Lucene search
+L
UbuntucveMost viewed

71772 matches found

UbuntuCve
UbuntuCve
•added 2022/02/25 3:15 p.m.•53 views

CVE-2022-24329

In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects...

5.3CVSS6.8AI score0.02178EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/01/19 12:15 p.m.•53 views

CVE-2022-21283

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

5.3CVSS6.5AI score0.03782EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2022/01/13 12:0 a.m.•53 views

CVE-2022-22741

When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

7.5CVSS7.1AI score0.00652EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2021/11/18 10:15 p.m.•53 views

CVE-2021-37322

GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c...

7.8CVSS7.1AI score0.00853EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2021/11/17 5:15 p.m.•53 views

CVE-2021-43975

In the Linux kernel through 5.15.2, hwatlutilsfwrpcwait in drivers/net/ethernet/aquantia/atlantic/hwatl/hwatlutils.c allows an attacker who can introduce a crafted device to trigger an out-of-bounds write via a crafted length value...

6.7CVSS6.7AI score0.00513EPSS
Exploits1References10
UbuntuCve
UbuntuCve
•added 2021/10/20 9:15 p.m.•53 views

CVE-2021-42771

Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files containing serialized Python objects via directory traversal, leading to code execution...

7.8CVSS7AI score0.00716EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2021/10/08 9:15 p.m.•53 views

CVE-2021-30632

Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS7.3AI score0.64546EPSS
Exploits3References2
UbuntuCve
UbuntuCve
•added 2021/09/13 9:15 p.m.•53 views

CVE-2021-41054

tftpdfile.c in atftp through 0.7.4 has a buffer overflow because buffer-size handling does not properly consider the combination of data, OACK, and other options...

7.5CVSS7.3AI score0.02581EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2021/09/13 6:15 p.m.•53 views

CVE-2021-39212

ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded...

4.4CVSS6.5AI score0.00353EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2021/07/27 12:0 a.m.•53 views

CVE-2021-30799

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution...

9.3CVSS7.1AI score0.02156EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2021/07/27 12:0 a.m.•53 views

CVE-2021-30663

An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution...

8.8CVSS7.3AI score0.0369EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2021/07/20 12:0 p.m.•53 views

CVE-2021-33910

basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value involving strdupa and alloca for a pathname controlled by a local attacker that results in an operating system crash...

5.5CVSS6.8AI score0.0865EPSS
Exploits2References3
UbuntuCve
UbuntuCve
•added 2021/06/10 7:15 a.m.•53 views

CVE-2020-13950

Apache HTTP Server versions 2.4.41 to 2.4.46 modproxyhttp can be made to crash NULL pointer dereference with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service...

7.5CVSS7.1AI score0.49089EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2021/04/12 2:15 p.m.•53 views

CVE-2021-23369

The package handlebars before 4.7.7 are vulnerable to Remote Code Execution RCE when selecting certain compiling options to compile templates coming from an untrusted source...

9.8CVSS6.9AI score0.07028EPSS
Exploits2References7
UbuntuCve
UbuntuCve
•added 2021/03/18 10:0 p.m.•53 views

CVE-2020-27171

An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error with a resultant integer underflow affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information...

6CVSS7AI score0.00577EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2021/03/02 6:0 p.m.•53 views

CVE-2020-25632

A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of...

8.2CVSS6.9AI score0.01152EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2020/11/02 12:0 a.m.•53 views

CVE-2020-25673

A vulnerability was found in Linux kernel where non-blocking socket in llcpsockconnect leads to leak and eventually hanging-up the system...

5.5CVSS6.7AI score0.00479EPSS
Exploits1References7
UbuntuCve
UbuntuCve
•added 2020/07/17 8:15 p.m.•53 views

CVE-2020-0305

In cdevget of chardev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153467744...

6.4CVSS6.8AI score0.0017EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2020/07/14 3:15 p.m.•53 views

CVE-2020-13935

The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of...

7.5CVSS6.8AI score0.87553EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2020/06/15 6:15 p.m.•53 views

CVE-2020-14147

An integer overflow in the getnum function in luastruct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service memory corruption and application crash or possibly bypass intended sandbox restrictions via a large...

7.7CVSS7.2AI score0.03085EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2020/06/03 3:15 a.m.•53 views

CVE-2019-20812

An issue was discovered in the Linux kernel before 5.4.7. The prbcalcretireblktmo function in net/packet/afpacket.c can result in a denial of service CPU consumption and soft lockup in a certain failure case involving TPACKETV3, aka CID-b43d1f9f7067...

5.5CVSS6.8AI score0.0044EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2020/05/24 10:15 p.m.•53 views

CVE-2020-13434

SQLite through 3.32.0 has an integer overflow in sqlite3strvappendf in printf.c...

5.5CVSS6.8AI score0.01013EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2020/05/09 9:15 p.m.•53 views

CVE-2020-12770

An issue was discovered in the Linux kernel through 5.6.11. sgwrite lacks an sgremoverequest call in a certain failure case, aka CID-83c6f2390040...

6.7CVSS6.7AI score0.00586EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2020/04/03 12:0 a.m.•53 views

CVE-2020-6819

Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird 68.7.0, Firefox 74.0.1, and Firefox ESR 68.6.1...

8.1CVSS7.2AI score0.02978EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2020/04/01 6:15 p.m.•53 views

CVE-2020-3902

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to a cross site...

6.1CVSS6.6AI score0.01124EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2020/02/20 4:15 p.m.•53 views

CVE-2020-9272

ProFTPD 1.3.7 has an out-of-bounds OOB read vulnerability in modcap via the captext.c captotext function...

7.5CVSS6.4AI score0.0211EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2020/02/03 10:0 a.m.•53 views

CVE-2020-7471

Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter. By passing a suitably crafted delimiter...

9.8CVSS6.8AI score0.65336EPSS
Exploits9References3
UbuntuCve
UbuntuCve
•added 2020/01/30 7:15 p.m.•53 views

CVE-2020-8492

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking...

7.1CVSS6.8AI score0.06681EPSS
Exploits1References9
UbuntuCve
UbuntuCve
•added 2019/12/12 3:15 a.m.•53 views

CVE-2017-18640

The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564...

7.5CVSS6.8AI score0.26723EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2019/11/27 8:0 p.m.•53 views

CVE-2019-18660

The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry64.S and arch/powerpc/kernel/security.c...

4.7CVSS6.8AI score0.00736EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2019/11/12 6:0 p.m.•53 views

CVE-2019-0155

Insufficient access control in a subsystem for Intel R processor graphics in 6th, 7th, 8th and 9th Generation IntelR CoreTM Processor Families; IntelR PentiumR Processor J, N, Silver and Gold Series; IntelR CeleronR Processor J, N, G3900 and G4900 Series; IntelR AtomR Processor A and E3900 Series...

7.8CVSS6.8AI score0.00668EPSS
Exploits0References12
UbuntuCve
UbuntuCve
•added 2019/10/10 1:6 a.m.•53 views

CVE-2019-17420

In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the httpheader signature to not alert on a response with a single \r\n ending...

5.3CVSS6.1AI score0.01355EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2019/10/04 12:15 p.m.•53 views

CVE-2019-17133

In the Linux kernel through 5.3.2, cfg80211mgdwextgiwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow...

9.8CVSS6.8AI score0.06652EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2019/09/11 4:15 p.m.•53 views

CVE-2019-16231

drivers/net/fjes/fjesmain.c in the Linux kernel 5.2.14 does not check the allocworkqueue return value, leading to a NULL pointer dereference...

4.7CVSS6.8AI score0.00422EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2019/09/11 2:15 p.m.•53 views

CVE-2019-16222

WordPress before 5.2.3 has an issue with URL sanitization in wpksesbadprotocolonce in wp-includes/kses.php that can lead to cross-site scripting XSS attacks...

6.1CVSS6.9AI score0.02198EPSS
Exploits2References4
UbuntuCve
UbuntuCve
•added 2019/09/09 12:0 a.m.•53 views

CVE-2019-15030

In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction via the hardware transactional memory instruction tbegin and then...

4.4CVSS6.7AI score0.00451EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2019/08/06 5:0 p.m.•53 views

CVE-2019-1125

An information disclosure vulnerability exists when certain central processing units CPU speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an...

5.6CVSS7.1AI score0.04521EPSS
Exploits4References7
UbuntuCve
UbuntuCve
•added 2019/07/26 7:15 p.m.•53 views

CVE-2019-13990

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description...

9.8CVSS6.8AI score0.162EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2019/07/23 12:0 a.m.•53 views

CVE-2019-2816

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access v...

5.8CVSS6.8AI score0.02286EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2019/07/01 2:15 a.m.•53 views

CVE-2019-13118

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data...

5.3CVSS6.7AI score0.05147EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2019/06/18 4:15 p.m.•53 views

CVE-2018-18837

An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data filename parameter because of webclientapirequestv1data in web/api/webapiv1.c...

6.1CVSS6.9AI score0.01751EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2019/05/10 12:0 a.m.•53 views

CVE-2019-11884

The dohidpsockioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character...

3.3CVSS6.8AI score0.00495EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2019/04/10 10:29 p.m.•53 views

CVE-2019-11072

lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burlnormalize2Ftoslashfix in burl.c. NOTE:...

9.8CVSS7.2AI score0.73762EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2019/01/26 12:0 a.m.•53 views

CVE-2019-6977

gdImageColorMatch in gdcolormatch.c in the GD Graphics Library aka LibGD 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigg...

8.8CVSS7.2AI score0.64265EPSS
Exploits7References4
UbuntuCve
UbuntuCve
•added 2018/08/20 7:31 p.m.•53 views

CVE-2018-1000652

JabRef version =4.3.1 contains a XML External Entity XXE vulnerability in MsBibImporter XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted MsBib file. This...

10CVSS7.1AI score0.01937EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2018/06/19 12:0 a.m.•53 views

CVE-2018-1061

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.ISLINEJUNK method. An attacker could use this flaw to cause denial of service...

7.5CVSS6.8AI score0.05159EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2018/03/26 12:0 a.m.•53 views

CVE-2018-1303

A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of modcachesocache. The vulnerability is considere...

7.5CVSS7.1AI score0.70783EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2018/02/20 3:29 p.m.•53 views

CVE-2018-6356

Jenkins before 2.107 and Jenkins LTS before 2.89.4 did not properly prevent specifying relative paths that escape a base directory for URLs accessing plugin resource files. This allowed users with Overall/Read permission to download files from the Jenkins master they should not have access to. On...

6.5CVSS6.8AI score0.0388EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2018/02/06 3:29 p.m.•53 views

CVE-2017-15095

A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw...

9.8CVSS7.2AI score0.08411EPSS
Exploits2References9
UbuntuCve
UbuntuCve
•added 2018/01/10 3:29 p.m.•53 views

CVE-2017-7536

In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the...

7CVSS6.9AI score0.00482EPSS
Exploits0References1
Total number of security vulnerabilities5000