Lucene search
+L
UbuntucveMost viewed

71772 matches found

UbuntuCve
UbuntuCve
•added 2024/02/05 3:15 p.m.•55 views

CVE-2023-52138

Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution RCE on the target. While handling CPIO archives, the Engrampa Archive manager follows symlink, cpio by defau...

9.6CVSS7.2AI score0.01652EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2024/01/30 3:15 p.m.•55 views

CVE-2024-0564

A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging KSM, added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page...

6.5CVSS6.8AI score0.00623EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2024/01/09 6:15 p.m.•55 views

CVE-2024-0340

A vulnerability was found in vhostnewmsg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhostnewmsg function. This issue can allow local privileged users to read...

5.5CVSS6.7AI score0.00236EPSS
Exploits0References16
UbuntuCve
UbuntuCve
•added 2023/12/27 9:15 p.m.•55 views

CVE-2023-51074

json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse method...

5.3CVSS6.8AI score0.0067EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2023/12/19 8:15 p.m.•55 views

CVE-2023-43826

Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be...

8.8CVSS7AI score0.0089EPSS
Exploits2References3
UbuntuCve
UbuntuCve
•added 2023/12/06 7:0 a.m.•55 views

CVE-2023-46219

When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use...

5.3CVSS6.8AI score0.01133EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2023/11/09 9:15 a.m.•55 views

CVE-2023-4218

In Eclipse IDE versions 2023-09 4.29 some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file for example for review a foreign repository or patch...

5CVSS6.6AI score0.00386EPSS
Exploits1References12
UbuntuCve
UbuntuCve
•added 2023/09/25 4:15 p.m.•55 views

CVE-2023-5156

A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash...

7.5CVSS6.7AI score0.01338EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2023/08/03 12:0 a.m.•55 views

CVE-2023-4015

A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. On an error when building a nftables rule, deactivating immediate expressions in nftimmediatedeactivate can lead unbinding the chain and objects be deactivate...

7.8CVSS6.7AI score0.00285EPSS
Exploits0References14
UbuntuCve
UbuntuCve
•added 2023/06/29 12:0 a.m.•55 views

CVE-2023-3428

A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service...

6.2CVSS6.8AI score0.00314EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2023/06/09 11:15 a.m.•55 views

CVE-2023-32731

When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this...

7.5CVSS6.8AI score0.00502EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2023/05/18 8:15 p.m.•55 views

CVE-2023-31655

redis v7.0.10 was discovered to contain a segmentation violation. This vulnerability allows attackers to cause a Denial of Service DoS via unspecified vectors...

7.5CVSS6.3AI score0.01028EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2023/05/18 12:0 a.m.•55 views

CVE-2023-33204

sysstat through 12.7.2 allows a multiplication integer overflow in checkoverflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377...

7.8CVSS7.1AI score0.00327EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2023/05/10 3:15 p.m.•55 views

CVE-2023-31907

Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via the component scannerliteraliscreated at /jerry-core/parser/js/js-scanner-util.c...

7.8CVSS7.1AI score0.00328EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2023/03/29 12:0 a.m.•55 views

CVE-2023-0614

The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC...

7.7CVSS6.7AI score0.00567EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2023/03/29 12:0 a.m.•55 views

CVE-2023-24593

Rejected reason: Rejected by upstream...

7.2AI score
Exploits0References4
UbuntuCve
UbuntuCve
•added 2023/03/03 11:15 p.m.•55 views

CVE-2023-1170

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376...

7.3CVSS6.8AI score0.00483EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2023/02/28 6:15 p.m.•55 views

CVE-2022-41724

Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session...

7.5CVSS6.8AI score0.01111EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2023/02/15 12:0 a.m.•55 views

CVE-2023-25588

A flaw was found in Binutils. The field thebfd of asymbolstruct is uninitialized in the bfdmachogetsyntheticsymtab function, which may lead to an application crash and local denial of service...

5.5CVSS6.2AI score0.00375EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2023/02/14 12:0 a.m.•55 views

CVE-2023-21808

.NET and Visual Studio Remote Code Execution Vulnerability...

7.8CVSS7.2AI score0.01148EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2023/01/11 12:0 a.m.•55 views

CVE-2022-46176

Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle MITM attacks. This vulnerability has been assigned...

5.9CVSS6.1AI score0.00649EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/12/30 11:15 p.m.•55 views

CVE-2022-34676

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read may lead to denial of service, information disclosure, or data tampering...

7.8CVSS7AI score0.0026EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/12/22 8:15 p.m.•55 views

CVE-2022-29910

When closed or sent to the background, Firefox for Android would not properly record and persist HSTS settings.Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 100...

6.1CVSS6.8AI score0.00354EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2022/12/18 5:15 a.m.•55 views

CVE-2022-47516

An issue was discovered in the libsofia-sip fork in drachtio-server before 0.8.20. It allows remote attackers to cause a denial of service daemon crash via a crafted UDP message that leads to a failure of the libsofia-sip-ua/tport/tport.c self assertion...

7.5CVSS7.1AI score0.01647EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2022/11/08 10:15 p.m.•55 views

CVE-2022-3821

An off-by-one Error issue was discovered in Systemd in formattimespan function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in formattimespan, leading to a Denial of Service...

5.5CVSS7AI score0.00412EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2022/11/01 8:15 p.m.•55 views

CVE-2022-3315

Type confusion in Blink in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Low...

8.8CVSS7.2AI score0.00616EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2022/11/01 12:0 a.m.•55 views

CVE-2022-3786

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate...

7.5CVSS7.5AI score0.92488EPSS
Exploits2References3
UbuntuCve
UbuntuCve
•added 2022/10/14 12:15 a.m.•55 views

CVE-2022-42720

Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers able to inject WLAN frames to trigger use-after-free conditions to potentially execute code...

7.8CVSS6.8AI score0.00798EPSS
Exploits1References11
UbuntuCve
UbuntuCve
•added 2022/10/11 8:15 p.m.•55 views

CVE-2022-20409

In ioidentitycow of iouring.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

6.7CVSS6.5AI score0.00563EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/09/28 11:15 p.m.•55 views

CVE-2022-31628

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop...

5.5CVSS6.8AI score0.00591EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2022/09/21 8:15 a.m.•55 views

CVE-2022-41222

mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move...

7CVSS6.8AI score0.0045EPSS
Exploits1References9
UbuntuCve
UbuntuCve
•added 2022/09/20 7:15 a.m.•55 views

CVE-2022-39956

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and...

9.8CVSS7.1AI score0.00952EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/08/24 8:15 p.m.•55 views

CVE-2022-32893

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have...

8.8CVSS7.4AI score0.09785EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2022/08/01 1:15 p.m.•55 views

CVE-2022-26308

Pandora FMS v7.0NG.760 and below allows an improper access control in Configuration Credential store where a user with the role of Operator Write could create, delete, view existing keys which are outside the intended role...

5.4CVSS6.1AI score0.00344EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/07/15 8:15 p.m.•55 views

CVE-2022-25869

All versions of the package angular; all versions of the package angularjs.core; all versions of the package angularjs are vulnerable to Cross-site Scripting XSS due to insecure page caching in the Internet Explorer browser, which allows interpolation of elements...

6.1CVSS6.8AI score0.06817EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2022/06/23 11:15 a.m.•55 views

CVE-2022-34305

In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability...

6.1CVSS6.9AI score0.06156EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2022/05/12 5:15 p.m.•55 views

CVE-2022-21151

Processor optimization removal or modification of security-critical code for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access...

5.5CVSS6.5AI score0.00347EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2022/05/08 11:15 a.m.•55 views

CVE-2022-1620

NULL Pointer Dereference in function vimregexecstring at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vimregexecstring at regexp.c:2729 allows attackers to cause a denial of service application crash via a crafted input...

7.5CVSS6.9AI score0.01518EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2022/05/05 5:15 p.m.•55 views

CVE-2022-29500

SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure...

9CVSS7.2AI score0.02102EPSS
Exploits0References8
UbuntuCve
UbuntuCve
•added 2022/04/18 5:15 p.m.•55 views

CVE-2021-42781

Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library...

5.3CVSS7AI score0.02805EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/04/14 9:15 p.m.•55 views

CVE-2022-22968

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the fiel...

5.3CVSS6.8AI score0.05666EPSS
Exploits2References2
UbuntuCve
UbuntuCve
•added 2022/04/04 8:15 p.m.•55 views

CVE-2022-1162

A hardcoded password was set for accounts registered using an OmniAuth provider e.g. OAuth, LDAP, SAML in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts...

9.8CVSS7.3AI score0.76177EPSS
Exploits3References3
UbuntuCve
UbuntuCve
•added 2022/03/28 7:15 p.m.•55 views

CVE-2022-0735

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user was able to steal runner registration tokens through an information disclosure...

10CVSS7.2AI score0.13227EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/03/21 8:36 a.m.•55 views

CVE-2022-23125

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsing the len element, the process does not properly validate...

9.8CVSS7.8AI score0.04354EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2022/03/18 6:15 p.m.•55 views

CVE-2022-22594

A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. A website may be able to track sensitive user information...

6.5CVSS6.8AI score0.00815EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/03/10 5:44 p.m.•55 views

CVE-2022-0433

A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the mapgetnextkey function of the BPF bloom filter. This flaw allows a local user to crash the system. This flaw affects Linux kernel versions prior to 5.17-rc1...

5.5CVSS6.7AI score0.00287EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/03/10 12:0 a.m.•55 views

CVE-2022-23040

Linux PV device frontends vulnerable to attacks by backends This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Several Linux PV device frontends are using the grant table interfaces for removing access rights of the...

7CVSS6.5AI score0.00359EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2022/03/08 8:15 p.m.•55 views

CVE-2022-24716

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including icingaweb2 configuration files with database credentials. This issue has been resolv...

7.5CVSS7.1AI score0.89378EPSS
Exploits8References3
UbuntuCve
UbuntuCve
•added 2022/03/06 4:15 a.m.•55 views

CVE-2022-26490

st21nfcaconnectivityeventreceived in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVTTRANSACTION buffer overflows because of untrusted length parameters...

7.8CVSS7AI score0.00432EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2022/02/18 6:15 p.m.•55 views

CVE-2021-3930

An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in modesensepage if the 'page' argument was set to MODEPAGEALLS 0x3f. A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service conditio...

6.5CVSS6.8AI score0.00338EPSS
Exploits0References3
Total number of security vulnerabilities5000