Lucene search
+L
UbuntucveMost viewed

71772 matches found

UbuntuCve
UbuntuCve
added 2010/12/06 9:5 p.m.66 views

CVE-2010-4252

OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol...

7.5CVSS7.2AI score0.08076EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2009/10/23 7:30 p.m.66 views

CVE-2009-3765

muttssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a...

6.8CVSS7AI score0.01084EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/04/22 12:0 a.m.65 views

CVE-2024-58250

The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges...

9.3CVSS5.8AI score0.00208EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/05/10 12:0 a.m.65 views

CVE-2024-33655

The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service resource consumption by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst which can be considered traffic amplification in some cases, aka the...

7.5CVSS7AI score0.01743EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/02/12 5:15 a.m.65 views

CVE-2024-25744

In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/memencryptamd.c...

8.8CVSS6.7AI score0.00278EPSS
Exploits0References17
UbuntuCve
UbuntuCve
added 2023/12/22 4:15 a.m.65 views

CVE-2023-24609

Matrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subtraction integer overflow for Client Hello Pre-Shared Key extension parsing in the TLS 1.3 server. An attacked device calculates an SHA-2 hash over at least 65 KB in RAM. With a large number of crafted TLS messages, the CPU...

7.5CVSS7.1AI score0.00731EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2023/12/18 10:15 a.m.65 views

CVE-2023-32725

The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user...

9.6CVSS7.2AI score0.00849EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2023/11/30 7:15 a.m.65 views

CVE-2023-49081

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request e.g. to insert a new header or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the...

7.2CVSS6.7AI score0.00882EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2023/10/10 12:0 a.m.65 views

CVE-2023-3961

A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call RPC services like SAMR LSA or SPOOLSS, which Samba initiates o...

9.8CVSS6.9AI score0.02409EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2023/09/14 12:0 a.m.65 views

CVE-2023-42503

Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.This issue affects Apache Commons Compress: from 1.22 before 1.24.0. Users are recommended to upgrade to version 1.24.0, which fixes the issue. A third party can create a malformed...

5.5CVSS6.8AI score0.00489EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2023/07/25 9:15 p.m.65 views

CVE-2023-37920

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted ...

9.8CVSS6.9AI score0.00468EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2023/07/19 12:0 a.m.65 views

CVE-2023-3446

Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHcheck, DHcheckex or EVPPKEYparamcheck to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been...

5.3CVSS6.6AI score0.05533EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2023/03/16 12:15 a.m.65 views

CVE-2023-28466

dotlsgetsockopt in net/tls/tlsmain.c in the Linux kernel through 6.2.6 lacks a locksock call, leading to a race condition with a resultant use-after-free or NULL pointer dereference...

7CVSS6.8AI score0.00273EPSS
Exploits0References16
UbuntuCve
UbuntuCve
added 2023/03/13 1:15 a.m.65 views

CVE-2023-28154

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object...

9.8CVSS7.1AI score0.01409EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2023/02/28 6:15 p.m.65 views

CVE-2022-41725

A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request...

7.5CVSS6.7AI score0.01231EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2023/02/16 7:15 a.m.65 views

CVE-2023-0662

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space...

7.5CVSS6.8AI score0.01408EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2023/01/10 10:15 p.m.65 views

CVE-2022-4337

An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch...

9.8CVSS7.2AI score0.01324EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2022/10/19 10:15 p.m.65 views

CVE-2022-41742

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to cause a worker process crash, or might...

7.1CVSS7.1AI score0.01069EPSS
Exploits2References5
UbuntuCve
UbuntuCve
added 2022/08/22 7:15 p.m.65 views

CVE-2022-38171

Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder JBIG2Stream::readTextRegionSeg in JBIG2Stream.cc. Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by...

7.8CVSS7.2AI score0.00314EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2022/07/19 5:37 p.m.65 views

CVE-2022-34169

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...

7.5CVSS6.8AI score0.33623EPSS
Exploits2References8
UbuntuCve
UbuntuCve
added 2022/06/15 9:15 p.m.65 views

CVE-2022-21166

Incomplete cleanup in specific special register write operations for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access...

5.5CVSS6.8AI score0.05899EPSS
Exploits0References12
UbuntuCve
UbuntuCve
added 2022/06/02 2:15 p.m.65 views

CVE-2022-1949

An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows...

7.5CVSS6.9AI score0.01394EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2022/04/19 9:15 p.m.65 views

CVE-2022-21449

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows...

7.5CVSS7.3AI score0.48235EPSS
Exploits6References6
UbuntuCve
UbuntuCve
added 2022/02/18 6:15 p.m.65 views

CVE-2021-20325

Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versions of httpd, as shipped in Red Hat Enterprise Linux 8.5.0, causes a security regression compared to the versions shipped in Red Hat Enterprise Linux 8.4. A user who installs or updates to Red Hat Enterprise Linux 8.5.0 would be...

10CVSS7.1AI score0.01593EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2022/02/16 9:15 p.m.65 views

CVE-2022-25265

In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 e.g., with GCC 3.2.2 and Linux kernel 2.4.20. This can cause execution of bytes located in supposedly non-executable regions of a file...

7.8CVSS7AI score0.01054EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2022/02/16 5:15 p.m.65 views

CVE-2021-3648

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-3530. Reason: This candidate is a reservation duplicate of CVE-2021-3530. Notes: All CVE users should reference CVE-2021-3530 instead of this candidate. All references and descriptions in this candidate have been removed to...

7.2AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2022/01/28 12:0 a.m.65 views

CVE-2022-22942

The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer...

7.8CVSS6.8AI score0.02579EPSS
Exploits3References10
UbuntuCve
UbuntuCve
added 2021/12/07 10:15 p.m.65 views

CVE-2021-42717

ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large e.g., 300KB HTTP request can occupy one of the limited NGINX worke...

7.5CVSS7.1AI score0.03206EPSS
Exploits2References3
UbuntuCve
UbuntuCve
added 2021/12/03 8:15 p.m.65 views

CVE-2021-23562

This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file...

8.8CVSS7.2AI score0.00993EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2021/10/26 12:0 a.m.65 views

CVE-2021-3760

A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability...

7.8CVSS6.7AI score0.00354EPSS
Exploits0References11
UbuntuCve
UbuntuCve
added 2021/08/02 4:15 a.m.65 views

CVE-2021-35477

In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled...

5.5CVSS6.7AI score0.0046EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2021/06/15 10:15 p.m.65 views

CVE-2021-30551

Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS7.3AI score0.64701EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2021/05/20 1:15 p.m.65 views

CVE-2021-29659

ownCloud 10.7 has an incorrect access control vulnerability, leading to remote information disclosure. Due to a bug in the related API endpoint, the attacker can enumerate all users in a single request by entering three whitespaces. Secondary, the retrieval of all users on a large instance could...

6.5CVSS6.6AI score0.01327EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2021/04/20 5:34 p.m.65 views

CVE-2021-2163

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2...

5.3CVSS6.6AI score0.03566EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2021/03/20 8:15 p.m.65 views

CVE-2021-28950

An issue was discovered in fs/fuse/fusei.h in the Linux kernel before 5.11.8. A "stall on CPU" can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1...

5.5CVSS6.8AI score0.0036EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2021/01/14 3:15 p.m.65 views

CVE-2021-23926

The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0...

9.1CVSS6.8AI score0.06215EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2020/11/02 12:0 a.m.65 views

CVE-2020-28032

WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php...

9.8CVSS7.2AI score0.16119EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2019/11/04 4:15 p.m.65 views

CVE-2019-18683

An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during...

7CVSS6.8AI score0.00985EPSS
Exploits1References9
UbuntuCve
UbuntuCve
added 2019/01/09 5:29 a.m.65 views

CVE-2016-10735

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041...

6.1CVSS6.7AI score0.0404EPSS
Exploits1References7
UbuntuCve
UbuntuCve
added 2018/04/29 12:0 a.m.65 views

CVE-2018-10549

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exifreaddata in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exifiifaddvalue mishandles the case of a MakerNote that lacks a final '\0' character...

8.8CVSS7.2AI score0.07159EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2017/12/05 12:0 a.m.65 views

CVE-2017-8824

The dccpdisconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service use-after-free via an AFUNSPEC connect system call during the DCCPLISTEN state...

7.8CVSS6.8AI score0.01344EPSS
Exploits5References11
UbuntuCve
UbuntuCve
added 2014/02/28 12:0 a.m.65 views

CVE-2014-0069

The cifsiovecwrite function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service memory...

7.2CVSS6.5AI score0.00414EPSS
Exploits0References12
UbuntuCve
UbuntuCve
added 2012/05/11 10:15 a.m.65 views

CVE-2012-2329

Buffer overflow in the apacherequestheaders function in sapi/cgi/cgimain.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service application crash via a long string in the header of an HTTP request...

5CVSS5.9AI score0.62649EPSS
Exploits6References5
UbuntuCve
UbuntuCve
added 2010/12/09 12:0 a.m.65 views

CVE-2010-3770

Multiple cross-site scripting XSS vulnerabilities in the rendering engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allow remote attackers to inject arbitrary web script or HTML via 1 x-mac-arabic, 2 x-mac-farsi, or 3 x-mac-hebrew characters that may b...

4.3CVSS7.2AI score0.04451EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2008/05/13 5:20 p.m.65 views

CVE-2008-0166

OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys...

7.8CVSS6.9AI score0.70721EPSS
Exploits8References6
UbuntuCve
UbuntuCve
added 2007/08/28 1:17 a.m.65 views

CVE-2007-4559

Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267...

9.8CVSS6.9AI score0.27095EPSS
Exploits3References3
UbuntuCve
UbuntuCve
added 2024/09/19 5:15 p.m.64 views

CVE-2024-31570

libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffer overflow in the PluginXPM.cpp Load function via an XPM file...

9.8CVSS6AI score0.00605EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2023/11/01 5:15 p.m.64 views

CVE-2023-5178

A use-after-free vulnerability was found in drivers/nvme/target/tcp.c in nvmettcpfreecrypto due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead t...

8.8CVSS6.7AI score0.09141EPSS
Exploits2References22
UbuntuCve
UbuntuCve
added 2023/10/15 1:15 a.m.64 views

CVE-2023-45871

An issue was discovered in drivers/net/ethernet/intel/igb/igbmain.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU...

7.5CVSS6.9AI score0.00544EPSS
Exploits0References17
UbuntuCve
UbuntuCve
added 2023/10/03 5:0 p.m.64 views

CVE-2023-4911

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBCTUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBCTUNABLES environment variables when launching binaries with SUID permission to execute code...

7.8CVSS7.2AI score0.81422EPSS
Exploits28References4
Total number of security vulnerabilities5000