Lucene search
+L
UbuntucveMost viewed

71772 matches found

UbuntuCve
UbuntuCve
•added 2022/05/08 11:15 a.m.•55 views

CVE-2022-1620

NULL Pointer Dereference in function vimregexecstring at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vimregexecstring at regexp.c:2729 allows attackers to cause a denial of service application crash via a crafted input...

7.5CVSS6.9AI score0.01518EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2022/04/18 5:15 p.m.•55 views

CVE-2021-42781

Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library...

5.3CVSS7AI score0.02805EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/04/14 9:15 p.m.•55 views

CVE-2022-22968

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the fiel...

5.3CVSS6.8AI score0.05666EPSS
Exploits2References2
UbuntuCve
UbuntuCve
•added 2022/04/04 8:15 p.m.•55 views

CVE-2022-1162

A hardcoded password was set for accounts registered using an OmniAuth provider e.g. OAuth, LDAP, SAML in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts...

9.8CVSS7.3AI score0.76177EPSS
Exploits3References3
UbuntuCve
UbuntuCve
•added 2022/03/28 7:15 p.m.•55 views

CVE-2022-0735

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user was able to steal runner registration tokens through an information disclosure...

10CVSS7.2AI score0.13227EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/03/21 8:36 a.m.•55 views

CVE-2022-23125

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsing the len element, the process does not properly validate...

9.8CVSS7.8AI score0.04354EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2022/03/18 6:15 p.m.•55 views

CVE-2022-22594

A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. A website may be able to track sensitive user information...

6.5CVSS6.8AI score0.00815EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/03/10 5:44 p.m.•55 views

CVE-2022-0433

A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the mapgetnextkey function of the BPF bloom filter. This flaw allows a local user to crash the system. This flaw affects Linux kernel versions prior to 5.17-rc1...

5.5CVSS6.7AI score0.00287EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/03/08 8:15 p.m.•55 views

CVE-2022-24716

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including icingaweb2 configuration files with database credentials. This issue has been resolv...

7.5CVSS7.1AI score0.89378EPSS
Exploits8References3
UbuntuCve
UbuntuCve
•added 2022/03/06 4:15 a.m.•55 views

CVE-2022-26490

st21nfcaconnectivityeventreceived in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVTTRANSACTION buffer overflows because of untrusted length parameters...

7.8CVSS7AI score0.00432EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2022/02/18 6:15 p.m.•55 views

CVE-2021-3930

An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in modesensepage if the 'page' argument was set to MODEPAGEALLS 0x3f. A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service conditio...

6.5CVSS6.8AI score0.00338EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/02/09 11:15 p.m.•55 views

CVE-2021-33155

Improper input validation in firmware for some IntelR Wireless BluetoothR and KillerTM BluetoothR products before version 22.100 may allow an authenticated user to potentially enable denial of service via adjacent access...

5.7CVSS6.1AI score0.00467EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2021/12/17 7:15 p.m.•55 views

CVE-2021-34141

An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless."...

5.3CVSS6.9AI score0.01561EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2021/11/08 12:0 a.m.•55 views

CVE-2021-41771

ImportedSymbols in debug/macho for Open or OpenFat in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation...

7.5CVSS6.8AI score0.04372EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2021/10/18 9:15 a.m.•55 views

CVE-2021-38562

Best Practical Request Tracker RT 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm...

7.5CVSS7.1AI score0.01707EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2021/08/26 12:0 a.m.•55 views

CVE-2021-3634

A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secrethash and the other sessionid. Initially, both of them are the same, but after key re-exchange, previous sessionid is kept...

6.5CVSS6.5AI score0.04683EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2021/06/22 12:0 a.m.•55 views

CVE-2021-3600

It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code...

7.8CVSS6.7AI score0.00282EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2021/06/18 12:0 a.m.•55 views

CVE-2021-3608

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMAREGDSRHIGH" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The...

6CVSS6.7AI score0.00363EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2021/06/10 11:15 p.m.•55 views

CVE-2021-26195

An issue was discovered in JerryScript 2.4.0. There is a heap-buffer-overflow in lexerparsenumber in js-lexer.c file...

8.8CVSS7.2AI score0.01124EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2021/05/25 10:15 p.m.•55 views

CVE-2021-33574

The mqnotify function in the GNU C Library aka glibc versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object passed through its struct sigevent parameter after it has been freed by the caller, leading to a denial of service application crash or possibly...

9.8CVSS6.8AI score0.02898EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2021/05/21 3:15 p.m.•55 views

CVE-2021-31440

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.11.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of...

8.8CVSS7.3AI score0.01754EPSS
Exploits1References8
UbuntuCve
UbuntuCve
•added 2021/05/11 6:0 p.m.•55 views

CVE-2020-26147

An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames...

5.4CVSS6.9AI score0.07604EPSS
Exploits0References11
UbuntuCve
UbuntuCve
•added 2021/03/29 2:15 p.m.•55 views

CVE-2021-23358

The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized...

7.2CVSS6.8AI score0.04087EPSS
Exploits2References4
UbuntuCve
UbuntuCve
•added 2021/03/17 1:15 p.m.•55 views

CVE-2021-27292

ua-parser-js = 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time...

7.5CVSS7.1AI score0.03366EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2021/02/05 2:15 p.m.•55 views

CVE-2021-26708

A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AFVSOCK implementation are caused by wrong locking in net/vmwvsock/afvsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support...

7CVSS6.8AI score0.01602EPSS
Exploits1References7
UbuntuCve
UbuntuCve
•added 2021/01/19 12:0 a.m.•55 views

CVE-2020-25681

A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overfl...

8.3CVSS6.8AI score0.81191EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2021/01/04 6:15 p.m.•55 views

CVE-2019-25013

The iconv feature in the GNU C Library aka glibc or libc6 through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read...

7.1CVSS7AI score0.03522EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2020/10/06 2:15 p.m.•55 views

CVE-2020-25643

A flaw was found in the HDLCPPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the pppcpparsecr function which can cause the system to crash or cause a denial of service. The highest threat from this...

7.5CVSS6.7AI score0.03292EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2020/09/25 12:0 a.m.•55 views

CVE-2020-14351

A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integri...

7.8CVSS6.7AI score0.00302EPSS
Exploits0References8
UbuntuCve
UbuntuCve
•added 2020/09/10 2:15 a.m.•55 views

CVE-2020-25220

The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140 has a use-after-free because skcd-norefcnt was not considered during a backport of a CVE-2020-14356 patch. This is related to the cgroups feature...

7.8CVSS6.8AI score0.00449EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2020/08/24 12:0 p.m.•55 views

CVE-2020-14364

An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setuplen' exceeds its 'databuf4096' in the dotokenin, dotokenout routines. This flaw allows a guest user to crash...

5CVSS7.2AI score0.05447EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2020/07/15 10:15 p.m.•55 views

CVE-2020-15780

An issue was discovered in drivers/acpi/acpiconfigfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30...

7.2CVSS6.8AI score0.01314EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2020/02/10 9:56 p.m.•55 views

CVE-2020-8840

FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter...

9.8CVSS7.1AI score0.26587EPSS
Exploits5References4
UbuntuCve
UbuntuCve
•added 2020/01/21 11:15 p.m.•55 views

CVE-2019-20388

xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak...

7.5CVSS6.8AI score0.04268EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2019/12/23 3:15 a.m.•55 views

CVE-2019-11045

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access...

5.9CVSS6.8AI score0.08818EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2019/12/04 5:16 p.m.•55 views

CVE-2019-11930

An invalid free in mbdetectorder can cause the application to crash or potentially result in remote code execution. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, an...

9.8CVSS7.4AI score0.03248EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2019/11/12 8:15 p.m.•55 views

CVE-2010-3438

libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\rQUIT" to the 'privmsg' handler, which would cause the client to disconnect from the server...

9.8CVSS7.5AI score0.01652EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2019/10/16 6:15 p.m.•55 views

CVE-2019-2974

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

6.5CVSS6.8AI score0.03726EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2019/10/01 2:15 p.m.•55 views

CVE-2019-17055

basesockcreate in drivers/isdn/mISDN/socket.c in the AFISDN network module in the Linux kernel through 5.3.2 does not enforce CAPNETRAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21...

3.3CVSS6.7AI score0.00542EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2019/09/23 3:15 p.m.•55 views

CVE-2019-12404

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to InfoContent.jsp, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim...

6.1CVSS6.4AI score0.02913EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2019/08/13 12:0 a.m.•55 views

CVE-2019-9506

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks aka "KNOB" that can decrypt traffic and inject arbitrary...

8.1CVSS7AI score0.02691EPSS
Exploits2References7
UbuntuCve
UbuntuCve
•added 2019/01/10 12:0 a.m.•55 views

CVE-2018-20685

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side...

5.3CVSS7AI score0.03681EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2018/05/11 8:29 p.m.•55 views

CVE-2018-1258

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted...

8.8CVSS6.8AI score0.02396EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2018/04/18 7:29 p.m.•55 views

CVE-2018-1000161

nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it. This attack appears to be exploitable via a victim that runs NSE script http-fetch against...

5.7CVSS6.1AI score0.01045EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2018/02/19 12:0 a.m.•55 views

CVE-2015-9253

An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions e.g., passthru, exec, shellexec, or system with a non-blocking STDIN stream, causing this...

6.8CVSS7.1AI score0.04255EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2017/10/19 12:0 a.m.•55 views

CVE-2017-10295

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker...

4.3CVSS6.7AI score0.02199EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2017/10/16 12:0 a.m.•55 views

CVE-2017-13077

Wi-Fi Protected Access WPA and WPA2 allows reinstallation of the Pairwise Transient Key PTK Temporal Key TK during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames...

6.8CVSS7AI score0.02388EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2017/09/25 9:29 p.m.•55 views

CVE-2015-5327

Out-of-bounds memory read in the x509decodetime function in x509certparser.c in Linux kernels 4.3-rc1 and after...

6.5CVSS6.8AI score0.01631EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2017/08/18 5:29 p.m.•55 views

CVE-2015-7945

The RESTful control interface aka RAPI or ganeti-rapi in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2 allows remote attackers to obtain the DRBD secret via instance information job resul...

7.5CVSS7.1AI score0.09356EPSS
Exploits4References6
UbuntuCve
UbuntuCve
•added 2017/07/25 12:0 a.m.•55 views

CVE-2017-7541

The brcmfcfg80211mgmttx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.12.3 allows local users to cause a denial of service buffer overflow and system crash or possibly gain privileges via a crafted NL80211CMDFRAME Netlink packet...

7.8CVSS6.8AI score0.00547EPSS
Exploits0References14
Total number of security vulnerabilities5000