Lucene search
+L
UbuntucveMost viewed

71772 matches found

UbuntuCve
UbuntuCve
•added 2016/09/25 10:59 a.m.•58 views

CVE-2016-4694

The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...

9.1CVSS7.3AI score0.01345EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2016/05/22 1:59 a.m.•58 views

CVE-2015-8879

The odbcbindcols function in ext/odbc/phpodbc.c in PHP before 5.6.12 mishandles driver behavior for SQLWVARCHAR columns, which allows remote attackers to cause a denial of service application crash in opportunistic circumstances by leveraging use of the odbcfetcharray function to access a certain...

7.5CVSS7.2AI score0.03419EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2014/08/18 11:15 a.m.•58 views

CVE-2014-5266

The Incutio XML-RPC IXR Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service CPU consumption via a large document, a different vulnerability...

5CVSS5.9AI score0.24385EPSS
Exploits3References7
UbuntuCve
UbuntuCve
•added 2014/05/11 12:0 a.m.•58 views

CVE-2014-1737

The rawcmdcopyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device...

7.2CVSS6.4AI score0.00489EPSS
Exploits0References11
UbuntuCve
UbuntuCve
•added 2014/04/15 12:0 a.m.•58 views

CVE-2014-2423

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458...

7.5CVSS7.1AI score0.04976EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2013/11/26 12:0 a.m.•58 views

CVE-2013-6378

The lbsdebugfswrite function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service OOPS by leveraging root privileges for a zero-length write operation...

4.4CVSS6.8AI score0.00375EPSS
Exploits0References17
UbuntuCve
UbuntuCve
•added 2012/05/11 12:0 a.m.•58 views

CVE-2012-2336

sapi/cgi/cgimain.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to cause a denial of service resource consumption by placing command-line options...

5CVSS7.3AI score0.50723EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2012/04/18 10:33 a.m.•58 views

CVE-2012-0883

envvars aka envvars-std in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl...

6.9CVSS7.4AI score0.00946EPSS
Exploits4References1
UbuntuCve
UbuntuCve
•added 2011/03/02 12:0 a.m.•58 views

CVE-2011-1072

The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the 1 downloaddir, 2 cachedir, 3 tmpdir, and 4 pear-build-download directories, a different vulnerability than CVE-2007-2519...

3.3CVSS5.9AI score0.00492EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2010/04/01 9:30 p.m.•58 views

CVE-2010-1224

main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation "/0" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow...

4.3CVSS5.9AI score0.03547EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2009/09/02 5:30 p.m.•58 views

CVE-2009-0201

Heap-based buffer overflow in OpenOffice.org OOo before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to "table parsing."...

9.3CVSS6.2AI score0.06722EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2009/04/27 10:30 p.m.•58 views

CVE-2009-1190

Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit JDK before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to...

5CVSS7.2AI score0.02796EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2008/09/18 3:4 p.m.•58 views

CVE-2008-4109

A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service connection sl...

5CVSS7.3AI score0.28601EPSS
Exploits6References2
UbuntuCve
UbuntuCve
•added 2008/04/10 7:5 p.m.•58 views

CVE-2008-1722

Multiple integer overflows in 1 filter/image-png.c and 2 filter/image-zoom.c in CUPS 1.3 allow attackers to cause a denial of service crash and trigger memory corruption, as demonstrated via a crafted PNG image...

4.3CVSS6.8AI score0.02EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2007/06/14 11:30 p.m.•58 views

CVE-2007-2449

Multiple cross-site scripting XSS vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via...

4.3CVSS6AI score0.77376EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2007/03/16 10:19 p.m.•58 views

CVE-2007-0450

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules modproxy, modrewrite, modjk, allows remote attackers to read arbitrary files via a .. dot dot sequence with combinations of 1 "/" slash, 2 "" backslash, and...

5CVSS6AI score0.90768EPSS
Exploits2References1
UbuntuCve
UbuntuCve
•added 2006/07/18 3:40 p.m.•58 views

CVE-2006-2450

auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, a different issue than CVE-2006-2369...

7.5CVSS7.3AI score0.04283EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2005/01/10 5:0 a.m.•58 views

CVE-2004-1019

The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow"...

10CVSS7AI score0.07996EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2024/05/23 7:15 a.m.•57 views

CVE-2024-4835

A XSS condition exists within GitLab in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this condition, an attacker can craft a malicious page to exfiltrate sensitive user information...

8.2CVSS5.9AI score0.00802EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2024/05/14 3:12 p.m.•57 views

CVE-2024-27397

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: use timestamp to check for set element timeout Add a timestamp field at the beginning of the transaction, store it in the nftables per-netns area. Update set backend .insert, .deactivate and sync gc path to u...

7CVSS6.4AI score0.00257EPSS
Exploits0References13
UbuntuCve
UbuntuCve
•added 2024/05/03 4:15 p.m.•57 views

CVE-2024-34447

An issue was discovered in the Bouncy Castle Crypto Package For Java before BC TLS Java 1.0.19 ships with BC Java 1.78, BC Java LTS 2.73.6 and before BC FIPS TLS Java 1.0.19. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname as happens...

7.5CVSS6.8AI score0.0077EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2024/04/28 1:15 p.m.•57 views

CVE-2022-48642

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix percpu memory leak at nftablesaddchain It seems to me that percpu memory for chain stats started leaking since commit 3bc158f8d0330f0a "netfilter: nftables: map basechain priority to hardware priority" wh...

5.5CVSS6.2AI score0.00232EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2024/04/25 5:15 p.m.•57 views

CVE-2024-28241

The GLPI Agent is a generic management agent. Prior to version 1.7.2, a local user can modify GLPI-Agent code or used DLLs to modify agent logic and even gain higher privileges. Users should upgrade to GLPI-Agent 1.7.2 to receive a patch. As a workaround, use the default installation folder which...

7.8CVSS7.1AI score0.00217EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2024/04/23 12:0 a.m.•57 views

CVE-2024-3651

A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This...

7.5CVSS6.7AI score0.01386EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2024/03/22 12:0 a.m.•57 views

CVE-2024-29944

An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox 124.0.1 and...

8.4CVSS7.4AI score0.047EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2024/03/18 11:15 a.m.•57 views

CVE-2024-26634

In the Linux kernel, the following vulnerability has been resolved: net: fix removing a namespace with conflicting altnames Mark reports a BUG when a net namespace is removed. kernel BUG at net/core/dev.c:11520! Physical interfaces moved outside of initnet get "refunded" to initnet when that...

5.5CVSS6.3AI score0.00227EPSS
Exploits0References14
UbuntuCve
UbuntuCve
•added 2024/02/21 5:15 p.m.•57 views

CVE-2024-26130

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if pkcs12.serializekeyandcertificates is called with both a certificate whose public key did not match the provided private key and an...

7.5CVSS6.7AI score0.00831EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2024/02/05 9:15 p.m.•57 views

CVE-2023-50782

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...

7.5CVSS6.7AI score0.01118EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2024/01/31 10:15 p.m.•57 views

CVE-2024-23651

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessibl...

8.7CVSS6.9AI score0.00791EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2024/01/31 12:0 a.m.•57 views

CVE-2023-6246

A heap-based buffer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name the basename of...

8.4CVSS7.1AI score0.04794EPSS
Exploits7References3
UbuntuCve
UbuntuCve
•added 2024/01/29 12:0 a.m.•57 views

CVE-2023-52340

The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c maxsize threshold that can be consumed easily, e.g., leading to a denial of service network is unreachable errors when IPv6 packets are sent in a loop via a raw socket...

7.5CVSS6.6AI score0.0094EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2024/01/23 12:0 a.m.•57 views

CVE-2023-40551

A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase...

5.1CVSS6.9AI score0.00394EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2024/01/02 12:0 a.m.•57 views

CVE-2023-26159

Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse function. When new URL throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect...

7.3CVSS6.8AI score0.00797EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2023/12/22 4:15 p.m.•57 views

CVE-2023-42465

Sudo before 1.9.15 might allow row hammer attacks for authentication bypass or privilege escalation because application logic sometimes is based on not equaling an error value instead of equaling a success value, and because the values do not resist flips of a single bit...

7CVSS6.8AI score0.00541EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2023/12/18 10:15 a.m.•57 views

CVE-2023-32728

The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution...

9.8CVSS6.8AI score0.00753EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2023/12/13 9:15 p.m.•57 views

CVE-2023-50246

jq is a command-line JSON processor. Version 1.7 is vulnerable to heap-based buffer overflow. Version 1.7.1 contains a patch for this issue...

6.2CVSS6.9AI score0.00514EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2023/11/16 3:15 p.m.•57 views

CVE-2023-6121

An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer...

4.3CVSS6.8AI score0.01657EPSS
Exploits0References23
UbuntuCve
UbuntuCve
•added 2023/10/25 9:15 p.m.•57 views

CVE-2023-46137

Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, th...

5.3CVSS6.4AI score0.00766EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2023/10/17 10:15 p.m.•57 views

CVE-2023-22114

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4.9CVSS6.6AI score0.00983EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2023/09/18 5:15 p.m.•57 views

CVE-2023-4527

A flaw was found in glibc. When the getaddrinfo function is called with the AFUNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data...

6.5CVSS6.6AI score0.01508EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2023/09/08 12:15 p.m.•57 views

CVE-2023-4807

Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X8664 processors supporting the AVX512-IFMA instructions. Impact summary: If in an application that uses...

7.8CVSS6.9AI score0.00862EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2023/07/24 4:15 p.m.•57 views

CVE-2023-3640

A possible unauthorized memory access flaw was found in the Linux kernel's cpuentryarea mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implement...

7.8CVSS6.7AI score0.00761EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2023/05/11 4:15 p.m.•57 views

CVE-2023-29400

Templates containing actions in unquoted HTML attributes e.g. "attr=." executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags...

7.3CVSS6.8AI score0.01037EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2023/05/03 12:16 p.m.•57 views

CVE-2022-40318

An issue was discovered in bgpd in FRRouting FRR through 8.4. By crafting a BGP OPEN message with an option of type 0xff Extended Length from RFC 9072, attackers may cause a denial of service assertion failure and daemon restart, or out-of-bounds read. This is possible because of inconsistent...

6.5CVSS6.8AI score0.01983EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2023/04/17 10:15 p.m.•57 views

CVE-2023-29197

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many...

7.5CVSS7AI score0.01216EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2023/03/17 7:15 a.m.•57 views

CVE-2023-1452

A vulnerability was found in GPAC 2.3-DEV-rev35-gbbca86917-master. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file filters/loadtext.c. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit...

7.8CVSS6.2AI score0.00404EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2023/03/16 9:15 p.m.•57 views

CVE-2023-1390

A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipclinkxmit hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in the CPU utilization...

7.5CVSS6.7AI score0.05095EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2023/02/17 12:0 a.m.•57 views

CVE-2023-20032

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code...

9.8CVSS7.7AI score0.29314EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2023/02/14 10:0 a.m.•57 views

CVE-2023-22490

Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort loca...

5.5CVSS6.6AI score0.0071EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/12/26 6:15 a.m.•57 views

CVE-2021-38561

golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack...

7.5CVSS7.1AI score0.01356EPSS
Exploits0References2
Total number of security vulnerabilities5000