Lucene search
+L
UbuntucveMost viewed

71772 matches found

UbuntuCve
UbuntuCve
added 2022/07/27 12:0 a.m.105 views

CVE-2022-2031

A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other...

8.8CVSS6.5AI score0.00965EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2023/10/26 12:0 a.m.104 views

CVE-2023-46234

browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any...

7.5CVSS6.8AI score0.00508EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2023/04/11 12:15 p.m.104 views

CVE-2023-26917

libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lyspstmtvalidatevalue at lysparsemem.c...

7.5CVSS7.1AI score0.00893EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2022/10/13 12:0 a.m.104 views

CVE-2022-42889

Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation...

9.8CVSS7.4AI score0.99931EPSS
Exploits42References3
UbuntuCve
UbuntuCve
added 2022/02/10 12:0 a.m.104 views

CVE-2022-0435

A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges...

9CVSS6.8AI score0.67994EPSS
Exploits2References9
UbuntuCve
UbuntuCve
added 2025/02/03 6:15 p.m.103 views

CVE-2024-56161

Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP...

7.2CVSS7.2AI score0.00523EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2024/12/19 6:15 p.m.103 views

CVE-2024-38819

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...

7.5CVSS6.8AI score0.54862EPSS
Exploits6References2
UbuntuCve
UbuntuCve
added 2024/06/11 12:0 a.m.103 views

CVE-2024-5458

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, due to a code logic error, filtering functions such as filtervar when validating URLs FILTERVALIDATEURL for certain types of URLs the function will result in invalid user information username + password part of URLs being...

5.3CVSS6.8AI score0.12117EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2023/11/28 4:15 p.m.103 views

CVE-2022-41678

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandlerhandlePostRequest is able to create JmxRequest...

8.8CVSS6.8AI score0.8581EPSS
Exploits2References5
UbuntuCve
UbuntuCve
added 2023/10/27 3:15 p.m.103 views

CVE-2023-46604

The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to caus...

10CVSS7AI score0.99654EPSS
Exploits31References6
UbuntuCve
UbuntuCve
added 2023/07/25 4:15 a.m.103 views

CVE-2023-38745

Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image element in the input when generating files via the --extract-media option or outputting to PDF format. This allows an attacker to create or overwrite arbitrary files, depending on the privileges of...

6.3CVSS6.3AI score0.00247EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2023/05/15 3:15 p.m.103 views

CVE-2023-31616

An issue in the bifmod component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS7.1AI score0.00905EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2023/02/14 5:0 p.m.103 views

CVE-2023-25725

HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some...

9.1CVSS7AI score0.05493EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2022/11/13 8:15 a.m.103 views

CVE-2022-3970

A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tifgetimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and m...

8.8CVSS6.2AI score0.01237EPSS
Exploits1References7
UbuntuCve
UbuntuCve
added 2022/02/16 7:15 p.m.103 views

CVE-2021-3773

A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks...

9.8CVSS6.8AI score0.05279EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2021/10/21 3:15 p.m.103 views

CVE-2021-42740

The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...

9.8CVSS7.2AI score0.0434EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2019/11/05 2:15 p.m.103 views

CVE-2016-1000002

gdm3 3.14.2 and possibly later has an information leak before screen lock...

2.4CVSS5.8AI score0.00527EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2023/07/17 10:15 p.m.102 views

CVE-2023-37476

OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vulnerability exists in all versions of...

7.8CVSS7.4AI score0.00632EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2023/06/14 6:15 p.m.102 views

CVE-2023-2976

Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files...

7.1CVSS6.7AI score0.00248EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2022/06/01 12:0 a.m.102 views

CVE-2022-31747

Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to...

9.8CVSS7.3AI score0.00878EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2022/02/15 12:0 a.m.102 views

CVE-2022-25235

xmltokimpl.c in Expat aka libexpat before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context...

9.8CVSS6.9AI score0.04955EPSS
Exploits0References11
UbuntuCve
UbuntuCve
added 2022/02/01 12:0 a.m.102 views

CVE-2021-3996

A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves like /tmp or mounted in a...

5.5CVSS6.5AI score0.00634EPSS
Exploits3References4
UbuntuCve
UbuntuCve
added 2022/01/18 4:15 p.m.102 views

CVE-2022-23307

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists...

9CVSS6.9AI score0.52458EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2021/10/19 12:0 a.m.102 views

CVE-2021-20322

A flaw in the processing of received ICMP errors ICMP fragment needed and ICMP redirect in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest...

7.4CVSS6.7AI score0.06846EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2023/05/22 12:0 a.m.101 views

CVE-2023-28709

The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted...

7.5CVSS7.3AI score0.51547EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2023/01/18 12:15 a.m.101 views

CVE-2023-21830

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and 21.3.4. Easily exploitable vulnerability allows...

5.3CVSS6.8AI score0.01058EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2022/10/17 12:0 a.m.101 views

CVE-2022-3515

A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment...

9.8CVSS6.7AI score0.01635EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2022/07/05 12:0 a.m.101 views

CVE-2022-34480

Within the lginit function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being allocated. This vulnerability affects Firefox 102...

8.8CVSS7.2AI score0.00542EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2017/01/04 12:0 a.m.101 views

CVE-2016-10009

Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS11 modules by leveraging control over a forwarded agent-socket...

7.5CVSS7.2AI score0.37431EPSS
Exploits4References4
UbuntuCve
UbuntuCve
added 2012/08/27 9:55 p.m.101 views

CVE-2012-2129

Cross-site scripting XSS vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to inject arbitrary web script or HTML via the target parameter in an edit action...

4.3CVSS6AI score0.02564EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2023/11/06 4:15 p.m.100 views

CVE-2023-5678

Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHgeneratekey to generate an X9.42 DH key may experience long delays. Likewise, applications that use...

5.3CVSS6.7AI score0.04459EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2023/08/15 12:0 a.m.100 views

CVE-2023-38858

Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the mp4info function in mp4read.c:1039...

6.5CVSS7.1AI score0.00898EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2023/08/15 12:0 a.m.100 views

CVE-2023-38856

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the getstring function in xlstool.c:411...

6.5CVSS6.8AI score0.00773EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2023/02/25 2:15 a.m.100 views

CVE-2023-26039

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an OS Command Injection via daemonControl in /web/api/app/Controller/HostController.php. Any authenticated user can...

8.8CVSS7.3AI score0.01246EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2023/01/05 12:0 a.m.100 views

CVE-2022-31631

In PHP versions 8.0. before 8.0.27, 8.1. before 8.1.15, 8.2. before 8.2.2 when using PDO::quote function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities...

9.1CVSS6.9AI score0.02212EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2020/10/21 3:15 p.m.100 views

CVE-2020-14760

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 5.7.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

7.5CVSS6.8AI score0.01954EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2023/10/04 7:15 p.m.99 views

CVE-2023-39191

An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAPBPF privileges to escalate privileges and...

8.2CVSS7AI score0.00516EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2022/12/21 12:0 a.m.99 views

CVE-2022-43551

A vulnerability exists in curl 7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypasse...

7.5CVSS6.8AI score0.1654EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2022/03/14 11:15 a.m.99 views

CVE-2022-22720

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling...

9.8CVSS7.3AI score0.28189EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2022/02/11 6:15 a.m.99 views

CVE-2022-24958

drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev-buf release...

7.8CVSS6.8AI score0.00413EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2013/03/07 8:55 p.m.99 views

CVE-2010-5107

The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service connection-slot exhaustion by periodically making many new TCP connections...

7.5CVSS6.8AI score0.1651EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2025/03/26 9:15 p.m.98 views

CVE-2025-31160

atop through 2.11.0 allows local users to cause a denial of service e.g., assertion failure and application exit or possibly have unspecified other impact by running certain types of unprivileged processes while a different user runs atop...

2.9CVSS5.9AI score0.00192EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2023/12/06 12:0 a.m.98 views

CVE-2023-45866

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such...

6.3CVSS6.9AI score0.07879EPSS
Exploits9References3
UbuntuCve
UbuntuCve
added 2023/12/02 11:15 p.m.98 views

CVE-2023-47100

Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-47038. Reason: This record is a duplicate of CVE-2023-47038. Notes: All CVE users should reference CVE-2023-47038 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage...

6.7AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2023/10/17 10:15 p.m.98 views

CVE-2023-22102

Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/J. Supported versions that are affected are 8.1.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful...

8.3CVSS7.2AI score0.00872EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2023/10/10 6:15 p.m.98 views

CVE-2023-42795

Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling...

5.3CVSS6.8AI score0.0216EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2023/08/02 12:0 a.m.98 views

CVE-2023-3364

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use...

7.5CVSS6.9AI score0.44675EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2023/02/07 8:15 p.m.98 views

CVE-2023-25194

A possible security vulnerability has been identified in Apache Kafka Connect API. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka...

8.8CVSS7.1AI score0.95302EPSS
Exploits8References3
UbuntuCve
UbuntuCve
added 2022/04/01 12:0 a.m.98 views

CVE-2022-22965

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution RCE via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is...

9.8CVSS7.5AI score0.99677EPSS
Exploits103References7
UbuntuCve
UbuntuCve
added 2021/12/16 12:0 a.m.98 views

CVE-2021-39685

In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an incorrect flag check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

7.8CVSS7AI score0.00461EPSS
Exploits2References12
Total number of security vulnerabilities5000