Lucene search
+L
UbuntucveMost viewed

71772 matches found

UbuntuCve
UbuntuCve
•added 2022/09/30 12:0 a.m.•63 views

CVE-2022-41845

An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4Array::EnsureCapacity in Core/Ap4Array.h...

5.5CVSS6.1AI score0.00341EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2022/06/05 10:15 p.m.•63 views

CVE-2022-32296

The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 "Double-Hash Port Selection Algorithm" of RFC 6056...

3.3CVSS6.8AI score0.00426EPSS
Exploits1References20
UbuntuCve
UbuntuCve
•added 2022/06/02 2:15 p.m.•63 views

CVE-2022-1786

A use-after-free flaw was found in the Linux kernel’s iouring subsystem in the way a user sets up a ring with IORINGSETUPIOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privileges on the system...

7.8CVSS6.7AI score0.01002EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/05/01 4:15 p.m.•63 views

CVE-2022-25844

The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of NUMBERFORMATS.PATTERNS1.posPre with a very high value. Note: 1 This package has been deprecated an...

7.5CVSS6.7AI score0.04927EPSS
Exploits1References7
UbuntuCve
UbuntuCve
•added 2022/02/09 11:15 p.m.•63 views

CVE-2021-0164

Improper access control in firmware for IntelR PROSet/Wireless Wi-Fi in multiple operating systems and KillerTM Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable escalation of privilege via local access...

7.8CVSS6.7AI score0.00302EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/02/09 11:15 p.m.•63 views

CVE-2021-0168

Improper input validation in firmware for some IntelR PROSet/Wireless Wi-Fi in multiple operating systems and some KillerTM Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable escalation of privilege via local access...

6.7CVSS6.5AI score0.00311EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2021/11/02 9:15 p.m.•63 views

CVE-2021-37978

Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS7.4AI score0.00991EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2021/06/10 7:15 a.m.•63 views

CVE-2021-26690

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by modsession can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service...

7.5CVSS7.1AI score0.65067EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2021/05/11 6:0 p.m.•63 views

CVE-2020-24586

The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require that received fragments be cleared from memory after reconnecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using...

3.5CVSS6.9AI score0.05765EPSS
Exploits2References9
UbuntuCve
UbuntuCve
•added 2021/05/11 6:0 p.m.•63 views

CVE-2020-26146

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device sends fragmented...

5.3CVSS7AI score0.05622EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2021/05/04 1:30 p.m.•63 views

CVE-2020-28008

Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory owned by a non-root user, an attacker can write to a /var/spool/exim4/input spool header file, in which a crafted recipient address can indirectly lead to command execution...

7.8CVSS7.1AI score0.00404EPSS
Exploits3References3
UbuntuCve
UbuntuCve
•added 2021/03/18 10:0 p.m.•63 views

CVE-2020-27170

An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This...

4.7CVSS7AI score0.00565EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2021/03/11 1:15 a.m.•63 views

CVE-2020-1899

The unserialize function supported a type code, "S", which was meant to be supported only for APC serialization. This type code allowed arbitrary memory addresses to be accessed as if they were static StringData objects. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56....

7.5CVSS7.1AI score0.01218EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2021/03/03 12:0 a.m.•63 views

CVE-2021-0448

Unknown description...

5.8AI score
Exploits0References2
UbuntuCve
UbuntuCve
•added 2020/02/19 1:15 p.m.•63 views

CVE-2016-1000005

mcryptgetblocksize did not enforce that the provided "module" parameter was a string, leading to type confusion if other types of data were passed in. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 inclusive, and all versions between 3.13.0 and 3.14.1...

9.8CVSS7.2AI score0.01392EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2019/11/12 6:0 p.m.•63 views

CVE-2019-11135

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access...

6.5CVSS7AI score0.03133EPSS
Exploits0References14
UbuntuCve
UbuntuCve
•added 2019/08/14 12:0 a.m.•63 views

CVE-2019-10098

In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL...

6.1CVSS6.7AI score0.73981EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2017/11/21 2:29 p.m.•63 views

CVE-2017-5712

Buffer overflow in Active Management Technology AMT in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to execute arbitrary code with AMT execution privilege...

9CVSS7.5AI score0.04407EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2014/10/16 12:55 a.m.•63 views

CVE-2014-3704

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys...

7.5CVSS7AI score0.99974EPSS
Exploits20References4
UbuntuCve
UbuntuCve
•added 2014/09/24 12:0 a.m.•63 views

CVE-2014-6271

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and modcg...

10CVSS7.5AI score0.99999EPSS
Exploits132References3
UbuntuCve
UbuntuCve
•added 2013/02/01 12:0 a.m.•63 views

CVE-2013-0440

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous...

5CVSS6.9AI score0.05532EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2012/10/26 12:0 a.m.•63 views

CVE-2012-4196

Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats...

6.4CVSS7.2AI score0.03287EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2011/03/29 12:0 a.m.•63 views

CVE-2011-1176

The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileg...

4.3CVSS7.1AI score0.02721EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2009/01/07 7:30 p.m.•63 views

CVE-2009-0065

Buffer overflow in net/sctp/smstatefuns.c in the Stream Control Transmission Protocol sctp implementation in the Linux kernel before 2.6.28-git8 allows remote attackers to have an unknown impact via an FWD-TSN aka FORWARD-TSN chunk with a large stream ID...

10CVSS6AI score0.1673EPSS
Exploits5References4
UbuntuCve
UbuntuCve
•added 2024/12/05 10:15 p.m.•62 views

CVE-2021-0937

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

5.7AI score
Exploits0References3
UbuntuCve
UbuntuCve
•added 2024/05/17 10:15 a.m.•62 views

CVE-2024-22120

Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection...

9.1CVSS7.4AI score0.76618EPSS
Exploits5References2
UbuntuCve
UbuntuCve
•added 2024/04/26 12:15 a.m.•62 views

CVE-2024-33663

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...

6.5CVSS6.8AI score0.00307EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2024/03/10 12:0 a.m.•62 views

CVE-2024-28757

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers created via XMLExternalEntityParserCreate...

7.5CVSS6.7AI score0.02006EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2024/02/22 12:0 a.m.•62 views

CVE-2024-26592

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix UAF issue in ksmbdtcpnewconnection The race is between the handling of a new TCP connection and its disconnection. It leads to UAF on struct tcptransport in ksmbdtcpnewconnection function...

7.8CVSS6.4AI score0.00828EPSS
Exploits0References19
UbuntuCve
UbuntuCve
•added 2024/02/16 10:15 p.m.•62 views

CVE-2023-45918

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

6.8AI score
Exploits0References2
UbuntuCve
UbuntuCve
•added 2024/01/17 4:15 p.m.•62 views

CVE-2024-0646

An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system...

7.8CVSS6.8AI score0.00308EPSS
Exploits0References16
UbuntuCve
UbuntuCve
•added 2023/10/17 8:15 a.m.•62 views

CVE-2023-4399

Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, Request security is a deny list that allows admins to configure Grafana in a way so that the instance doesn’t call specific hosts. However, the restriction can be bypassed used punycode encoding of the...

7.2CVSS7.1AI score0.01082EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2023/10/11 12:0 a.m.•62 views

CVE-2023-34324

Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt in an unprivileged guest. The closing of an event channel is e.g. triggered by remova...

4.9CVSS6.6AI score0.00888EPSS
Exploits0References13
UbuntuCve
UbuntuCve
•added 2023/10/05 9:15 p.m.•62 views

CVE-2023-39323

Line directives "//line" can be used to bypass the restrictions on "//go:cgo" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of...

8.1CVSS7AI score0.01762EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2023/08/22 7:16 p.m.•62 views

CVE-2021-30047

VSFTPD 3.0.3 allows attackers to cause a denial of service due to limited number of connections allowed...

7.5CVSS7.1AI score0.03073EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2023/06/20 3:15 p.m.•62 views

CVE-2020-20703

Buffer Overflow vulnerability in VIM v.8.1.2135 allows a remote attacker to execute arbitrary code via the operand parameter...

9.8CVSS7AI score0.01514EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2023/02/27 8:15 p.m.•62 views

CVE-2022-32891

The issue was addressed with improved UI handling. This issue is fixed in Safari 16, tvOS 16, watchOS 9, iOS 16. Visiting a website that frames malicious content may lead to UI spoofing...

6.1CVSS6.8AI score0.00705EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2023/02/16 7:15 a.m.•62 views

CVE-2023-0568

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value,...

8.1CVSS6.9AI score0.01242EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2023/01/05 8:15 a.m.•62 views

CVE-2019-25096

A vulnerability has been found in soerennb eXtplorer up to 2.1.12 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.1.13 is able to address this...

6.1CVSS4AI score0.00616EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/12/15 7:15 p.m.•62 views

CVE-2022-42863

A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution...

8.8CVSS7.4AI score0.01119EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2022/09/26 4:15 p.m.•62 views

CVE-2022-3199

Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.2AI score0.01908EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2022/08/26 4:15 p.m.•62 views

CVE-2021-3669

A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS...

5.5CVSS6.7AI score0.00281EPSS
Exploits0References17
UbuntuCve
UbuntuCve
•added 2022/07/27 12:0 a.m.•62 views

CVE-2022-36320

Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 103...

9.8CVSS7.2AI score0.00656EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/04/03 9:15 p.m.•62 views

CVE-2022-28391

BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors...

8.8CVSS7.3AI score0.03492EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2022/03/25 7:15 p.m.•62 views

CVE-2022-0995

An out-of-bounds OOB memory write flaw was found in the Linux kernel’s watchqueue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system...

7.8CVSS6.7AI score0.06197EPSS
Exploits10References11
UbuntuCve
UbuntuCve
•added 2022/03/23 8:15 p.m.•62 views

CVE-2021-4156

An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file via tricking a user to open or otherwise to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most...

7.1CVSS7AI score0.01754EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2022/03/02 11:15 p.m.•62 views

CVE-2021-3654

A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL...

6.1CVSS6.8AI score0.26792EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2022/02/18 5:15 a.m.•62 views

CVE-2022-25315

In Expat aka libexpat before 2.4.5, there is an integer overflow in storeRawNames...

9.8CVSS6.9AI score0.04781EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2022/02/09 11:15 p.m.•62 views

CVE-2021-0176

Improper input validation in firmware for some IntelR PROSet/Wireless Wi-Fi in multiple operating systems and some KillerTM Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable denial of service via local access...

4.4CVSS5.9AI score0.00266EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/02/09 11:15 p.m.•62 views

CVE-2021-33114

Improper input validation for some IntelR PROSet/Wireless WiFi in multiple operating systems and KillerTM WiFi in Windows 10 and 11 may allow an authenticated user to potentially enable denial of service via adjacent access...

5.7CVSS6.2AI score0.00495EPSS
Exploits0References2
Total number of security vulnerabilities5000