Lucene search
+L
UbuntucveMost viewed

71772 matches found

UbuntuCve
UbuntuCve
•added 2022/01/19 12:15 p.m.•62 views

CVE-2022-21305

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allow...

5.3CVSS6.5AI score0.02755EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2022/01/14 7:15 p.m.•62 views

CVE-2021-45762

GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function gfsgvrmlmfreset. This vulnerability allows attackers to cause a Denial of Service DoS...

5.5CVSS6.8AI score0.00718EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2021/11/15 9:15 p.m.•62 views

CVE-2021-42377

An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input...

9.8CVSS7.5AI score0.03379EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2021/11/02 11:15 p.m.•62 views

CVE-2021-43267

An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication TIPC functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSGCRYPTO message type...

9.8CVSS7AI score0.5758EPSS
Exploits2References9
UbuntuCve
UbuntuCve
•added 2021/09/19 6:15 p.m.•62 views

CVE-2021-40690

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any...

7.5CVSS6.8AI score0.1121EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2021/09/19 5:15 p.m.•62 views

CVE-2021-41073

looprwiter in fs/iouring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORINGOPPROVIDEBUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc//maps for exploitation...

7.8CVSS6.8AI score0.01719EPSS
Exploits2References7
UbuntuCve
UbuntuCve
•added 2021/06/10 7:15 a.m.•62 views

CVE-2020-35452

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make i...

7.3CVSS6.9AI score0.53191EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2021/05/11 6:0 p.m.•62 views

CVE-2020-24587

The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and...

2.6CVSS7AI score0.02592EPSS
Exploits2References9
UbuntuCve
UbuntuCve
•added 2020/08/14 2:15 p.m.•62 views

CVE-2020-12648

A cross-site scripting XSS vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode...

6.1CVSS6.4AI score0.01811EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2020/07/13 12:0 a.m.•62 views

CVE-2020-9802

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code...

8.8CVSS6.9AI score0.08207EPSS
Exploits2References2
UbuntuCve
UbuntuCve
•added 2020/01/14 6:0 p.m.•62 views

CVE-2019-14615

Insufficient control flow in certain data structures for some IntelR Processors with IntelR Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access...

5.5CVSS6.8AI score0.01447EPSS
Exploits0References14
UbuntuCve
UbuntuCve
•added 2019/07/08 4:0 p.m.•62 views

CVE-2019-13132

In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due...

9.8CVSS7.4AI score0.42464EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2019/07/05 12:0 a.m.•62 views

CVE-2019-10639

The Linux kernel 4.x starting from 4.1 and 5.x before 5.0.8 allows Information Exposure partial kernel address disclosure, leading to a KASLR bypass. Specifically, it is possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols e.g....

7.5CVSS6.8AI score0.03252EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2019/04/15 12:0 a.m.•62 views

CVE-2019-11236

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter...

6.1CVSS6.8AI score0.02056EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2018/05/31 8:29 p.m.•62 views

CVE-2016-10518

A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to allocate memory by sending a ping frame. The ping functionality by default responds with a pong frame and the previously given payload of the ping frame. This is exactly what you expect, but...

7.5CVSS7AI score0.02015EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2017/04/07 10:59 p.m.•62 views

CVE-2017-0561

A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote code execution in the context of the Wi-Fi SoC. Product: Android...

10CVSS8AI score0.30032EPSS
Exploits4References2
UbuntuCve
UbuntuCve
•added 2016/10/19 12:0 a.m.•62 views

CVE-2016-5195

Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write COW feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."...

7.2CVSS7AI score0.83524EPSS
Exploits82References12
UbuntuCve
UbuntuCve
•added 2016/04/12 12:0 a.m.•62 views

CVE-2015-5370

Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service application crash or CPU consumption, or possibly execute arbitrary code on a...

5.9CVSS7AI score0.19103EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2015/01/27 12:0 a.m.•62 views

CVE-2015-0231

Use-after-free vulnerability in the processnesteddata function in ext/standard/varunserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate...

7.5CVSS7.1AI score0.42593EPSS
Exploits5References2
UbuntuCve
UbuntuCve
•added 2009/04/22 12:0 a.m.•62 views

CVE-2009-1309

Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for 1 XMLHttpRequest, involving a mismatch for a document's principal, and 2 XPCNativeWrapper.toString, involving an incorrect proto scope, which allows remote attackers to conduct cross-site...

4.3CVSS7.2AI score0.01351EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2008/12/23 12:0 a.m.•62 views

CVE-2008-5557

Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilterhtmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion,...

10CVSS7.3AI score0.07371EPSS
Exploits2References3
UbuntuCve
UbuntuCve
•added 2003/12/31 5:0 a.m.•62 views

CVE-2003-1564

libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity references, aka the "billion laughs...

9.3CVSS6.8AI score0.01619EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2024/06/11 2:0 p.m.•61 views

CVE-2024-35235

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the...

6.7CVSS6.6AI score0.02421EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2024/06/06 7:15 p.m.•61 views

CVE-2024-23793

The file upload feature in OTRS and OTRS Community Edition has a path traversal vulnerability. This issue permits authenticated agents or customer users to upload potentially harmful files to directories accessible by the web server, potentially leading to the execution of local code like Perl...

6.3CVSS6.1AI score0.00776EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2024/03/13 4:15 p.m.•61 views

CVE-2024-24549

Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been...

7.5CVSS6.9AI score0.23072EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2024/02/20 9:15 p.m.•61 views

CVE-2023-52439

In the Linux kernel, the following vulnerability has been resolved: uio: Fix use-after-free in uioopen core-1 core-2 ------------------------------------------------------- uiounregisterdevice uioopen idev = idrfind deviceunregister&idev-dev putdevice&idev-dev uiodevicerelease getdevice&idev-dev...

7.8CVSS6.3AI score0.00299EPSS
Exploits0References22
UbuntuCve
UbuntuCve
•added 2023/12/21 8:15 p.m.•61 views

CVE-2023-6546

A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOCSETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsmdlci while restarting th...

7CVSS6.7AI score0.00767EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2023/11/03 8:15 a.m.•61 views

CVE-2023-46846

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems...

9.3CVSS6.9AI score0.05298EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2023/08/22 7:16 p.m.•61 views

CVE-2020-20813

Control Channel in OpenVPN 2.4.7 and earlier allows remote attackers to cause a denial of service via crafted reset packet...

7.5CVSS7.1AI score0.00687EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2023/04/26 2:15 p.m.•61 views

CVE-2023-1387

Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter authtoken and use it as the authentication token. By enabling the "urllogin" configuration option disabled by default, a...

7.5CVSS7.1AI score0.01504EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2023/04/24 3:15 p.m.•61 views

CVE-2023-2251

Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-5...

7.5CVSS7.1AI score0.01093EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2023/03/20 12:0 a.m.•61 views

CVE-2023-27533

A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform...

9.8CVSS7.1AI score0.01993EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2023/01/17 6:0 p.m.•61 views

CVE-2022-23521

Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a .gitattributes file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this...

9.8CVSS7.3AI score0.56334EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2022/11/28 10:15 p.m.•61 views

CVE-2022-4129

A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol L2TP. A missing lock when clearing skuserdata can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service...

5.5CVSS6.7AI score0.00172EPSS
Exploits0References14
UbuntuCve
UbuntuCve
•added 2022/11/23 6:15 p.m.•61 views

CVE-2009-1142

An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled...

6.7CVSS6.7AI score0.00265EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/11/07 12:0 a.m.•61 views

CVE-2022-42920

Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those...

9.8CVSS6.9AI score0.02836EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2022/11/01 10:15 p.m.•61 views

CVE-2022-3814

A vulnerability classified as problematic was found in Axiomatic Bento4. This vulnerability affects unknown code of the component mp4decrypt. The manipulation leads to memory leak. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier o...

6.5CVSS5.8AI score0.00771EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2022/10/26 7:15 p.m.•61 views

CVE-2022-3668

A vulnerability has been found in Axiomatic Bento4 and classified as problematic. This vulnerability affects the function AP4AtomFactory::CreateAtomFromStream of the component mp4edit. The manipulation leads to memory leak. The attack can be initiated remotely. The exploit has been disclosed to t...

5.5CVSS5.6AI score0.00653EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2022/10/18 9:15 p.m.•61 views

CVE-2022-39399

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerabilit...

3.7CVSS6.8AI score0.01473EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/09/01 9:15 p.m.•61 views

CVE-2022-2663

An issue was found in the Linux kernel in nfconntrackirc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nfconntrackirc configured...

5.3CVSS6.6AI score0.01429EPSS
Exploits1References27
UbuntuCve
UbuntuCve
•added 2022/08/31 6:15 a.m.•61 views

CVE-2022-39046

An issue was discovered in the GNU C Library glibc 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap...

7.5CVSS6.7AI score0.01567EPSS
Exploits3References2
UbuntuCve
UbuntuCve
•added 2022/07/08 11:42 a.m.•61 views

CVE-2022-24809

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only credentials can use a malformed OID in a GET-NEXT to the nsVacmAccessTable to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong...

6.5CVSS6.8AI score0.01105EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2022/06/27 12:0 a.m.•61 views

CVE-2022-32206

curl 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually...

6.5CVSS6.8AI score0.3197EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2022/06/09 12:0 a.m.•61 views

CVE-2022-28330

Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the modisapi module...

5.3CVSS6.8AI score0.03398EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/05/11 4:15 p.m.•61 views

CVE-2021-3611

A stack overflow vulnerability was found in the Intel HD Audio device intel-hda of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects...

6.5CVSS6.7AI score0.00489EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2022/03/16 3:15 p.m.•61 views

CVE-2021-20299

A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability...

7.5CVSS7AI score0.0174EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/03/07 12:0 a.m.•61 views

CVE-2022-0847

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copypagetoiterpipe and pushpipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cach...

7.8CVSS6.9AI score0.89063EPSS
Exploits100References7
UbuntuCve
UbuntuCve
•added 2022/02/18 5:15 a.m.•61 views

CVE-2022-25313

In Expat aka libexpat before 2.4.5, an attacker can trigger stack exhaustion in buildmodel via a large nesting depth in the DTD element...

6.5CVSS6.8AI score0.03268EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/01/26 2:15 p.m.•61 views

CVE-2021-22600

A double free bug in packetsetring in net/packet/afpacket.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755...

7.2CVSS7AI score0.05918EPSS
Exploits2References10
UbuntuCve
UbuntuCve
•added 2022/01/13 12:0 a.m.•61 views

CVE-2021-4122

It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such as a flash disk, could use this flaw to force a user into permanently disabling the encryption layer of that...

4.3CVSS7AI score0.0028EPSS
Exploits0References3
Total number of security vulnerabilities5000