Lucene search

K
DebianDebian Linux

136 matches found

CVE
CVE
added 2022/03/13 12:15 a.m.8456 views

CVE-2021-36368

An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authentication ...

3.7CVSS4.2AI score0.00283EPSS
CVE
CVE
added 2024/03/27 7:15 p.m.3525 views

CVE-2024-28085

wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible ...

3.3CVSS6.2AI score0.1201EPSS
CVE
CVE
added 2023/07/18 9:15 p.m.2804 views

CVE-2023-22045

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22....

3.7CVSS4.4AI score0.00133EPSS
CVE
CVE
added 2023/07/18 9:15 p.m.2728 views

CVE-2023-22044

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 21.3.6, 22.3.2; Oracle GraalVM for J...

3.7CVSS3.9AI score0.00156EPSS
CVE
CVE
added 2023/09/15 7:15 p.m.903 views

CVE-2023-36479

Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the ...

3.5CVSS5.9AI score0.00862EPSS
CVE
CVE
added 2023/06/13 5:15 p.m.835 views

CVE-2023-20867

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.

3.9CVSS5.1AI score0.00514EPSS
CVE
CVE
added 2022/09/23 2:15 p.m.526 views

CVE-2022-35252

When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.

3.7CVSS4.7AI score0.00066EPSS
CVE
CVE
added 2021/05/11 8:15 p.m.521 views

CVE-2020-24588

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802...

3.5CVSS6.4AI score0.00848EPSS
CVE
CVE
added 2019/05/10 10:29 p.m.463 views

CVE-2019-11884

The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character.

3.3CVSS5.6AI score0.0006EPSS
CVE
CVE
added 2023/04/18 8:15 p.m.436 views

CVE-2023-21937

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to explo...

3.7CVSS4.7AI score0.00095EPSS
CVE
CVE
added 2019/10/01 2:15 p.m.408 views

CVE-2019-17055

base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.

3.3CVSS6.5AI score0.00079EPSS
CVE
CVE
added 2023/04/18 8:15 p.m.405 views

CVE-2023-21968

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploi...

3.7CVSS4.7AI score0.00086EPSS
CVE
CVE
added 2023/07/18 9:15 p.m.404 views

CVE-2023-22049

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 2...

3.7CVSS4.7AI score0.0009EPSS
CVE
CVE
added 2023/04/18 8:15 p.m.398 views

CVE-2023-21938

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploi...

3.7CVSS4.7AI score0.00095EPSS
CVE
CVE
added 2021/06/15 9:15 p.m.379 views

CVE-2021-3593

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or i...

3.8CVSS5AI score0.00018EPSS
CVE
CVE
added 2019/01/16 7:30 p.m.371 views

CVE-2019-2422

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to co...

3.1CVSS2.4AI score0.00128EPSS
CVE
CVE
added 2024/04/16 10:15 p.m.369 views

CVE-2024-21011

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracl...

3.7CVSS3.2AI score0.0025EPSS
CVE
CVE
added 2023/06/06 8:15 p.m.368 views

CVE-2023-2602

A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.

3.3CVSS5.5AI score0.00017EPSS
CVE
CVE
added 2021/06/11 4:15 p.m.365 views

CVE-2021-22898

curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPT_TELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uni...

3.1CVSS5.3AI score0.00113EPSS
CVE
CVE
added 2021/05/11 8:15 p.m.358 views

CVE-2020-24586

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted u...

3.5CVSS6.2AI score0.00746EPSS
CVE
CVE
added 2020/10/21 3:15 p.m.355 views

CVE-2020-14798

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

3.1CVSS3.4AI score0.00247EPSS
CVE
CVE
added 2020/11/28 7:15 a.m.354 views

CVE-2020-29374

An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-1...

3.6CVSS4.9AI score0.00018EPSS
CVE
CVE
added 2021/08/05 9:15 p.m.346 views

CVE-2021-3655

A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.

3.3CVSS5.4AI score0.00041EPSS
CVE
CVE
added 2019/11/19 10:15 p.m.342 views

CVE-2019-19126

On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR...

3.3CVSS4.8AI score0.00016EPSS
CVE
CVE
added 2021/10/20 11:16 a.m.328 views

CVE-2021-35588

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u311, 8u301; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker wi...

3.1CVSS4.2AI score0.00087EPSS
CVE
CVE
added 2019/07/04 1:15 p.m.327 views

CVE-2019-13232

Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue.

3.3CVSS3.8AI score0.00085EPSS
CVE
CVE
added 2023/07/18 9:15 p.m.327 views

CVE-2023-22006

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle Graa...

3.1CVSS4.2AI score0.00123EPSS
CVE
CVE
added 2020/08/11 4:15 p.m.325 views

CVE-2020-16092

In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_r...

3.8CVSS5AI score0.00019EPSS
CVE
CVE
added 2020/12/02 1:15 a.m.325 views

CVE-2020-25723

A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the...

3.2CVSS5.5AI score0.00016EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.314 views

CVE-2018-3139

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via mu...

3.1CVSS3.9AI score0.00134EPSS
CVE
CVE
added 2021/06/15 9:15 p.m.313 views

CVE-2021-3592

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this flaw to leak 10 by...

3.8CVSS5.3AI score0.00021EPSS
CVE
CVE
added 2020/10/21 3:15 p.m.312 views

CVE-2020-14796

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

3.1CVSS3.2AI score0.0013EPSS
CVE
CVE
added 2020/03/05 7:15 p.m.308 views

CVE-2019-20382

QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.

3.5CVSS4.8AI score0.00188EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.306 views

CVE-2019-2945

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

3.1CVSS3.8AI score0.00265EPSS
CVE
CVE
added 2019/01/28 3:29 p.m.305 views

CVE-2019-3815

A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the _CMDLINE= entry. A local attacker may use this flaw to make systemd-j...

3.3CVSS6AI score0.00199EPSS
CVE
CVE
added 2022/09/28 2:15 p.m.303 views

CVE-2021-43980

The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 tha...

3.7CVSS5.6AI score0.00162EPSS
CVE
CVE
added 2023/07/18 9:15 p.m.302 views

CVE-2023-22036

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM...

3.7CVSS4.6AI score0.00059EPSS
CVE
CVE
added 2021/01/26 6:15 p.m.299 views

CVE-2020-29443

ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.

3.9CVSS5.5AI score0.00044EPSS
CVE
CVE
added 2023/10/18 9:15 p.m.299 views

CVE-2023-45145

Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process...

3.6CVSS4AI score0.0049EPSS
CVE
CVE
added 2021/06/22 3:15 p.m.286 views

CVE-2021-34428

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a sess...

3.6CVSS3.9AI score0.00646EPSS
CVE
CVE
added 2024/04/16 10:15 p.m.282 views

CVE-2024-21085

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability a...

3.7CVSS3AI score0.0008EPSS
CVE
CVE
added 2024/04/16 10:15 p.m.281 views

CVE-2024-21012

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterp...

3.7CVSS2.8AI score0.00107EPSS
CVE
CVE
added 2024/04/16 10:15 p.m.279 views

CVE-2024-21094

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracl...

3.7CVSS3AI score0.00307EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.274 views

CVE-2018-3136

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via mult...

3.4CVSS4.7AI score0.00165EPSS
CVE
CVE
added 2021/06/15 9:15 p.m.271 views

CVE-2021-3595

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-bounds read access or i...

3.8CVSS5.2AI score0.00018EPSS
CVE
CVE
added 2024/04/16 10:15 p.m.266 views

CVE-2024-21068

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22; Oracle Gr...

3.7CVSS3AI score0.00398EPSS
CVE
CVE
added 2021/06/15 9:15 p.m.262 views

CVE-2021-3594

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or in...

3.8CVSS5.2AI score0.00018EPSS
CVE
CVE
added 2021/06/09 7:15 p.m.261 views

CVE-2020-24512

Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

3.3CVSS5.8AI score0.00047EPSS
CVE
CVE
added 2020/04/13 7:15 p.m.255 views

CVE-2020-11736

fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.

3.9CVSS4AI score0.00062EPSS
CVE
CVE
added 2018/07/02 12:29 p.m.253 views

CVE-2018-13053

The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used.

3.3CVSS6.6AI score0.00034EPSS
Total number of security vulnerabilities136