Lucene search
+L
UbuntucveMost viewed

71772 matches found

UbuntuCve
UbuntuCve
•added 2023/03/20 9:15 a.m.•54 views

CVE-2023-1250

Improper Input Validation vulnerability in OTRS AG OTRS ACL modules, OTRS AG OTRS Community Edition ACL modules allows Local Execution of Code. When creating/importing an ACL it was possible to inject code that gets executed via manipulated comments and ACL-names This issue affects OTRS: from 7.0...

7.8CVSS6.4AI score0.00295EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2023/03/15 12:0 a.m.•54 views

CVE-2023-28161

If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. This is potentially dangerous if the local files came from different sources, suc...

8.8CVSS7.2AI score0.00619EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2023/02/17 12:0 a.m.•54 views

CVE-2023-20052

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on a...

5.3CVSS7AI score0.07003EPSS
Exploits5References3
UbuntuCve
UbuntuCve
•added 2023/01/31 4:15 p.m.•54 views

CVE-2022-25147

Integer Overflow or Wraparound vulnerability in aprbase64 functions of Apache Portable Runtime Utility APR-util allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility APR-util 1.6.1 and prior versions...

6.5CVSS6.8AI score0.01417EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2023/01/05 4:15 p.m.•54 views

CVE-2022-4378

A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system...

7.8CVSS6.7AI score0.00431EPSS
Exploits0References16
UbuntuCve
UbuntuCve
•added 2022/12/16 12:0 a.m.•54 views

CVE-2022-45141

Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption...

9.8CVSS6.9AI score0.00454EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2022/11/27 4:15 a.m.•54 views

CVE-2022-45934

An issue was discovered in the Linux kernel through 6.0.10. l2capconfigreq in net/bluetooth/l2capcore.c has an integer wraparound via L2CAPCONFREQ packets...

7.8CVSS6.8AI score0.00747EPSS
Exploits0References24
UbuntuCve
UbuntuCve
•added 2022/11/23 3:15 p.m.•54 views

CVE-2022-45151

The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website...

5.4CVSS6.3AI score0.00655EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2022/11/22 12:0 a.m.•54 views

CVE-2022-36227

In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the...

9.8CVSS6.8AI score0.01936EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/10/26 7:15 p.m.•54 views

CVE-2022-3666

A vulnerability, which was classified as critical, has been found in Axiomatic Bento4. Affected by this issue is the function AP4LinearReader::Advance of the file Ap4LinearReader.cpp of the component mp42ts. The manipulation leads to use after free. The attack may be launched remotely. The exploi...

7.8CVSS6.5AI score0.00628EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2022/10/18 9:15 p.m.•54 views

CVE-2022-21626

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerabili...

5.3CVSS6.7AI score0.01746EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/10/14 12:15 a.m.•54 views

CVE-2022-41674

An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211bssinfoupdate function in net/mac80211/scan.c...

8.1CVSS7AI score0.03763EPSS
Exploits1References13
UbuntuCve
UbuntuCve
•added 2022/09/26 4:15 p.m.•54 views

CVE-2022-2856

Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page...

6.5CVSS7.1AI score0.04493EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2022/09/23 6:15 p.m.•54 views

CVE-2022-36944

Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with Java object deserialization within an application. In such situations, it allows attackers to erase contents of arbitrary files, make network...

9.8CVSS7AI score0.08343EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2022/09/01 9:15 p.m.•54 views

CVE-2021-3826

Heap/stack buffer overflow in the dlanglname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service segmentation fault and crash via a crafted mangled symbol...

6.5CVSS7.1AI score0.01089EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/09/01 9:15 p.m.•54 views

CVE-2022-2308

A flaw was found in vDPA with VDUSE backend. There are currently no checks in VDUSE kernel driver to ensure the size of the device config space is in line with the features advertised by the VDUSE userspace application. In case of a mismatch, Virtio drivers config read helpers do not initialize t...

6.5CVSS6.7AI score0.00225EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2022/08/23 4:15 p.m.•54 views

CVE-2021-20316

A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share...

6.8CVSS6.7AI score0.00761EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/08/15 12:0 a.m.•54 views

CVE-2022-2625

A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the objec...

8CVSS6.9AI score0.0152EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/08/02 11:15 p.m.•54 views

CVE-2022-37035

An issue was discovered in bgpd in FRRouting FRR 8.3. In bgpnotifysendwithdata and bgpprocesspacket in bgppacket.c, there is a possible use-after-free due to a race condition. This could lead to Remote Code Execution or Information Disclosure by sending crafted BGP packets. User interaction is no...

8.1CVSS7.2AI score0.01932EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2022/07/25 4:15 p.m.•54 views

CVE-2022-35649

The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerability may result in...

9.8CVSS6.9AI score0.06441EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2022/07/23 12:15 a.m.•54 views

CVE-2022-1132

Inappropriate implementation in Virtual Keyboard in Google Chrome on Chrome OS prior to 100.0.4896.60 allowed a local attacker to bypass navigation restrictions via physical access to the device...

6.1CVSS6.7AI score0.00282EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2022/07/19 10:15 p.m.•54 views

CVE-2022-21541

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to...

5.9CVSS6.5AI score0.02575EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2022/07/14 8:15 p.m.•54 views

CVE-2022-31147

The jQuery Validation Plugin jquery-validation provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service ReDoS when an attacker is able to supply arbitrary input to the url2 method. This is due to an incomplete fix...

7.5CVSS7.2AI score0.02026EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2022/07/14 3:15 p.m.•54 views

CVE-2022-32213

The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling HRS...

6.5CVSS6.8AI score0.41954EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2022/07/12 12:0 a.m.•54 views

CVE-2022-29900

Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions...

6.5CVSS7.3AI score0.03764EPSS
Exploits0References17
UbuntuCve
UbuntuCve
•added 2022/06/23 5:15 p.m.•54 views

CVE-2022-33124

AIOHTTP 3.8.1 can report a "ValueError: Invalid IPv6 URL" outcome, which can lead to a Denial of Service DoS. NOTE: multiple third parties dispute this issue because there is no example of a context in which denial of service would occur, and many common contexts have exception handing in the...

5.5CVSS6.1AI score0.00685EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2022/06/06 12:0 a.m.•54 views

CVE-2022-1974

A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAPNETADMIN privilege to leak kernel information...

4.1CVSS6.7AI score0.00142EPSS
Exploits0References12
UbuntuCve
UbuntuCve
•added 2022/05/26 4:15 p.m.•54 views

CVE-2022-30785

A file handle created in fuselibopendir, and later used in fuselibreaddir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite...

7.2CVSS6.9AI score0.00392EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2022/05/17 12:0 a.m.•54 views

CVE-2022-28181

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution, denial of service, escalation of privileges,...

9.9CVSS7.2AI score0.01055EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/05/11 3:15 p.m.•54 views

CVE-2022-1426

An issue has been discovered in GitLab affecting all versions starting from 12.6 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly authenticating a user that had some certain amount of information which allowed ...

4.3CVSS6.2AI score0.00866EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2022/05/02 7:15 p.m.•54 views

CVE-2021-3750

A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions such as reset whi...

8.2CVSS7AI score0.0053EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2022/04/22 4:15 p.m.•54 views

CVE-2022-29582

In the Linux kernel before 5.17.3, fs/iouring.c has a use-after-free due to a race condition in iouring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently...

7CVSS6.7AI score0.00773EPSS
Exploits3References8
UbuntuCve
UbuntuCve
•added 2022/04/11 8:0 a.m.•54 views

CVE-2022-28346

An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate, aggregate, and extra methods are subject to SQL injection in column aliases via a crafted dictionary with dictionary expansion as the passed kwargs...

9.8CVSS6.8AI score0.18516EPSS
Exploits3References4
UbuntuCve
UbuntuCve
•added 2022/04/06 12:0 a.m.•54 views

CVE-2022-1097

NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird 91.8, Firefox 99, and Firefox ESR 91.8...

6.5CVSS6.9AI score0.00917EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2022/04/05 12:15 a.m.•54 views

CVE-2022-0606

Use after free in ANGLE in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS7.2AI score0.00833EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/04/04 3:15 p.m.•54 views

CVE-2021-43455

An Unquoted Service Path vulnerability exists in FreeLAN 2.2 via a specially crafted file in the FreeLAN Service path...

7.8CVSS7.1AI score0.00449EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2022/03/25 9:15 a.m.•54 views

CVE-2018-25032

zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input has many distant matches...

7.5CVSS6.8AI score0.52063EPSS
Exploits1References10
UbuntuCve
UbuntuCve
•added 2022/03/25 12:0 a.m.•54 views

CVE-2022-0983

An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default...

8.8CVSS7.3AI score0.00898EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2022/03/18 6:15 p.m.•54 views

CVE-2022-1011

A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write. This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation...

7.8CVSS6.7AI score0.01169EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2022/03/10 5:42 p.m.•54 views

CVE-2021-32434

abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculatebeam at draw.c...

5.5CVSS6.5AI score0.00966EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2022/03/08 6:0 p.m.•54 views

CVE-2022-0001

Non-transparent sharing of branch predictor selectors between contexts in some IntelR Processors may allow an authorized user to potentially enable information disclosure via local access...

6.5CVSS6.8AI score0.00508EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2022/03/06 12:0 a.m.•54 views

CVE-2022-26485

Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, Thunderbird 91.6.2, and Focus 97.3.0...

8.8CVSS7.1AI score0.14261EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2022/02/28 5:15 p.m.•54 views

CVE-2021-44331

ARM astcenc 3.2.0 is vulnerable to Buffer Overflow in function encodeise...

7.8CVSS7.1AI score0.00883EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2022/02/25 3:15 p.m.•54 views

CVE-2022-24329

In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects...

5.3CVSS6.8AI score0.02212EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/02/16 9:15 p.m.•54 views

CVE-2021-43301

Stack overflow in PJSUA API when calling pjsuaplaylistcreate. An attacker-controlled 'filenames' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation...

9.8CVSS7.5AI score0.02376EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2022/02/15 4:15 p.m.•54 views

CVE-2021-44960

In SVGPP SVG++ library 1.3.0, the XMLDocument::getRoot function in the renderDocument function handled the XMLDocument object improperly, returning a null pointer in advance at the second if, resulting in a null pointer reference behind the renderDocument function...

6.5CVSS6.9AI score0.01179EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2022/02/11 6:15 p.m.•54 views

CVE-2022-0561

Null source pointer passed as an argument to memcpy function within TIFFFetchStripThing in tifdirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712...

5.5CVSS6.7AI score0.0125EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2022/02/11 1:15 a.m.•54 views

CVE-2022-23773

cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags...

7.5CVSS7.1AI score0.02698EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/02/09 11:15 p.m.•54 views

CVE-2021-0066

Improper input validation in firmware for IntelR PROSet/Wireless Wi-Fi in multiple operating systems and KillerTM Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable escalation of privilege via local access...

8.4CVSS6.7AI score0.00321EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/02/09 11:15 p.m.•54 views

CVE-2021-0174

Improper Use of Validation Framework in firmware for some IntelR PROSet/Wireless Wi-Fi in multiple operating systems and some KillerTM Wi-Fi in Windows 10 and 11 may allow a unauthenticated user to potentially enable denial of service via adjacent access...

6.5CVSS6.3AI score0.00515EPSS
Exploits0References2
Total number of security vulnerabilities5000