Lucene search
+L
UbuntucveMost viewed

71772 matches found

UbuntuCve
UbuntuCve
added 2017/07/11 12:0 a.m.55 views

CVE-2017-11176

The mqnotify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service use-after-free or possibly have unspecified other impact...

7.8CVSS6.8AI score0.03631EPSS
Exploits8References11
UbuntuCve
UbuntuCve
added 2017/06/13 4:29 p.m.55 views

CVE-2015-3220

The tlslite library before 0.4.9 for Python allows remote attackers to trigger a denial of service runtime exception and process crash...

7.5CVSS7.1AI score0.03204EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2017/05/14 12:0 a.m.55 views

CVE-2017-7487

The ipxitfioctl function in net/ipx/afipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service use-after-free or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface...

7.8CVSS6.8AI score0.00395EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2017/01/15 2:59 a.m.55 views

CVE-2017-5492

Cross-site request forgery CSRF vulnerability in the widget-editing accessibility-mode feature in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims for requests that perform a widgets-access action, related to wp-admin/includes/class-wp-screen.php...

8.8CVSS7.2AI score0.01862EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2017/01/04 12:0 a.m.55 views

CVE-2016-10010

sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c...

7CVSS7.1AI score0.0424EPSS
Exploits2References4
UbuntuCve
UbuntuCve
added 2016/12/30 12:0 a.m.55 views

CVE-2016-10088

The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNELDS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service use-after-free by leveraging access to a...

7CVSS6.8AI score0.00372EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2016/07/18 12:0 a.m.55 views

CVE-2016-6210

sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provid...

5.9CVSS6.9AI score0.88944EPSS
Exploits12References3
UbuntuCve
UbuntuCve
added 2016/06/24 12:0 a.m.55 views

CVE-2016-4997

The compat IPTSOSETREPLACE and IP6TSOSETREPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service memory corruption by leveraging in-container root access to provide a crafted offset value that...

7.8CVSS6.8AI score0.05676EPSS
Exploits10References14
UbuntuCve
UbuntuCve
added 2016/05/30 12:0 a.m.55 views

CVE-2016-5114

sapi/fpm/fpm/fpmlog.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information from process memory or cause a denial of service out-of-bounds read and buffer overflow via a long...

9.1CVSS7.3AI score0.04489EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2015/07/31 12:0 a.m.55 views

CVE-2015-5621

The snmppduparse function in snmpapi.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmpvariablelist item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted packet...

7.5CVSS7.3AI score0.40002EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2015/07/08 3:59 p.m.55 views

CVE-2015-1796

The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java OpenSAML-J before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a...

4.3CVSS7.1AI score0.01256EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2014/11/10 12:0 a.m.55 views

CVE-2014-3687

The sctpassoclookupasconfack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service panic via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter...

7.8CVSS6.8AI score0.08579EPSS
Exploits1References9
UbuntuCve
UbuntuCve
added 2014/11/10 12:0 a.m.55 views

CVE-2014-3690

arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service system disruption by...

5.5CVSS6.8AI score0.00515EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2014/11/10 12:0 a.m.55 views

CVE-2014-3645

arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.12 does not have an exit handler for the INVEPT instruction, which allows guest OS users to cause a denial of service guest OS crash via a crafted application. A local unprivileged guest user could use this flaw to crash the gue...

2.1CVSS7.1AI score0.00409EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2014/10/15 12:0 a.m.55 views

CVE-2014-3567

Memory leak in the tlsdecryptticket function in t1lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service memory consumption via a crafted session ticket that triggers an integrity-check failure...

7.1CVSS6.8AI score0.23598EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2014/10/14 12:0 a.m.55 views

CVE-2014-3566

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue...

4.3CVSS6.7AI score0.99999EPSS
Exploits7References9
UbuntuCve
UbuntuCve
added 2014/08/31 12:0 a.m.55 views

CVE-2014-5471

Stack consumption vulnerability in the parserockridgeinodeinternal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service uncontrolled recursion, and system crash or reboot via a crafted iso9660 image with a CL entry referring to a directory...

4CVSS6.8AI score0.00505EPSS
Exploits1References9
UbuntuCve
UbuntuCve
added 2014/06/05 12:0 p.m.55 views

CVE-2014-0195

The dtls1reassemblefragment function in d1both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service buffer overflow a...

6.8CVSS7.3AI score0.99977EPSS
Exploits4References3
UbuntuCve
UbuntuCve
added 2013/10/17 12:55 a.m.55 views

CVE-2013-4389

Multiple format string vulnerabilities in logsubscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message...

4.3CVSS7.2AI score0.03135EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2013/06/18 12:0 a.m.55 views

CVE-2013-2465

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2...

10CVSS7.1AI score0.98704EPSS
Exploits10References7
UbuntuCve
UbuntuCve
added 2013/04/09 12:0 a.m.55 views

CVE-2013-1929

Heap-based buffer overflow in the tg3readvpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6 allows physically proximate attackers to cause a denial of service system crash or possibly execute arbitrary code via crafted firmware that specifies a long string in the...

4.4CVSS7.3AI score0.00717EPSS
Exploits1References8
UbuntuCve
UbuntuCve
added 2012/08/07 9:55 p.m.55 views

CVE-2012-0213

The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service OutOfMemoryError exception and possibly JVM destabilization via a crafted length value in a Channel Definition Format CDF or Compound Fi...

5CVSS6.4AI score0.07503EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2010/11/09 9:0 p.m.55 views

CVE-2010-4221

Multiple stack-based buffer overflows in the prnetiotelnetgets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a 1 FTP or 2 FTPS server...

10CVSS7.6AI score0.91303EPSS
Exploits10References1
UbuntuCve
UbuntuCve
added 2010/01/07 6:30 p.m.55 views

CVE-2009-4589

Cross-site scripting XSS vulnerability in the Special:Block implementation in the getContribsLink function in SpecialBlockip.php in MediaWiki 1.14.0 and 1.15.0 allows remote attackers to inject arbitrary web script or HTML via the ip parameter...

4.3CVSS6AI score0.01356EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2009/08/06 12:0 a.m.55 views

CVE-2009-2625

XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service infinite loop and application hang via malformed XML input, as...

5CVSS6.8AI score0.3038EPSS
Exploits2References6
UbuntuCve
UbuntuCve
added 2009/01/13 5:0 p.m.55 views

CVE-2009-0024

The sysremapfilepages function in mm/fremap.c in the Linux kernel before 2.6.24.1 allows local users to cause a denial of service or gain privileges via unspecified vectors, related to the vmfile structure member, and the mmapregion and domunmap functions...

7.2CVSS5.9AI score0.00351EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2008/09/24 12:0 a.m.55 views

CVE-2008-4068

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imposed on local HTML files," and obtain sensitive information and prompt users to write this...

7.8CVSS5.9AI score0.04166EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2008/05/16 12:54 p.m.55 views

CVE-2008-2136

Memory leak in the ipip6rcv function in net/ipv6/sit.c in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3 allows remote attackers to cause a denial of service memory consumption via network traffic to a Simple Internet Transition SIT tunnel interface, related to the pskbmaypull and...

7.8CVSS7.1AI score0.04934EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2008/04/09 9:5 p.m.55 views

CVE-2007-6019

Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly...

9.3CVSS6.2AI score0.5977EPSS
Exploits3References1
UbuntuCve
UbuntuCve
added 2006/07/21 2:3 p.m.55 views

CVE-2006-3469

Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service crash via a format string instead of a date as the first parameter to the dateformat function, which is later used in a formatted pri...

4CVSS6AI score0.26815EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2005/07/05 4:0 a.m.55 views

CVE-2005-1921

Eval injection vulnerability in PEAR XMLRPC 1.3.0 and earlier aka XML-RPC or xmlrpc and PHPXMLRPC aka XML-RPC For PHP or php-xmlrpc 1.1 and earlier, as used in products such as 1 WordPress, 2 Serendipity, 3 Drupal, 4 egroupware, 5 MailWatch, 6 TikiWiki, 7 phpWebSite, 8 Ampache, and others, allows...

7.5CVSS6.2AI score0.79071EPSS
Exploits5References2
UbuntuCve
UbuntuCve
added 2024/05/14 3:21 p.m.54 views

CVE-2024-30172

An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key...

7.5CVSS6.9AI score0.00753EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2024/05/01 6:15 a.m.54 views

CVE-2024-27018

In the Linux kernel, the following vulnerability has been resolved: netfilter: brnetfilter: skip conntrack input hook for promisc packets For historical reasons, when bridge device is in promisc mode, packets that are directed to the taps follow bridge input hook path. This patch adds a workaroun...

7.8CVSS6.4AI score0.00234EPSS
Exploits0References18
UbuntuCve
UbuntuCve
added 2024/04/28 1:15 p.m.54 views

CVE-2022-48654

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkosf: fix possible bogus match in nfosffind nfosffind incorrectly returns true on mismatch, this leads to copying uninitialized memory area in nftosf which can be used to leak stale kernel stack data to userspa...

5.5CVSS6.1AI score0.00238EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2024/02/22 12:0 a.m.54 views

CVE-2023-52451

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/memhp: Fix access beyond end of drmem array dlparmemoryremovebyindex may access beyond the bounds of the drmem lmb array when the LMB lookup fails to match an entry with the given DRC index. When the search fails,...

7.8CVSS6.3AI score0.00246EPSS
Exploits0References25
UbuntuCve
UbuntuCve
added 2024/02/22 12:0 a.m.54 views

CVE-2024-26586

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumacltcam: Fix stack corruption When tc filters are first added to a net device, the corresponding local port gets bound to an ACL group in the device. The group contains a list of ACLs. In turn, each ACL points to a...

6.7CVSS6.3AI score0.00247EPSS
Exploits0References21
UbuntuCve
UbuntuCve
added 2024/01/12 12:0 a.m.54 views

CVE-2023-6040

An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 netfilter: nftables: Reject tables of unsupported family; While creating a new netfilter table, lack of a safeguard against invalid nftables family pf values within nftablesnewtable function enables ...

7.8CVSS6.7AI score0.00312EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2023/12/18 3:15 p.m.54 views

CVE-2023-6817

A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. The function nftpipapowalk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO Pile Packet Policies elements, leadi...

7.8CVSS6.7AI score0.00334EPSS
Exploits0References14
UbuntuCve
UbuntuCve
added 2023/12/12 5:15 p.m.54 views

CVE-2023-4421

The NSS code used for checking PKCS1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected...

6.5CVSS6.8AI score0.00628EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2023/12/05 5:15 p.m.54 views

CVE-2023-45287

Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS1 padding may leak timing...

7.5CVSS6.7AI score0.0125EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2023/11/09 8:15 p.m.54 views

CVE-2023-5550

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution...

9.8CVSS7.3AI score0.0137EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2023/11/06 11:15 a.m.54 views

CVE-2023-5090

A flaw was found in KVM. An improper check in svmsetx2apicmsrinterception may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition...

6CVSS6.6AI score0.00234EPSS
Exploits0References11
UbuntuCve
UbuntuCve
added 2023/11/01 8:15 p.m.54 views

CVE-2023-3397

A race condition occurred between the functions lmLogClose and txEnd in JFS, in the Linux Kernel, executed in different threads. This flaw allows a local attacker with normal user privileges to crash the system or leak internal kernel information...

7CVSS6.7AI score0.0021EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2023/10/24 12:0 a.m.54 views

CVE-2023-5363

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...

7.5CVSS6.6AI score0.03332EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2023/10/11 12:15 p.m.54 views

CVE-2023-44981

Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true, the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The...

9.1CVSS6.9AI score0.01713EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2023/07/05 3:15 a.m.54 views

CVE-2023-33201

Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject...

5.3CVSS6.8AI score0.00772EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2023/06/22 9:15 p.m.54 views

CVE-2023-35132

A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions...

6.3CVSS6.3AI score0.00802EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2023/06/05 10:15 p.m.54 views

CVE-2023-3079

Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.3AI score0.32724EPSS
Exploits2References4
UbuntuCve
UbuntuCve
added 2023/04/12 12:0 a.m.54 views

CVE-2023-29469

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to...

6.5CVSS6.8AI score0.01013EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2023/03/20 9:15 a.m.54 views

CVE-2023-1250

Improper Input Validation vulnerability in OTRS AG OTRS ACL modules, OTRS AG OTRS Community Edition ACL modules allows Local Execution of Code. When creating/importing an ACL it was possible to inject code that gets executed via manipulated comments and ACL-names This issue affects OTRS: from 7.0...

7.8CVSS6.4AI score0.00295EPSS
Exploits0References2
Total number of security vulnerabilities5000