Lucene search
+L

830 matches found

ubuntucve
ubuntucve
added 2024/07/22 12:0 a.m.11 views

CVE-2024-6714

An issue was discovered in provd before version 0.1.5 with a setuid binary, which allows a local attacker to escalate their privilege...

8.8CVSS5.9AI score0.00263EPSS
Exploits1References3
ubuntucve
ubuntucve
added 2024/06/27 12:0 a.m.29 views

CVE-2024-6388

Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext...

5.9CVSS5.8AI score0.00147EPSS
Exploits0References3
hackread
hackread
added 2024/05/29 12:1 p.m.15 views

Blocksquare Hits $100M Tokenized RWA Triggering Launchpad Release

By Uzair Amir Blocksquare, a leading real estate tokenization platform, announces a major milestone: $100 million worth of real estate tokenized… This is a post from HackRead.com Read the original post: Blocksquare Hits $100M Tokenized RWA Triggering Launchpad Release...

7.3AI score
Exploits0
githubexploit
githubexploit
added 2024/05/20 3:4 p.m.587 views

Exploit for Out-of-bounds Write in Treasuredata Fluent_Bit

CVE-2024-4323-Exploit-POC This proof-of-concept script demons...

9.8CVSS10AI score0.28309EPSS
Exploits3
ubuntucve
ubuntucve
added 2024/05/14 4:17 p.m.23 views

CVE-2024-4761

Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.4AI score0.11007EPSS
Exploits2References4
ubuntucve
ubuntucve
added 2024/05/03 3:15 a.m.86 views

CVE-2023-42118

Exim libspf2 Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Exim libspf2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing o...

8.8CVSS7.6AI score0.51474EPSS
Exploits0References3
ubuntucve
ubuntucve
added 2024/04/17 8:15 a.m.31 views

CVE-2024-3837

Use after free in QUIC in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS6.7AI score0.0094EPSS
Exploits0References3
ubuntucve
ubuntucve
added 2024/02/29 1:42 a.m.51 views

CVE-2023-7207

Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames...

4.9CVSS6.3AI score0.00906EPSS
Exploits0References4
ubuntucve
ubuntucve
added 2024/02/27 7:4 p.m.24 views

CVE-2021-46948

In the Linux kernel, the following vulnerability has been resolved: sfc: farch: fix TX queue lookup in TX event handling We're starting from a TXQ label, not a TXQ type, so efxchannelgettxqueue is inappropriate and could return NULL, leading to panics...

5.5CVSS5.7AI score0.00222EPSS
Exploits0References6
ubuntucve
ubuntucve
added 2024/02/26 4:28 p.m.15 views

CVE-2024-27456

rack-cors aka Rack CORS Middleware 2.0.1 has 0666 permissions for the .rb files...

9.1CVSS7.1AI score0.00771EPSS
Exploits1References2
ubuntucve
ubuntucve
added 2024/02/26 12:0 a.m.41 views

CVE-2023-52472

In the Linux kernel, the following vulnerability has been resolved: crypto: rsa - add a check for allocation failure Static checkers insist that the mpialloc allocation can fail so add a check to prevent a NULL dereference. Small allocations like this can't actually fail in current kernels, but...

5.5CVSS6.3AI score0.00272EPSS
Exploits0References10
ubuntucve
ubuntucve
added 2024/02/26 12:0 a.m.25 views

CVE-2023-52467

In the Linux kernel, the following vulnerability has been resolved: mfd: syscon: Fix null pointer dereference in ofsysconregister kasprintf returns a pointer to dynamically allocated memory which can be NULL upon failure...

5.5CVSS6.3AI score0.00278EPSS
Exploits0References13
ubuntucve
ubuntucve
added 2024/02/14 12:0 a.m.25 views

CVE-2023-48733

An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot...

6.7CVSS6.8AI score0.00256EPSS
Exploits0References4
ubuntucve
ubuntucve
added 2024/02/06 9:15 a.m.28 views

CVE-2024-0684

A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the linebytessplit function, potentially leading to an application crash and denial of service...

5.5CVSS6.1AI score0.0049EPSS
Exploits0References2
ubuntucve
ubuntucve
added 2024/01/25 9:15 p.m.22 views

CVE-2024-22636

PluXml Blog v5.8.9 was discovered to contain a remote code execution RCE vulnerability in the Static Pages feature. This vulnerability is exploited via injecting a crafted payload into the Content field...

8.8CVSS7.8AI score0.01257EPSS
Exploits1References2
ubuntucve
ubuntucve
added 2024/01/23 12:0 a.m.364 views

CVE-2022-4964

Ubuntu's pipewire-pulse in snap grants microphone access even when the snap interface for audio-record is not set...

5.5CVSS6.1AI score0.00279EPSS
Exploits1References3
ubuntucve
ubuntucve
added 2024/01/17 4:15 p.m.62 views

CVE-2024-0646

An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system...

7.8CVSS6.8AI score0.00308EPSS
Exploits0References16
ubuntucve
ubuntucve
added 2024/01/16 10:15 p.m.36 views

CVE-2024-0517

Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.2AI score0.21697EPSS
Exploits0References3
ubuntucve
ubuntucve
added 2024/01/12 9:15 p.m.27 views

CVE-2023-51698

Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CB...

9.6CVSS7.2AI score0.02359EPSS
Exploits2References4
ubuntucve
ubuntucve
added 2023/12/14 12:0 a.m.24 views

CVE-2023-49342

Temporary data passed between application components by Budgie Extras Clockworks applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false...

7.8CVSS7AI score0.00303EPSS
Exploits0References3
Rows per page
Query Builder