Lucene search
K

233 matches found

OSV
OSV
added 2022/03/03 9:15 p.m.2 views

UBUNTU-CVE-2022-24723

URI.js is a Javascript URL mutation library. Before version 1.19.9, whitespace characters are not removed from the beginning of the protocol, so URLs are not parsed properly. This issue has been patched in version 1.19.9. Removing leading whitespace from values before passing them to URI.parse ca...

5.3CVSS6.7AI score0.01995EPSS
Exploits1References6
OSV
OSV
added 2021/11/16 6:0 p.m.6 views

UBUNTU-CVE-2021-3939

Ubuntu-specific modifications to accountsservice in patch file debian/patches/0010-set-language.patch caused the fallbacklocale variable, pointing to static storage, to be freed, in the userchangelanguageauthorizedcb function. This is reachable via the SetLanguage dbus function. This is fixed in...

7.8CVSS5.8AI score0.00347EPSS
Exploits0References3
OSV
OSV
added 2021/04/17 5:15 a.m.5 views

DEBIAN-CVE-2021-3493

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow...

7.8CVSS7.1AI score0.43988EPSS
Exploits27References1
OSV
OSV
added 2020/12/08 10:15 p.m.2 views

UBUNTU-CVE-2020-27755

in SetImageExtent of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because the code which checks for the proper image depth size does not reset the size in the event there is an invalid size. The patch resets the depth to a proper size before throwing an exception. Th...

3.3CVSS6.8AI score0.00852EPSS
Exploits1References4
OSV
OSV
added 2020/11/23 4:3 p.m.14 views

USN-4640-1 pulseaudio vulnerability

James Henstridge discovered that an Ubuntu-specific patch caused PulseAudio to incorrectly handle snap client connections. An attacker could possibly use this to expose sensitive information...

4.7CVSS5.8AI score0.00314EPSS
Exploits1References2
NCSC
NCSC
added 2020/11/18 12:0 a.m.2 views

Vulnerabilities fixed in OpenLDAP

Several vulnerabilities have been fixed in OpenLDAP. The vulnerabilities allow an unauthenticated malicious person with network access to the OpenLDAP server is able to cause a denial-of-service on the OpenLDAP service. Exploit code is publicly available for both vulnerabilities. The operation of...

7.5CVSS9.4AI score0.02858EPSS
Exploits0
OSV
OSV
added 2019/09/30 12:0 a.m.3 views

UBUNTU-CVE-2018-16227

The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-80211.c for the Mesh Flags subfield...

7.5CVSS6.6AI score0.06816EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2018/04/17 8:29 p.m.30 views

CVE-2018-10187

In radare2 2.5.0, there is a heap-based buffer over-read in the dalvikop function libr/anal/p/analdalvik.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted DEX file. Note that this issue is different from CVE-2018-8809, which was patched earlier...

5.5CVSS6.2AI score0.00909EPSS
Exploits1References2
OSV
OSV
added 2017/11/03 12:0 a.m.1 views

UBUNTU-CVE-2017-16528

sound/core/seqdevice.c in the Linux kernel before 4.13.4 allows local users to cause a denial of service sndrawmididevseqfree use-after-free and system crash or possibly have unspecified other impact via a crafted USB device...

6.6CVSS6.7AI score0.00365EPSS
Exploits0References6
OSV
OSV
added 2017/02/23 12:0 a.m.1 views

UBUNTU-CVE-2017-6302

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "5 of 9. Integer Overflow."...

7.8CVSS7.1AI score0.01222EPSS
Exploits0References7
OSV
OSV
added 2016/08/25 12:0 a.m.2 views

UBUNTU-CVE-2016-7524

coders/meta.c in ImageMagick allows remote attackers to cause a denial of service out-of-bounds read via a crafted file...

6.5CVSS7AI score0.02186EPSS
Exploits1References3
Metasploit
Metasploit
added 2015/12/15 5:26 p.m.231 views

Joomla HTTP Header Unauthenticated Remote Code Execution

Joomla suffers from an unauthenticated remote code execution that affects all versions from 1.5.0 to 3.4.5. By storing user supplied headers in the databases session table it's possible to truncate the input by sending an UTF-8 character. The custom created payload is then executed once the sessi...

9.8CVSS8.5AI score0.98283EPSS
Exploits16
OSV
OSV
added 2015/07/23 12:0 a.m.3 views

UBUNTU-CVE-2015-3290

arch/x86/entry/entry64.S in the Linux kernel before 4.1.6 on the x8664 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window...

7.2CVSS6.7AI score0.01103EPSS
Exploits4References10
Rows per page
Query Builder