Lucene search
+L
UbuntucveMost viewed

71772 matches found

UbuntuCve
UbuntuCve
added 2005/05/24 4:0 a.m.54 views

CVE-2005-1705

gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb...

7.2CVSS7.4AI score0.00437EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/01/09 1:15 a.m.53 views

CVE-2023-28120

There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input...

5.3CVSS6.4AI score0.00923EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/07/15 1:15 a.m.53 views

CVE-2024-6345

A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code...

8.8CVSS7.7AI score0.01939EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2024/04/09 5:15 p.m.53 views

CVE-2024-26256

Libarchive Remote Code Execution Vulnerability...

7.8CVSS6.8AI score0.87896EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/04/02 12:0 a.m.53 views

CVE-2024-26659

In the Linux kernel, the following vulnerability has been resolved: xhci: handle isoc Babble and Buffer Overrun events properly xHCI 4.9 explicitly forbids assuming that the xHC has released its ownership of a multi-TRB TD when it reports an error on one of the early TRBs. Yet the driver makes su...

5.5CVSS6.4AI score0.0023EPSS
Exploits0References23
UbuntuCve
UbuntuCve
added 2024/03/15 9:15 p.m.53 views

CVE-2021-47110

In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Disable kvmclock on all CPUs on shutdown Currenly, we disable kvmclock from machineshutdown hook and this only happens for boot CPU. We need to disable it for all CPUs to guard against memory corruption e.g. on restore...

7.1CVSS6.4AI score0.00245EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2024/03/07 1:15 a.m.53 views

CVE-2024-0199

An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to 16.7.7, 16.7.6 prior to 16.8.4, and 16.8.3 prior to 16.9.2. An attacker could bypass CODEOWNERS by utilizing a crafted payload in an old feature branch to perform malicious actions...

8CVSS7.1AI score0.00706EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2024/03/06 7:15 a.m.53 views

CVE-2023-52606

In the Linux kernel, the following vulnerability has been resolved: powerpc/lib: Validate size for vector operations Some of the fp/vmx code in sstep.c assume a certain maximum size for the instructions being emulated. The size of those operations however is determined separately in analyseinstr...

5.5CVSS6.4AI score0.00234EPSS
Exploits0References26
UbuntuCve
UbuntuCve
added 2024/02/21 3:15 p.m.53 views

CVE-2024-26583

In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify and socket close The submitting thread one which called recvmsg/sendmsg may exit as soon as the async crypto handler calls complete so any code past that point risks touching already freed data...

4.7CVSS6.4AI score0.00177EPSS
Exploits0References25
UbuntuCve
UbuntuCve
added 2024/02/07 9:15 p.m.53 views

CVE-2023-6356

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service...

7.5CVSS6.6AI score0.01448EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2024/01/25 7:15 a.m.53 views

CVE-2024-23307

Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM md, raid, raid5 modules allows Forced Integer Overflow...

7.8CVSS6.7AI score0.0059EPSS
Exploits0References30
UbuntuCve
UbuntuCve
added 2024/01/10 10:15 p.m.53 views

CVE-2022-32919

The issue was addressed with improved UI handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Visiting a website that frames malicious content may lead to UI spoofing...

4.7CVSS6.7AI score0.00523EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2024/01/05 5:15 p.m.53 views

CVE-2023-34325

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. libfsimage contains parsing code for several filesystems, most of them based on grub-legacy code. libfsimage is used by pygrub to inspect guest disks. Pygrub runs as the...

7.8CVSS7.2AI score0.00289EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2024/01/03 5:15 p.m.53 views

CVE-2023-6004

A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter...

4.8CVSS6.7AI score0.00449EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2023/12/24 6:15 a.m.53 views

CVE-2023-51765

sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . but some other...

5.3CVSS6.1AI score0.01073EPSS
Exploits2References4
UbuntuCve
UbuntuCve
added 2023/12/19 2:15 p.m.53 views

CVE-2023-6931

A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation. A perfevent's readsize can overflow, leading to an heap out-of-bounds increment or write in perfreadgroup. We recommend upgrading past commit...

7.8CVSS6.6AI score0.00715EPSS
Exploits1References20
UbuntuCve
UbuntuCve
added 2023/12/18 3:15 p.m.53 views

CVE-2023-6817

A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. The function nftpipapowalk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO Pile Packet Policies elements, leadi...

7.8CVSS6.7AI score0.00334EPSS
Exploits0References14
UbuntuCve
UbuntuCve
added 2023/11/28 9:15 a.m.53 views

CVE-2023-34053

In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC or Spring WebFlux...

7.5CVSS6.8AI score0.0115EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2023/11/07 4:15 p.m.53 views

CVE-2023-47359

Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket and results in a memory corruption...

9.8CVSS7.2AI score0.01096EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2023/11/03 8:15 p.m.53 views

CVE-2022-3172

A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties...

8.2CVSS6.8AI score0.02464EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2023/10/24 12:0 a.m.53 views

CVE-2023-5363

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...

7.5CVSS6.6AI score0.03332EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2023/08/23 7:15 a.m.53 views

CVE-2023-41105

An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath, the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python...

7.5CVSS7.1AI score0.02155EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2023/08/22 7:16 p.m.53 views

CVE-2022-44729

Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even...

7.1CVSS6.8AI score0.00786EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2023/08/03 12:0 a.m.53 views

CVE-2023-3777

A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. When nftablesdelrule is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain...

7.8CVSS6.7AI score0.00413EPSS
Exploits0References14
UbuntuCve
UbuntuCve
added 2023/07/27 12:15 a.m.53 views

CVE-2023-37450

The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited...

8.8CVSS7.4AI score0.1895EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2023/07/24 9:15 a.m.53 views

CVE-2023-38057

An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent. This issue affects...

5.4CVSS5.7AI score0.0033EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2023/07/06 12:0 a.m.53 views

CVE-2023-36830

SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...

7.8CVSS7.2AI score0.00414EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2023/05/11 4:15 p.m.53 views

CVE-2023-24540

Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution...

9.8CVSS6.8AI score0.01548EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2023/05/09 10:15 p.m.53 views

CVE-2023-2156

A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of...

7.5CVSS6.8AI score0.06127EPSS
Exploits0References11
UbuntuCve
UbuntuCve
added 2023/03/26 7:15 p.m.53 views

CVE-2023-28859

redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request. This could, for example, happen for a non-pipeline operation. NOTE: the solutions for CVE-2023-288...

6.5CVSS6.6AI score0.01034EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2023/03/20 9:15 a.m.53 views

CVE-2023-1250

Improper Input Validation vulnerability in OTRS AG OTRS ACL modules, OTRS AG OTRS Community Edition ACL modules allows Local Execution of Code. When creating/importing an ACL it was possible to inject code that gets executed via manipulated comments and ACL-names This issue affects OTRS: from 7.0...

7.8CVSS6.4AI score0.00295EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2023/03/01 7:15 p.m.53 views

CVE-2022-3162

Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions...

6.5CVSS6.9AI score0.01191EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2023/03/01 4:15 p.m.53 views

CVE-2022-36021

Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands like SCAN or KEYS with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18...

5.5CVSS6.3AI score0.59706EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2023/02/15 4:15 a.m.53 views

CVE-2022-47373

Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. This vulnerability arises on the forget password functionality in which parameter username does not proper input validation/sanitization thus results in executing malicious JavaScript...

6.4CVSS6.4AI score0.00338EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2023/02/01 5:15 p.m.53 views

CVE-2022-4254

sssd: libssscertmap fails to sanitise certificate data used in LDAP filters...

8.8CVSS6.8AI score0.0095EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2023/01/30 12:0 a.m.53 views

CVE-2022-37705

A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the...

6.7CVSS6.8AI score0.01246EPSS
Exploits2References5
UbuntuCve
UbuntuCve
added 2023/01/12 3:15 p.m.53 views

CVE-2022-3341

A null pointer dereference issue was discovered in 'FFmpeg' in decodemainheader function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformatnewstream and triggers the null pointer dereference error, causing an application to crash...

5.3CVSS6.7AI score0.00817EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2023/01/05 4:15 p.m.53 views

CVE-2022-4378

A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system...

7.8CVSS6.7AI score0.00431EPSS
Exploits0References16
UbuntuCve
UbuntuCve
added 2022/12/22 10:15 p.m.53 views

CVE-2022-43594

Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these...

5.9CVSS6.9AI score0.01266EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2022/12/16 12:0 a.m.53 views

CVE-2022-45141

Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption...

9.8CVSS6.9AI score0.00454EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2022/11/01 12:0 a.m.53 views

CVE-2022-3602

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...

7.5CVSS7.6AI score0.9077EPSS
Exploits6References3
UbuntuCve
UbuntuCve
added 2022/10/27 5:15 p.m.53 views

CVE-2022-3725

Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file...

7.5CVSS6.8AI score0.008EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2022/10/27 12:0 a.m.53 views

CVE-2022-42927

A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via performance.getEntries. This vulnerability affects Firefox 106, Firefox ESR 102.4, and Thunderbird 102.4...

8.1CVSS7.1AI score0.00414EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2022/10/17 7:15 p.m.53 views

CVE-2022-3566

A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcpgetsockopt/tcpsetsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assign...

7.1CVSS6AI score0.00344EPSS
Exploits0References16
UbuntuCve
UbuntuCve
added 2022/09/23 12:0 a.m.53 views

CVE-2022-41318

A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a...

8.6CVSS7.2AI score0.0282EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2022/09/16 10:15 a.m.53 views

CVE-2022-40151

Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack...

7.5CVSS7AI score0.01022EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2022/09/09 3:15 p.m.53 views

CVE-2022-3077

A buffer overflow vulnerability was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way it handled the I2CSMBUSBLOCKPROCCALL case via the ioctl I2CSMBUS with malicious input data. This flaw could allow a local user to crash the system...

5.5CVSS6.9AI score0.00225EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2022/08/30 3:15 a.m.53 views

CVE-2022-38784

Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder JBIG2Stream::readTextRegionSeg in JBIGStream.cc. Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described...

7.8CVSS7.4AI score0.00574EPSS
Exploits1References8
UbuntuCve
UbuntuCve
added 2022/08/25 6:59 p.m.53 views

CVE-2022-2991

A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. This vulnerability allows a local attacker to escalate privileges and...

6.7CVSS7.2AI score0.00412EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2022/07/05 12:0 a.m.53 views

CVE-2022-34481

In the nsTArrayImpl::ReplaceElementsAt function, an integer overflow could have occurred when the number of elements to replace was too large for the container. This vulnerability affects Firefox 102, Firefox ESR 91.11, Thunderbird 102, and Thunderbird 91.11...

8.8CVSS7.2AI score0.00776EPSS
Exploits0References4
Total number of security vulnerabilities5000