Lucene search
K
UbuntucveMost viewed

68528 matches found

UbuntuCve
UbuntuCve
•added 2017/06/13 4:29 p.m.•54 views

CVE-2015-3220

The tlslite library before 0.4.9 for Python allows remote attackers to trigger a denial of service runtime exception and process crash...

7.5CVSS7.1AI score0.03204EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2017/06/08 8:29 p.m.•54 views

CVE-2016-4473

/ext/phar/pharobject.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833...

9.8CVSS7.3AI score0.07753EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2017/05/18 12:0 a.m.•54 views

CVE-2017-9048

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more...

7.5CVSS7AI score0.04888EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2017/01/04 12:0 a.m.•54 views

CVE-2016-10010

sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c...

7CVSS7.1AI score0.0424EPSS
Exploits2References4
UbuntuCve
UbuntuCve
•added 2016/05/30 12:0 a.m.•54 views

CVE-2016-5114

sapi/fpm/fpm/fpmlog.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information from process memory or cause a denial of service out-of-bounds read and buffer overflow via a long...

9.1CVSS7.3AI score0.04489EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2015/12/16 12:0 a.m.•54 views

CVE-2015-5299

The shadowcopy2getshadowcopydata function in modules/vfsshadowcopy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORYLIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy...

5.3CVSS6.7AI score0.13584EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2015/03/12 12:0 a.m.•54 views

CVE-2015-2150

Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service non-maskable interrupt and host crash by disabling the 1 memory or 2 I/O decoding for a PCI Express device and...

4.9CVSS6.8AI score0.00534EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2014/11/30 11:59 a.m.•54 views

CVE-2014-8958

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database, 2 table, or 3 column name that is improperly handled during...

4.3CVSS7.2AI score0.02441EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2014/05/11 12:0 a.m.•54 views

CVE-2014-3122

The trytounmapcluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service system crash by triggering a memory-usage pattern that requires removal of page-table mappings...

4.9CVSS6.5AI score0.00545EPSS
Exploits0References11
UbuntuCve
UbuntuCve
•added 2014/04/07 12:0 a.m.•54 views

CVE-2014-0160

The 1 TLS and 2 DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys,...

7.5CVSS7.2AI score0.99999EPSS
Exploits88References5
UbuntuCve
UbuntuCve
•added 2013/10/17 12:55 a.m.•54 views

CVE-2013-4389

Multiple format string vulnerabilities in logsubscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message...

4.3CVSS7.2AI score0.03135EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2013/06/18 12:0 a.m.•54 views

CVE-2013-2465

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2...

10CVSS7.1AI score0.98704EPSS
Exploits10References7
UbuntuCve
UbuntuCve
•added 2013/04/17 12:0 a.m.•54 views

CVE-2013-2419

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to 2D. NOTE: the previous...

5CVSS6.8AI score0.2258EPSS
Exploits5References7
UbuntuCve
UbuntuCve
•added 2013/04/09 12:0 a.m.•54 views

CVE-2013-1929

Heap-based buffer overflow in the tg3readvpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6 allows physically proximate attackers to cause a denial of service system crash or possibly execute arbitrary code via crafted firmware that specifies a long string in the...

4.4CVSS7.3AI score0.00717EPSS
Exploits1References8
UbuntuCve
UbuntuCve
•added 2011/02/28 12:0 a.m.•54 views

CVE-2011-1020

The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lsee...

4.6CVSS7.1AI score0.00923EPSS
Exploits3References13
UbuntuCve
UbuntuCve
•added 2010/09/07 12:0 a.m.•54 views

CVE-2010-2769

Cross-site scripting XSS vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allows user-assisted remote attackers to inject arbitrary web script or HTML via a selection that is added to a document in...

4.3CVSS7.2AI score0.0207EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2009/01/28 11:30 a.m.•54 views

CVE-2008-5986

Untrusted search path vulnerability in the 1 "VST plugin with Python scripting" and 2 "VST plugin for writing score generators in Python" in Csound 5.08.2, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory,...

6.9CVSS5.9AI score0.00365EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2009/01/13 5:0 p.m.•54 views

CVE-2009-0024

The sysremapfilepages function in mm/fremap.c in the Linux kernel before 2.6.24.1 allows local users to cause a denial of service or gain privileges via unspecified vectors, related to the vmfile structure member, and the mmapregion and domunmap functions...

7.2CVSS5.9AI score0.00351EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2008/10/15 12:0 a.m.•54 views

CVE-2008-4582

Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive...

4.3CVSS5.9AI score0.10187EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2008/04/09 9:5 p.m.•54 views

CVE-2007-6019

Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly...

9.3CVSS6.2AI score0.5977EPSS
Exploits3References1
UbuntuCve
UbuntuCve
•added 2006/07/18 3:47 p.m.•54 views

CVE-2006-3674

nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote attackers to cause a denial of service CPU consumption via a large number handled by the idreqhandler function...

7.8CVSS5.9AI score0.02226EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2025/01/09 1:15 a.m.•53 views

CVE-2023-28120

There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input...

5.3CVSS6.4AI score0.00923EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2024/05/14 3:21 p.m.•53 views

CVE-2024-30172

An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key...

7.5CVSS6.9AI score0.00753EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2024/04/16 12:15 a.m.•53 views

CVE-2024-1135

Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handli...

7.5CVSS7.1AI score0.02996EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2024/04/09 5:15 p.m.•53 views

CVE-2024-26256

Libarchive Remote Code Execution Vulnerability...

7.8CVSS6.8AI score0.87896EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2024/03/15 9:15 p.m.•53 views

CVE-2021-47110

In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Disable kvmclock on all CPUs on shutdown Currenly, we disable kvmclock from machineshutdown hook and this only happens for boot CPU. We need to disable it for all CPUs to guard against memory corruption e.g. on restore...

7.1CVSS6.4AI score0.00245EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2024/03/07 1:15 a.m.•53 views

CVE-2024-0199

An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to 16.7.7, 16.7.6 prior to 16.8.4, and 16.8.3 prior to 16.9.2. An attacker could bypass CODEOWNERS by utilizing a crafted payload in an old feature branch to perform malicious actions...

8CVSS7.1AI score0.00706EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2024/03/06 7:15 a.m.•53 views

CVE-2023-52606

In the Linux kernel, the following vulnerability has been resolved: powerpc/lib: Validate size for vector operations Some of the fp/vmx code in sstep.c assume a certain maximum size for the instructions being emulated. The size of those operations however is determined separately in analyseinstr...

5.5CVSS6.4AI score0.00234EPSS
Exploits0References26
UbuntuCve
UbuntuCve
•added 2024/02/07 9:15 p.m.•53 views

CVE-2023-6356

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service...

7.5CVSS6.6AI score0.01448EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2024/01/10 10:15 p.m.•53 views

CVE-2022-32919

The issue was addressed with improved UI handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Visiting a website that frames malicious content may lead to UI spoofing...

4.7CVSS6.7AI score0.00523EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2024/01/05 5:15 p.m.•53 views

CVE-2023-34325

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. libfsimage contains parsing code for several filesystems, most of them based on grub-legacy code. libfsimage is used by pygrub to inspect guest disks. Pygrub runs as the...

7.8CVSS7.2AI score0.00289EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2024/01/03 5:15 p.m.•53 views

CVE-2023-6004

A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter...

4.8CVSS6.7AI score0.00449EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2023/12/24 6:15 a.m.•53 views

CVE-2023-51765

sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . but some other...

5.3CVSS6.1AI score0.01073EPSS
Exploits2References4
UbuntuCve
UbuntuCve
•added 2023/11/28 9:15 a.m.•53 views

CVE-2023-34053

In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC or Spring WebFlux...

7.5CVSS6.8AI score0.0115EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2023/11/09 8:15 p.m.•53 views

CVE-2023-5550

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution...

9.8CVSS7.3AI score0.0137EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2023/11/07 4:15 p.m.•53 views

CVE-2023-47359

Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket and results in a memory corruption...

9.8CVSS7.2AI score0.01096EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2023/11/03 8:15 p.m.•53 views

CVE-2022-3172

A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties...

8.2CVSS6.8AI score0.02464EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2023/10/24 12:0 a.m.•53 views

CVE-2023-5363

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...

7.5CVSS6.6AI score0.03332EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2023/09/25 4:15 p.m.•53 views

CVE-2023-5156

A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash...

7.5CVSS6.7AI score0.01338EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2023/08/23 7:15 a.m.•53 views

CVE-2023-41105

An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath, the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python...

7.5CVSS7.1AI score0.02155EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2023/08/22 7:16 p.m.•53 views

CVE-2022-44729

Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even...

7.1CVSS6.8AI score0.00786EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2023/08/03 12:0 a.m.•53 views

CVE-2023-3777

A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. When nftablesdelrule is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain...

7.8CVSS6.7AI score0.00413EPSS
Exploits0References14
UbuntuCve
UbuntuCve
•added 2023/07/27 12:15 a.m.•53 views

CVE-2023-37450

The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited...

8.8CVSS7.4AI score0.1895EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2023/07/06 12:0 a.m.•53 views

CVE-2023-36830

SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...

7.8CVSS7.2AI score0.00414EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2023/06/22 9:15 p.m.•53 views

CVE-2023-35132

A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions...

6.3CVSS6.3AI score0.00802EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2023/06/09 11:15 a.m.•53 views

CVE-2023-32731

When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this...

7.5CVSS6.8AI score0.00502EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2023/06/05 10:15 p.m.•53 views

CVE-2023-3079

Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.3AI score0.32724EPSS
Exploits2References4
UbuntuCve
UbuntuCve
•added 2023/05/09 10:15 p.m.•53 views

CVE-2023-2156

A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of...

7.5CVSS6.8AI score0.06127EPSS
Exploits0References11
UbuntuCve
UbuntuCve
•added 2023/03/26 7:15 p.m.•53 views

CVE-2023-28859

redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request. This could, for example, happen for a non-pipeline operation. NOTE: the solutions for CVE-2023-288...

6.5CVSS6.6AI score0.01034EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2023/03/20 9:15 a.m.•53 views

CVE-2023-1250

Improper Input Validation vulnerability in OTRS AG OTRS ACL modules, OTRS AG OTRS Community Edition ACL modules allows Local Execution of Code. When creating/importing an ACL it was possible to inject code that gets executed via manipulated comments and ACL-names This issue affects OTRS: from 7.0...

7.8CVSS6.4AI score0.00295EPSS
Exploits0References2
Total number of security vulnerabilities5000