Lucene search
+L
UbuntucveMost viewed

71772 matches found

UbuntuCve
UbuntuCve
added 2019/02/20 12:29 a.m.59 views

CVE-2019-7164

SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the orderby parameter...

9.8CVSS7.2AI score0.03525EPSS
Exploits2References1
UbuntuCve
UbuntuCve
added 2018/06/18 12:0 a.m.59 views

CVE-2018-1333

By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 Affected 2.4.18-2.4.30,2.4.33...

7.5CVSS6.8AI score0.17103EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2018/05/16 12:0 a.m.59 views

CVE-2018-8014

The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their...

9.8CVSS7AI score0.21979EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2018/05/08 5:0 p.m.59 views

CVE-2018-8897

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual SDM was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for DB exceptions that are deferred by MOV SS or POP SS, as demonstrated ...

7.8CVSS6.8AI score0.18842EPSS
Exploits9References6
UbuntuCve
UbuntuCve
added 2018/01/17 12:0 a.m.59 views

CVE-2018-2603

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacke...

5.3CVSS6.7AI score0.06905EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2017/12/06 12:0 a.m.59 views

CVE-2017-17449

The netlinkdelivertapskb function in net/netlink/afnetlink.c in the Linux kernel through 4.14.4, when CONFIGNLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAPNETADMIN...

4.7CVSS6.8AI score0.00436EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2017/10/16 12:0 a.m.59 views

CVE-2017-13080

Wi-Fi Protected Access WPA and WPA2 allows reinstallation of the Group Temporal Key GTK during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients...

5.3CVSS7AI score0.02285EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2017/08/10 10:29 p.m.59 views

CVE-2016-6817

The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible...

7.5CVSS7.1AI score0.0719EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2017/08/10 12:0 a.m.59 views

CVE-2017-7546

PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password...

9.8CVSS6.9AI score0.61566EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2017/05/04 2:29 p.m.59 views

CVE-2017-8295

WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to...

5.9CVSS6.5AI score0.26699EPSS
Exploits7References3
UbuntuCve
UbuntuCve
added 2017/04/05 12:0 a.m.59 views

CVE-2017-2671

The pingunhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service panic by leveraging access to the protocol value of...

5.5CVSS6.8AI score0.01463EPSS
Exploits2References10
UbuntuCve
UbuntuCve
added 2017/01/19 12:0 a.m.59 views

CVE-2017-3272

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

9.6CVSS7.2AI score0.03022EPSS
Exploits1References7
UbuntuCve
UbuntuCve
added 2016/12/31 12:0 a.m.59 views

CVE-2016-5547

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network...

5.3CVSS6.8AI score0.03533EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2014/09/28 12:0 a.m.59 views

CVE-2014-3184

The reportfixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service out-of-bounds write via a crafted device that provides a small report descriptor, related to 1 drivers/hid/hid-cherry.c, 2 drivers/hid/hid-kye.c...

4.7CVSS6.8AI score0.00397EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2014/05/11 12:0 a.m.59 views

CVE-2014-3145

The BPFSANCNLATTRNEST extension implementation in the skrunfilter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service over-read and system crash via crafted BPF instructions. NOTE:...

4.9CVSS6.7AI score0.00649EPSS
Exploits1References15
UbuntuCve
UbuntuCve
added 2013/04/09 8:55 p.m.59 views

CVE-2013-0285

The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x before 1.0.3 for Ruby does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption involving...

7.5CVSS6AI score0.02312EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2013/02/28 12:0 a.m.59 views

CVE-2013-0343

The ipv6createtempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.8 does not properly handle problems with the generation of IPv6 temporary addresses, which allows remote attackers to cause a denial of service excessive retries and address-generation outage, and consequently...

3.2CVSS7.2AI score0.0181EPSS
Exploits0References17
UbuntuCve
UbuntuCve
added 2013/01/10 12:0 a.m.59 views

CVE-2013-0422

Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by 1 using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using t...

10CVSS7.6AI score0.97612EPSS
Exploits38References14
UbuntuCve
UbuntuCve
added 2012/07/20 12:0 a.m.59 views

CVE-2012-2688

Unspecified vulnerability in the phpstreamscandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an "overflow."...

10CVSS7.2AI score0.10467EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2011/03/19 12:0 a.m.59 views

CVE-2011-0708

exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service application crash via an image with a crafted Image File Directory IFD that triggers a buffer over-read...

4.3CVSS7.4AI score0.09826EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2011/03/02 12:0 a.m.59 views

CVE-2011-0762

The vsffilenamepassesfilter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service CPU consumption and process slot exhaustion via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632...

4CVSS6.7AI score0.73946EPSS
Exploits9References2
UbuntuCve
UbuntuCve
added 2011/01/03 12:0 a.m.59 views

CVE-2010-3875

The ax25getname function in net/ax25/afax25.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure...

2.1CVSS5.9AI score0.00392EPSS
Exploits0References12
UbuntuCve
UbuntuCve
added 2010/10/13 12:0 a.m.59 views

CVE-2010-3704

The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code v...

6.8CVSS6.8AI score0.03597EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2010/09/10 7:0 p.m.59 views

CVE-2010-1807

WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted HTML document, related...

9.3CVSS6AI score0.61319EPSS
Exploits13References2
UbuntuCve
UbuntuCve
added 2009/08/13 12:0 a.m.59 views

CVE-2009-2692

The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in protoops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on...

7.8CVSS7AI score0.14633EPSS
Exploits18References2
UbuntuCve
UbuntuCve
added 2009/06/09 5:30 p.m.59 views

CVE-2009-0791

Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7, GPdf, and kdegraphics KPDF, allow remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted PDF file that trigger...

6.8CVSS6.3AI score0.05544EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2006/04/20 10:2 a.m.59 views

CVE-2006-1896

Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 $themefontcolor3 variable and/or signature values, possibly involving the highlight functionality. NOTE: the original report does not clari...

6CVSS6.3AI score0.01278EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/02/20 5:15 p.m.58 views

CVE-2025-26311

Multiple memory leaks have been identified in the clip actions parsing functions parseSWFCLIPACTIONS and parseSWFCLIPACTIONRECORD in util/parser.c of libming v0.4.8, which allow attackers to cause a denial of service via a crafted SWF file...

6.5CVSS5.8AI score0.00361EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2024/11/18 12:0 a.m.58 views

CVE-2023-39180

A flaw was found within the handling of SMB2READ commands in the kernel ksmbd module. The issue results from not releasing memory after its effective lifetime. An attacker can leverage this to create a denial-of-service condition on affected installations of Linux. Authentication is not required ...

7.5CVSS5.8AI score0.01381EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2024/07/04 12:0 a.m.58 views

CVE-2024-39884

A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example,...

6.2CVSS6.7AI score0.00889EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/05/22 12:0 a.m.58 views

CVE-2024-5160

Heap buffer overflow in Dawn in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.4AI score0.00612EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2024/04/28 12:15 p.m.58 views

CVE-2024-26927

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Add some bounds checking to firmware data Smatch complains about "head-fullsize - head-headersize" can underflow. To some extent, we're always going to have to trust the firmware a bit. However, it's easy enough to add...

8.4CVSS6.4AI score0.00293EPSS
Exploits0References12
UbuntuCve
UbuntuCve
added 2024/03/21 11:15 p.m.58 views

CVE-2024-28863

node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few...

6.5CVSS6.6AI score0.00929EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2024/01/25 8:15 p.m.58 views

CVE-2023-52355

An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64 API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB...

7.5CVSS6.8AI score0.01725EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2024/01/11 7:15 p.m.58 views

CVE-2023-51782

An issue was discovered in the Linux kernel before 6.6.8. roseioctl in net/rose/afrose.c has a use-after-free because of a roseaccept race condition...

7CVSS6.7AI score0.00305EPSS
Exploits0References20
UbuntuCve
UbuntuCve
added 2023/12/04 9:15 a.m.58 views

CVE-2023-6481

A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data...

7.5CVSS6.9AI score0.00682EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2023/09/12 12:0 a.m.58 views

CVE-2023-36796

Visual Studio Remote Code Execution Vulnerability...

7.8CVSS7.2AI score0.01441EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2023/07/10 4:15 p.m.58 views

CVE-2023-1183

A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker...

5.5CVSS6.3AI score0.64635EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2023/06/05 4:15 p.m.58 views

CVE-2023-33733

Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file...

7.8CVSS7.2AI score0.02123EPSS
Exploits6References4
UbuntuCve
UbuntuCve
added 2023/06/02 5:15 p.m.58 views

CVE-2023-28159

The fullscreen notification could have been hidden on Firefox for Android by using download popups, resulting in potential user confusion or spoofing attacks. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 111...

4.3CVSS6.7AI score0.00348EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2023/05/17 6:0 a.m.58 views

CVE-2023-28321

An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS...

5.9CVSS6.8AI score0.0181EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2023/05/15 6:15 a.m.58 views

CVE-2023-32784

In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file pagefile.sys, hibernation file hiberfil.sys, or RAM dump of the entire system. The...

7.5CVSS7.2AI score0.04397EPSS
Exploits5References3
UbuntuCve
UbuntuCve
added 2023/05/08 12:0 a.m.58 views

CVE-2023-1999

There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to tria...

7.5CVSS6.8AI score0.00952EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2023/01/20 7:15 p.m.58 views

CVE-2022-47015

MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spiderdbmbase::printwarnings to dereference a null pointer...

6.5CVSS6.8AI score0.01486EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2022/12/13 3:15 p.m.58 views

CVE-2022-45685

A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service DoS via crafted JSON data...

7.5CVSS7.1AI score0.01395EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2022/10/25 5:15 p.m.58 views

CVE-2022-42890

A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16...

7.5CVSS7.1AI score0.0232EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2022/10/14 4:15 p.m.58 views

CVE-2022-37603

A Regular expression denial of service ReDoS flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js...

7.5CVSS6.8AI score0.02029EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2022/10/14 12:15 a.m.58 views

CVE-2022-42720

Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers able to inject WLAN frames to trigger use-after-free conditions to potentially execute code...

7.8CVSS6.8AI score0.00798EPSS
Exploits1References11
UbuntuCve
UbuntuCve
added 2022/10/03 2:15 p.m.58 views

CVE-2022-41430

Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4BitReader::ReadBit function in mp4mux...

8.8CVSS7.2AI score0.00718EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2022/10/02 5:15 a.m.58 views

CVE-2022-42003

In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAPSINGLEVALUEARRAYS feature is enabled...

7.5CVSS6.8AI score0.02706EPSS
Exploits2References5
Total number of security vulnerabilities5000