbd-server in Network Block Device (nbd) before 3.5 does not properly check IP addresses, which might allow remote attackers to bypass intended access restrictions via an IP address that has a partial match in the authfile configuration file.

7.5CVSS6.2AI score0.0032EPSS
CVE
CVE
added 2014/04/09 10:56 a.m.56 views

CVE-2014-1716

Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype function in runtime.cc in Google V8, as used in Google Chrome before 34.0.1847.116, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)."

7.5CVSS4.7AI score0.01068EPSS
CVE
CVE
added 2014/11/06 3:55 p.m.56 views

CVE-2014-8483

The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string.

5CVSS6.2AI score0.02722EPSS
CVE
CVE
added 2015/03/09 2:59 p.m.56 views

CVE-2014-9472

The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted email.

7.1CVSS8AI score0.00875EPSS
CVE
CVE
added 2015/02/28 2:59 a.m.56 views

CVE-2015-0885

checkpw 1.02 and earlier allows remote attackers to cause a denial of service (infinite loop) via a -- (dash dash) in a username.

5CVSS6.3AI score0.00887EPSS
CVE
CVE
added 2018/01/08 7:29 p.m.56 views

CVE-2015-2320

The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback.

9.8CVSS8.5AI score0.05073EPSS
CVE
CVE
added 2016/06/07 2:6 p.m.56 views

CVE-2015-7695

The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query.

9.8CVSS9.6AI score0.01232EPSS
CVE
CVE
added 2018/04/13 4:29 p.m.56 views

CVE-2017-0362

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token.

8.8CVSS8.6AI score0.00149EPSS
CVE
CVE
added 2017/09/01 9:29 p.m.56 views

CVE-2017-12872

The (1) Htpasswd authentication source in the authcrypt module and (2) SimpleSAML_Session class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input.

5.9CVSS5.9AI score0.00404EPSS
CVE
CVE
added 2018/04/24 7:29 p.m.56 views

CVE-2018-3836

An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that passes...

7.8CVSS7.8AI score0.00091EPSS
CVE
CVE
added 2018/01/25 10:29 p.m.56 views

CVE-2018-6315

The outputSWF_TEXT_RECORD function (util/outputscript.c) in libming through 0.4.8 is vulnerable to an integer overflow and resultant out-of-bounds read, which may allow attackers to cause a denial of service or unspecified other impact via a crafted SWF file.

8.8CVSS8.3AI score0.00764EPSS
CVE
CVE
added 2011/02/04 6:0 p.m.55 views

CVE-2011-0779

Google Chrome before 9.0.597.84 does not properly handle a missing key in an extension, which allows remote attackers to cause a denial of service (application crash) via a crafted extension.

5CVSS6.1AI score0.01479EPSS
CVE
CVE
added 2012/07/25 10:42 a.m.55 views

CVE-2012-3954

Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests.

3.3CVSS6.3AI score0.06481EPSS
CVE
CVE
added 2013/06/09 9:55 p.m.55 views

CVE-2013-4076

Buffer overflow in the dissect_iphc_crtp_fh function in epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet.

5CVSS6.5AI score0.01047EPSS
CVE
CVE
added 2015/01/09 6:59 p.m.55 views

CVE-2014-9272

The string_insert_href function in MantisBT 1.2.0a1 through 1.2.x before 1.2.18 does not properly validate the URL protocol, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the javascript:// protocol.

4.3CVSS5.2AI score0.00442EPSS
CVE
CVE
added 2015/03/31 2:59 p.m.55 views

CVE-2015-2684

Shibboleth Service Provider (SP) before 2.5.4 allows remote authenticated users to cause a denial of service (crash) via a crafted SAML message.

4CVSS6AI score0.00455EPSS
CVE
CVE
added 2015/06/22 7:59 p.m.55 views

CVE-2015-3232

Open redirect vulnerability in the Field UI module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destinations parameter.

5.8CVSS6.4AI score0.00443EPSS
CVE
CVE
added 2015/08/24 2:59 p.m.55 views

CVE-2015-6496

conntrackd in conntrack-tools 1.4.2 and earlier does not ensure that the optional kernel modules are loaded before using them, which allows remote attackers to cause a denial of service (crash) via a (1) DCCP, (2) SCTP, or (3) ICMPv6 packet.

5CVSS6.3AI score0.02789EPSS
CVE
CVE
added 2017/09/13 6:29 p.m.55 views

CVE-2017-2816

An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability.

8.8CVSS8.6AI score0.00747EPSS
CVE
CVE
added 2018/02/02 1:29 a.m.55 views

CVE-2018-6521

The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions.

9.8CVSS9.1AI score0.00617EPSS
CVE
CVE
added 2018/02/23 9:29 p.m.55 views

CVE-2018-7439

An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the function read_mini_biff_next_record.

8.8CVSS8.5AI score0.00813EPSS
CVE
CVE
added 2011/03/25 7:55 p.m.54 views

CVE-2011-1292

Use-after-free vulnerability in the frame-loader implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5CVSS7AI score0.01366EPSS
CVE
CVE
added 2011/09/23 10:55 a.m.54 views

CVE-2011-2766

The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers.

7.5CVSS6.7AI score0.00261EPSS
CVE
CVE
added 2013/03/07 3:55 p.m.54 views

CVE-2013-2478

The dissect_server_info function in epan/dissectors/packet-ms-mms.c in the MS-MMS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not properly manage string lengths, which allows remote attackers to cause a denial of service (application crash) via a malformed packet that (1)...

3.3CVSS6.7AI score0.01454EPSS
CVE
CVE
added 2013/05/25 3:18 a.m.54 views

CVE-2013-3562

Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet.

5CVSS6.3AI score0.0344EPSS
CVE
CVE
added 2013/09/16 7:14 p.m.54 views

CVE-2013-4234

Multiple heap-based buffer overflows in the (1) abc_MIDI_drum and (2) abc_MIDI_gchord functions in load_abc.cpp in libmodplug 0.8.8.4 and earlier allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted ABC.

6.8CVSS7.8AI score0.03086EPSS
CVE
CVE
added 2013/10/28 10:55 p.m.54 views

CVE-2013-4394

The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors invo...

5.9CVSS6.3AI score0.00109EPSS
Total number of security vulnerabilities1248