Lucene search
+L
UbuntucveMost viewed

71772 matches found

UbuntuCve
UbuntuCve
•added 2017/08/20 8:29 p.m.•43 views

CVE-2017-12976

git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117...

8.8CVSS6.9AI score0.0267EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2017/08/10 5:0 p.m.•43 views

CVE-2017-1000112

Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSGMORE ipappenddata calls ipufoappenddata to append. However in between two send calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption. In...

7CVSS6.7AI score0.20797EPSS
Exploits19References8
UbuntuCve
UbuntuCve
•added 2017/08/08 3:29 p.m.•43 views

CVE-2017-10125

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Deployment. Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows physical access to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly...

7.1CVSS6.9AI score0.0063EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2017/07/17 1:18 p.m.•43 views

CVE-2017-1000035

Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack...

6.1CVSS6.3AI score0.00888EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2017/07/10 6:29 p.m.•43 views

CVE-2017-11163

Cross-site scripting XSS vulnerability in aggregategraphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancelurl variable...

5.4CVSS6.9AI score0.01277EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2017/05/29 4:29 a.m.•43 views

CVE-2016-10377

In Open vSwitch OvS 2.5.0, a malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in lib/flow.c in the function miniflowextract, permitting remote bypass of the access control list enforced by the switch...

8.8CVSS7.3AI score0.00943EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2017/05/23 6:29 p.m.•43 views

CVE-2017-0374

lib/Config/Model.pm in Config-Model aka libconfig-model-perl before 2.102 allows local users to gain privileges via a crafted model in the current working directory, related to use of . with the INC array...

7.8CVSS7.1AI score0.00404EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2017/05/23 4:29 a.m.•43 views

CVE-2016-9841

inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic...

9.8CVSS7AI score0.0755EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2017/05/21 6:29 p.m.•43 views

CVE-2014-9970

jasypt before 1.9.2 allows a timing attack against the password hash comparison...

7.5CVSS6.8AI score0.02432EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2017/04/03 5:59 a.m.•43 views

CVE-2016-10222

runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service segmentation violation and application crash via crafted JavaScript code that triggers a "type confusion" in the JSON.stringify function...

7.5CVSS7.2AI score0.01724EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2017/04/03 12:0 a.m.•43 views

CVE-2016-10317

The fillthreshholdbuffer function in base/gxhtthresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted PostScript document...

7.8CVSS7.1AI score0.02282EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2017/04/03 12:0 a.m.•43 views

CVE-2016-10217

The pdf14open function in base/gdevp14.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service use-after-free and application crash via a crafted file that is mishandled in the color management module...

5.5CVSS6.8AI score0.01459EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2017/02/06 12:0 a.m.•43 views

CVE-2017-5551

The simplesetacl function in fs/posixacl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. NOT...

4.4CVSS6.8AI score0.00404EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2017/01/27 12:0 a.m.•43 views

CVE-2016-10003

Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients...

7.5CVSS6.8AI score0.04772EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2016/12/13 7:59 p.m.•43 views

CVE-2016-6706

An elevation of privilege vulnerability in libstagefright in Mediaserver in Android 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to...

9.3CVSS7.2AI score0.00749EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2016/10/10 10:59 a.m.•43 views

CVE-2015-8956

The rfcommsockbind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service NULL pointer dereference via vectors involving a bind system call on a Bluetooth RFCOMM socket...

6.1CVSS6.8AI score0.00223EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2016/09/16 12:0 a.m.•43 views

CVE-2016-6302

The tlsdecryptticket function in ssl/t1lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short...

7.5CVSS7AI score0.26441EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2016/09/11 12:0 a.m.•43 views

CVE-2016-7127

The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service out-of-bounds write or possibly have unspecified other impact by providing different signs for the second an...

9.8CVSS7.1AI score0.06842EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2016/07/04 12:0 a.m.•43 views

CVE-2016-4956

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service interleaved-mode transition and time change via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548...

5.3CVSS6.8AI score0.16351EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2016/06/29 2:10 p.m.•43 views

CVE-2012-6703

Integer overflow in the sndcomprallocatebuffer function in sound/core/compressoffload.c in the ALSA subsystem in the Linux kernel before 3.6-rc6-next-20120917 allows local users to cause a denial of service insufficient memory allocation or possibly have unspecified other impact via a crafted...

7.8CVSS6.3AI score0.00318EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2016/06/07 6:59 p.m.•43 views

CVE-2016-3087

Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! exclamation mark operator to the REST Plugin...

9.8CVSS7.4AI score0.81087EPSS
Exploits4References2
UbuntuCve
UbuntuCve
•added 2016/05/23 12:0 a.m.•43 views

CVE-2016-4569

The sndtimeruserparams function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface...

5.5CVSS6.8AI score0.00835EPSS
Exploits0References17
UbuntuCve
UbuntuCve
•added 2016/05/21 12:0 a.m.•43 views

CVE-2015-8876

Zend/zendexceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception objects, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash or trigger unintended method execution via crafted...

9.8CVSS7.3AI score0.07705EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2016/05/06 12:0 a.m.•43 views

CVE-2016-4538

The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the zero, one, or two global variable, which allows remote attackers to cause a denial of service or possibl...

9.8CVSS7.2AI score0.06229EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2016/05/02 12:0 a.m.•43 views

CVE-2016-3136

The mctu232msrtostate function in drivers/usb/serial/mctu232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service NULL pointer dereference and system crash via a crafted USB device without two interrupt-in endpoint descriptors...

4.9CVSS6.8AI score0.01797EPSS
Exploits2References17
UbuntuCve
UbuntuCve
•added 2016/04/27 5:59 p.m.•43 views

CVE-2016-3139

The wacomprobe function in drivers/input/tablet/wacomsys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service NULL pointer dereference and system crash via a crafted endpoints value in a USB device descriptor...

4.9CVSS6.8AI score0.0179EPSS
Exploits2References6
UbuntuCve
UbuntuCve
•added 2016/04/27 12:0 a.m.•43 views

CVE-2016-2808

The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service generation-count overflow, out-of-bounds HashMap write access, and...

7.5CVSS7.5AI score0.02064EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2016/04/13 3:59 p.m.•43 views

CVE-2015-8553

Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777...

6.5CVSS6.8AI score0.00381EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2016/03/13 10:59 p.m.•43 views

CVE-2016-1645

Multiple integer signedness errors in the opjj2kupdateimagedata function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 49.0.2623.87, allow remote attackers to cause a denial of service incorrect cast and out-of-bounds write or possibly have unspecified other impact via crafted...

9.3CVSS7.2AI score0.01981EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2016/02/24 12:0 a.m.•43 views

CVE-2016-2549

sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service deadlock via a crafted ioctl call...

6.2CVSS6.8AI score0.00481EPSS
Exploits0References12
UbuntuCve
UbuntuCve
•added 2016/02/13 2:59 a.m.•43 views

CVE-2015-8631

Multiple memory leaks in kadmin/server/serverstubs.c in kadmind in MIT Kerberos 5 aka krb5 before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service memory consumption via a request specifying a NULL principal name...

6.5CVSS6.8AI score0.04643EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2016/01/19 12:0 p.m.•43 views

CVE-2016-0728

The joinsessionkeyring function in security/keys/processkeys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service integer overflow and use-after-free via crafted keyctl commands...

7.8CVSS7AI score0.03646EPSS
Exploits14References10
UbuntuCve
UbuntuCve
•added 2015/11/26 12:0 a.m.•43 views

CVE-2015-8364

Integer overflow in the ffiviinitplanes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows remote attackers to cause a denial of service out-of-bounds heap-memory access or possibly have unspecified other impact via crafted image dimensions in...

6.8CVSS7.2AI score0.02069EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2015/11/16 9:59 p.m.•43 views

CVE-2015-2924

The receivera function in rdisc/nm-lndp-rdisc.c in the Neighbor Discovery ND protocol implementation in the IPv6 stack in NetworkManager 1.x allows remote attackers to reconfigure a hop-limit setting via a small hoplimit value in a Router Advertisement RA message, a similar issue to CVE-2015-2922...

3.3CVSS7.2AI score0.01204EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2015/10/22 12:0 a.m.•43 views

CVE-2015-7692

The cryptoxmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service crash. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750...

7.5CVSS7.2AI score0.07336EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2015/10/15 10:59 a.m.•43 views

CVE-2015-6760

The Image11::map function in renderer/d3d/d3d11/Image11.cpp in libANGLE, as used in Google Chrome before 46.0.2490.71, mishandles mapping failures after device-lost events, which allows remote attackers to cause a denial of service invalid read or write or possibly have unspecified other impact v...

7.5CVSS7.3AI score0.01396EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2015/10/01 12:59 a.m.•43 views

CVE-2015-1541

The AppWidgetServiceImpl implementation in com/android/server/appwidget/AppWidgetServiceImpl.java in the Settings application in Android before 5.1.1 LMY48I allows attackers to obtain a URI permission via an application that sends an Intent with a 1 FLAGGRANTREADURIPERMISSION or 2...

4.3CVSS5.9AI score0.00477EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2015/10/01 12:59 a.m.•43 views

CVE-2014-7916

Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342751...

10CVSS6AI score0.00623EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2015/10/01 12:59 a.m.•43 views

CVE-2015-1528

Integer overflow in the nativehandlecreate function in libcutils/nativehandle.c in Android before 5.1.1 LMY48M allows attackers to obtain a different application's privileges or cause a denial of service Binder heap memory corruption via a crafted application, aka internal bug 19334482...

9.3CVSS5.9AI score0.02742EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2015/09/09 12:0 a.m.•43 views

CVE-2015-6834

Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to 1 the Serializable interface, 2 the SplObjectStorage class, and 3 the SplDoublyLinkedList class, which are mishandled...

9.8CVSS7.3AI score0.46801EPSS
Exploits4References3
UbuntuCve
UbuntuCve
•added 2015/08/27 12:0 a.m.•43 views

CVE-2015-6833

Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. dot dot in a ZIP archive entry that is mishandled during an extractTo call...

7.5CVSS7.2AI score0.04837EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2015/07/20 1:59 a.m.•43 views

CVE-2015-0157

IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service daemon crash by leveraging an unspecified scalar function in a SQL statement...

6.8CVSS7.2AI score0.02519EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2015/04/24 12:0 a.m.•43 views

CVE-2015-3416

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service integer overflow and stack-based buffer overflow or possibly have unspecifie...

7.5CVSS7.1AI score0.05684EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2015/03/30 10:59 a.m.•43 views

CVE-2013-6501

The default soap.wsdlcachedir setting in 1 php.ini-production and 2 php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the getsdl...

4.6CVSS6.8AI score0.00578EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2015/03/08 12:0 a.m.•43 views

CVE-2015-1228

The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not force a relayout operation and consequently does not initialize memory for a data structure, which allows remote attackers to cause a denial of service...

7.5CVSS7.3AI score0.01371EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2015/01/22 12:0 a.m.•43 views

CVE-2014-7927

The SimplifiedLowering::DoLoadBuffer function in compiler/simplified-lowering.cc in Google V8, as used in Google Chrome before 40.0.2214.91, does not properly choose an integer data type, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified oth...

7.5CVSS7.3AI score0.04199EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2015/01/21 12:0 a.m.•43 views

CVE-2014-6585

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6591...

2.6CVSS6.8AI score0.04297EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2015/01/08 12:0 a.m.•43 views

CVE-2014-3571

OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake bod...

5CVSS6.8AI score0.22964EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2015/01/04 9:59 p.m.•43 views

CVE-2014-9509

The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers to have an unspecified impact possibly resource consumption via a "Cache Poisoning" attack using a...

7.5CVSS6AI score0.01496EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2014/11/10 12:0 a.m.•43 views

CVE-2014-3673

The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service system crash via a malformed ASCONF chunk, related to net/sctp/smmakechunk.c and net/sctp/smstatefuns.c...

7.8CVSS6.8AI score0.07461EPSS
Exploits1References9
Total number of security vulnerabilities5000