Lucene search
+L
UbuntucveMost viewed

71772 matches found

ubuntucve
ubuntucve
•added 2023/11/01 12:0 a.m.•56 views

CVE-2023-46930

GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gfisomfindodidfortrack /afltest/gpac/src/isomedia/mediaodf.c:522:14...

5.5CVSS6.1AI score0.00206EPSS
Exploits0References3
ubuntucve
ubuntucve
•added 2023/10/03 12:0 a.m.•56 views

CVE-2023-4732

A flaw was found in pfnswapentrytopage in memory management subsystem in the Linux Kernel. In this flaw, an attacker with a local user privilege may cause a denial of service problem due to a BUG statement referencing pmdt x...

4.7CVSS6.6AI score0.00179EPSS
Exploits0References2
ubuntucve
ubuntucve
•added 2023/09/08 12:15 p.m.•56 views

CVE-2023-4807

Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X8664 processors supporting the AVX512-IFMA instructions. Impact summary: If in an application that uses...

7.8CVSS6.9AI score0.00862EPSS
Exploits0References7
ubuntucve
ubuntucve
•added 2023/06/30 10:15 p.m.•56 views

CVE-2023-1206

A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6...

5.7CVSS6.6AI score0.00553EPSS
Exploits0References17
ubuntucve
ubuntucve
•added 2023/03/15 9:15 p.m.•56 views

CVE-2023-28450

An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020...

7.5CVSS7.1AI score0.01345EPSS
Exploits0References7
ubuntucve
ubuntucve
•added 2023/02/15 12:0 a.m.•56 views

CVE-2023-23916

An allocation of resources without limits or throttling vulnerability exists in curl v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this...

6.5CVSS6.8AI score0.01703EPSS
Exploits1References3
ubuntucve
ubuntucve
•added 2023/01/23 4:15 p.m.•56 views

CVE-2022-38725

An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected...

7.5CVSS7.2AI score0.02383EPSS
Exploits0References3
ubuntucve
ubuntucve
•added 2023/01/11 12:0 a.m.•56 views

CVE-2023-0210

A bug affects the Linux kernel’s ksmbd NTLMv2 authentication and is known to crash the OS immediately in Linux-based systems...

7.5CVSS6.7AI score0.71737EPSS
Exploits1References10
ubuntucve
ubuntucve
•added 2022/12/26 6:15 a.m.•56 views

CVE-2021-38561

golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack...

7.5CVSS7.1AI score0.01356EPSS
Exploits0References2
ubuntucve
ubuntucve
•added 2022/12/12 6:15 p.m.•56 views

CVE-2022-41881

Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except...

7.5CVSS6.8AI score0.01466EPSS
Exploits1References3
ubuntucve
ubuntucve
•added 2022/11/16 12:0 a.m.•56 views

CVE-2022-45411

Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitigate this attack, browsers placed limits on fetch and XMLHttpReques...

6.1CVSS6.9AI score0.00575EPSS
Exploits0References6
ubuntucve
ubuntucve
•added 2022/09/26 12:0 a.m.•56 views

CVE-2022-21797

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...

9.8CVSS6.8AI score0.01975EPSS
Exploits1References5
ubuntucve
ubuntucve
•added 2022/09/19 10:15 p.m.•56 views

CVE-2022-35063

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41a8...

6.5CVSS6.8AI score0.00767EPSS
Exploits1References3
ubuntucve
ubuntucve
•added 2022/09/15 12:15 a.m.•56 views

CVE-2018-25047

In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smartyfunctionmailto, and that could be parameterized using GET or POST input parameters, could allow injection of JavaScript code by a user...

5.4CVSS6.1AI score0.00857EPSS
Exploits1References8
ubuntucve
ubuntucve
•added 2022/09/13 2:15 p.m.•56 views

CVE-2022-2990

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able t...

7.1CVSS7AI score0.00331EPSS
Exploits1References5
ubuntucve
ubuntucve
•added 2022/09/13 2:15 p.m.•56 views

CVE-2022-2989

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to...

7.1CVSS6.9AI score0.00307EPSS
Exploits1References4
ubuntucve
ubuntucve
•added 2022/09/01 9:15 p.m.•56 views

CVE-2022-32743

Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it...

7.5CVSS6.9AI score0.01147EPSS
Exploits1References1
ubuntucve
ubuntucve
•added 2022/08/31 12:0 a.m.•56 views

CVE-2022-35252

When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings...

3.7CVSS6.8AI score0.01839EPSS
Exploits1References4
ubuntucve
ubuntucve
•added 2022/08/24 4:15 p.m.•56 views

CVE-2021-4041

A flaw was found in ansible-runner. An improper escaping of the shell command, while calling the ansiblerunner.interface.runcommand, can lead to parameters getting executed as host's shell command. A developer could unintentionally write code that gets executed in the host rather than the virtual...

7.8CVSS7.1AI score0.0031EPSS
Exploits0References2
ubuntucve
ubuntucve
•added 2022/08/18 12:0 a.m.•56 views

CVE-2022-6083

freeciv modpack installer buffer overflow...

6AI score
Exploits0References2
ubuntucve
ubuntucve
•added 2022/08/10 8:15 p.m.•56 views

CVE-2022-32189

A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service...

7.5CVSS6.8AI score0.0199EPSS
Exploits1References5
ubuntucve
ubuntucve
•added 2022/07/27 12:0 a.m.•56 views

CVE-2022-32744

A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover...

8.8CVSS6.7AI score0.00956EPSS
Exploits0References3
ubuntucve
ubuntucve
•added 2022/05/19 3:15 p.m.•56 views

CVE-2022-22978

In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with . in the regular expression are possibly vulnerable to an...

9.8CVSS6.8AI score0.10689EPSS
Exploits6References2
ubuntucve
ubuntucve
•added 2022/04/12 5:15 p.m.•56 views

CVE-2021-39802

In changepterange of mprotect.c , there is a possible way to make a shared mmap writable due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

7.8CVSS7.3AI score0.00145EPSS
Exploits0References3
ubuntucve
ubuntucve
•added 2022/04/04 5:15 p.m.•56 views

CVE-2022-24785

Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm server users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This...

7.5CVSS6.8AI score0.05664EPSS
Exploits0References3
ubuntucve
ubuntucve
•added 2022/03/16 5:15 p.m.•56 views

CVE-2022-24729

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the dialog plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a brows...

7.5CVSS6.8AI score0.02448EPSS
Exploits0References2
ubuntucve
ubuntucve
•added 2022/03/03 3:15 p.m.•56 views

CVE-2022-22706

Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. This affects Midgard r26p0 through r31p0, Bifrost r0p0 through r35p0, and Valhall r19p0 through r35p0...

7.8CVSS7.3AI score0.01226EPSS
Exploits0References4
ubuntucve
ubuntucve
•added 2022/03/02 11:15 p.m.•56 views

CVE-2021-4076

A flaw exists in tang, a network-based cryptographic binding server, which could result in leak of private keys...

7.5CVSS7.1AI score0.0154EPSS
Exploits0References2
ubuntucve
ubuntucve
•added 2022/03/02 12:0 a.m.•56 views

CVE-2022-23648

containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to...

7.5CVSS6.7AI score0.27392EPSS
Exploits4References5
ubuntucve
ubuntucve
•added 2022/02/21 8:15 p.m.•56 views

CVE-2022-0696

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428...

6.2CVSS6.8AI score0.01525EPSS
Exploits1References6
ubuntucve
ubuntucve
•added 2022/02/18 6:15 p.m.•56 views

CVE-2021-3947

A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvmechangednslist where a malicious guest controlling certain input can read out of bounds memory. A malicious user could use this flaw leading to disclosure of sensitive information...

5.5CVSS6.8AI score0.00317EPSS
Exploits1References2
ubuntucve
ubuntucve
•added 2022/02/11 6:15 a.m.•56 views

CVE-2022-24959

An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yamsiocdevprivate in drivers/net/hamradio/yam.c...

5.5CVSS6.8AI score0.00428EPSS
Exploits0References8
ubuntucve
ubuntucve
•added 2022/01/01 5:15 a.m.•56 views

CVE-2021-41817

Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS regular expression Denial of Service via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1...

7.5CVSS6.8AI score0.03222EPSS
Exploits1References6
ubuntucve
ubuntucve
•added 2021/11/15 9:15 p.m.•56 views

CVE-2021-42376

A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input...

5.5CVSS6.9AI score0.00399EPSS
Exploits0References2
ubuntucve
ubuntucve
•added 2021/11/10 6:15 p.m.•56 views

CVE-2021-3572

A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1...

5.7CVSS6.8AI score0.01687EPSS
Exploits2References6
ubuntucve
ubuntucve
•added 2021/09/07 7:15 p.m.•56 views

CVE-2021-35949

The shareinfo controller in the ownCloud Server before 10.8.0 allows an attacker to bypass the permission checks for upload only shares and list metadata about the share...

5.3CVSS6.1AI score0.00909EPSS
Exploits0References3
ubuntucve
ubuntucve
•added 2021/09/03 2:15 p.m.•56 views

CVE-2021-39191

modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9.4, the 3rd-party init SSO functionality of modauthopenidc was reported to ...

6.1CVSS6.7AI score0.0175EPSS
Exploits1References5
ubuntucve
ubuntucve
•added 2021/04/06 7:15 p.m.•56 views

CVE-2021-28688

The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in...

6.5CVSS6.8AI score0.00332EPSS
Exploits0References8
ubuntucve
ubuntucve
•added 2021/04/01 3:15 p.m.•56 views

CVE-2021-28163

In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that...

4CVSS6.8AI score0.0418EPSS
Exploits1References2
ubuntucve
ubuntucve
•added 2021/03/22 9:15 a.m.•56 views

CVE-2021-28964

A race condition was discovered in getoldroot in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service BUG because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc...

4.7CVSS6.9AI score0.00267EPSS
Exploits0References8
ubuntucve
ubuntucve
•added 2021/02/17 12:0 a.m.•56 views

CVE-2020-8625

BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the...

8.1CVSS7AI score0.64161EPSS
Exploits0References4
ubuntucve
ubuntucve
•added 2021/02/15 12:0 a.m.•56 views

CVE-2020-13558

A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free...

8.8CVSS7.6AI score0.01792EPSS
Exploits1References3
ubuntucve
ubuntucve
•added 2021/02/05 12:0 a.m.•56 views

CVE-2021-20227

A flaw was found in SQLite's SELECT query functionality src/select.c. This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerabilit...

5.5CVSS6.8AI score0.00496EPSS
Exploits0References2
ubuntucve
ubuntucve
•added 2021/01/05 5:15 a.m.•56 views

CVE-2020-36158

mwifiexcmd80211adhocstart in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332...

8.8CVSS7.2AI score0.02209EPSS
Exploits0References11
ubuntucve
ubuntucve
•added 2020/09/24 11:15 p.m.•56 views

CVE-2020-13991

vm/opcodes.c in JerryScript 2.2.0 allows attackers to hijack the flow of control by controlling a register...

7.5CVSS7.1AI score0.02425EPSS
Exploits1References6
ubuntucve
ubuntucve
•added 2020/09/09 7:15 p.m.•56 views

CVE-2020-24916

CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection...

10CVSS7.2AI score0.17374EPSS
Exploits3References4
ubuntucve
ubuntucve
•added 2020/05/28 3:15 p.m.•56 views

CVE-2020-13649

parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during certain out-of-memory conditions, as demonstrated by a scannerreverseinfolist NULL pointer dereference and a scannerscanall assertion failure...

7.5CVSS7.1AI score0.02125EPSS
Exploits0References4
ubuntucve
ubuntucve
•added 2020/05/04 3:15 p.m.•56 views

CVE-2020-12641

rcubeimage.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for imconvertpath or imidentifypath...

9.8CVSS7.5AI score0.84456EPSS
Exploits1References7
ubuntucve
ubuntucve
•added 2020/03/24 10:15 p.m.•56 views

CVE-2020-10942

In the Linux kernel before 5.5.8, getrawsocket in drivers/vhost/net.c lacks validation of an skfamily field, which might allow attackers to trigger kernel stack corruption via crafted system calls...

5.4CVSS6.7AI score0.00962EPSS
Exploits1References8
ubuntucve
ubuntucve
•added 2019/11/12 8:15 p.m.•56 views

CVE-2010-3439

It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command...

6.5CVSS6.6AI score0.01794EPSS
Exploits1References1
Total number of security vulnerabilities5000