Lucene search
+L
UbuntucveMost viewed

71772 matches found

UbuntuCve
UbuntuCve
•added 2014/04/01 3:55 p.m.•53 views

CVE-2014-1691

The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the formvars form...

7.5CVSS6.2AI score0.42895EPSS
Exploits7References3
UbuntuCve
UbuntuCve
•added 2013/11/20 12:0 a.m.•53 views

CVE-2013-6282

The 1 getuser and 2 putuser API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against...

8.8CVSS7.4AI score0.39711EPSS
Exploits9References10
UbuntuCve
UbuntuCve
•added 2013/06/18 10:55 p.m.•53 views

CVE-2013-2468

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than...

10CVSS6.9AI score0.07866EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2013/06/18 12:0 a.m.•53 views

CVE-2013-1500

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality and integrity via unknown vectors related to 2D. NOTE: the previou...

3.6CVSS6.8AI score0.00506EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2013/04/09 8:55 p.m.•53 views

CVE-2013-1800

The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption by leveraging Action Pack support for 1 YAML type...

7.5CVSS6.1AI score0.04952EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2012/09/15 12:0 a.m.•53 views

CVE-2012-4929

The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differenc...

2.6CVSS6.8AI score0.04266EPSS
Exploits2References20
UbuntuCve
UbuntuCve
•added 2012/06/27 12:0 a.m.•53 views

CVE-2011-4940

The listdirectory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting XSS...

2.6CVSS6.9AI score0.03213EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2012/02/24 12:0 a.m.•53 views

CVE-2012-0507

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE:...

10CVSS7.3AI score0.98113EPSS
Exploits13References4
UbuntuCve
UbuntuCve
•added 2011/11/09 12:0 a.m.•53 views

CVE-2011-3648

Cross-site scripting XSS vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding...

4.3CVSS7.3AI score0.01453EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2011/05/04 12:0 a.m.•53 views

CVE-2011-0077

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code vi...

10CVSS7.3AI score0.05259EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2011/05/04 12:0 a.m.•53 views

CVE-2011-0078

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code vi...

10CVSS7.3AI score0.05259EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2011/01/20 7:0 p.m.•53 views

CVE-2011-0008

A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group aka %group in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain roo...

6.9CVSS7.1AI score0.00333EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2010/11/30 12:0 a.m.•53 views

CVE-2010-4248

Race condition in the exitsignal function in kernel/exit.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors related to multithreaded exec, the use of a thread group leader in kernel/posix-cpu-timers.c, and the selection of a new thread group leader...

4.9CVSS6.3AI score0.00321EPSS
Exploits2References12
UbuntuCve
UbuntuCve
•added 2010/10/13 12:0 a.m.•53 views

CVE-2010-3702

The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service crash via unknown vectors that trigger an uninitialized pointer...

7.5CVSS6.7AI score0.02757EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2010/06/11 6:0 p.m.•53 views

CVE-2010-1413

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends NTLM credentials in cleartext in unspecified circumstances, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors...

5CVSS5.9AI score0.02399EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2010/01/13 12:0 a.m.•53 views

CVE-2009-4492

WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrar...

7.5CVSS7.1AI score0.15684EPSS
Exploits2References2
UbuntuCve
UbuntuCve
•added 2008/11/04 6:29 p.m.•53 views

CVE-2008-2992

Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104...

9.3CVSS7.8AI score0.98482EPSS
Exploits19References2
UbuntuCve
UbuntuCve
•added 2008/09/27 10:30 a.m.•53 views

CVE-2008-3528

The error-reporting functionality in 1 fs/ext2/dir.c, 2 fs/ext3/dir.c, and possibly 3 fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a denial of service temporar...

2.1CVSS6.3AI score0.00525EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2008/08/13 12:41 a.m.•53 views

CVE-2008-2938

Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than...

4.3CVSS6AI score0.99708EPSS
Exploits22References1
UbuntuCve
UbuntuCve
•added 2008/08/04 1:41 a.m.•53 views

CVE-2008-1232

Cross-site scripting XSS vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method...

4.3CVSS6.3AI score0.75865EPSS
Exploits2References1
UbuntuCve
UbuntuCve
•added 2008/01/09 11:46 p.m.•53 views

CVE-2007-0012

Sun JRE 5.0 before update 14 allows remote attackers to cause a denial of service Internet Explorer crash via an object tag with an encoded applet and an undefined name attribute, which triggers a NULL pointer dereference in jpiexp32.dll when the applet is decoded and passed to the JVM...

4.3CVSS5.9AI score0.01882EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2007/12/18 8:46 p.m.•53 views

CVE-2007-6434

Linux kernel 2.6.23 allows local users to create low pages in virtual userspace memory and bypass mmapminaddr protection via a crafted executable file that calls the dobrk function...

2.1CVSS5.9AI score0.00439EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2007/11/20 7:46 p.m.•53 views

CVE-2007-5899

The outputaddrewritevar function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a loca...

4.3CVSS5.9AI score0.03393EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2007/05/21 8:30 p.m.•53 views

CVE-2007-2768

OpenSSH, when using OPIE One-Time Passwords in Everything for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords OTP, a similar issue to CVE-2007-2243...

4.3CVSS7.2AI score0.08654EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2007/05/14 9:19 p.m.•53 views

CVE-2007-2446

Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving 1 DFSEnum netdfsiodfsEnumInfod, 2 RFNPCNEX smbionotifyoptiontypedata, 3 LsarAddPrivilegesToAccount...

10CVSS7.6AI score0.77806EPSS
Exploits23References2
UbuntuCve
UbuntuCve
•added 2007/05/10 12:19 a.m.•53 views

CVE-2007-1858

The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts...

2.6CVSS5.9AI score0.18254EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2006/03/19 1:2 a.m.•53 views

CVE-2006-1251

Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command...

5CVSS6.1AI score0.01493EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2005/09/13 10:3 p.m.•53 views

CVE-2005-2874

The ispathabsolute function in scheduler/client.c for the daemon in CUPS before 1.1.23 allows remote attackers to cause a denial of service CPU consumption by tight loop via a "...." URL in an HTTP request...

5CVSS6AI score0.02969EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2005/05/02 4:0 a.m.•53 views

CVE-2005-1080

Directory traversal vulnerability in the Java Archive Tool Jar utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. dot dot in filenames in a .jar file...

5CVSS6.1AI score0.06717EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2024/06/19 7:15 a.m.•52 views

CVE-2024-36978

In the Linux kernel, the following vulnerability has been resolved: net: sched: schmultiq: fix possible OOB write in multiqtune q-bands will be assigned to qopt-bands to execute subsequent code logic after kmalloc. So the old q-bands should not be used in kmalloc. Otherwise, an out-of-bounds writ...

7.8CVSS6.5AI score0.00284EPSS
Exploits0References22
UbuntuCve
UbuntuCve
•added 2024/06/06 12:0 a.m.•52 views

CVE-2024-36823

Last updated 24 July 2024...

7.5CVSS7.5AI score0.0078EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2024/05/14 3:43 p.m.•52 views

CVE-2024-4317

Missing authorization in PostgreSQL built-in views pgstatsext and pgstatsextexprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwi...

4.3CVSS6.8AI score0.00722EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2024/04/03 3:15 p.m.•52 views

CVE-2024-26713

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

6.5AI score
Exploits0References5
UbuntuCve
UbuntuCve
•added 2024/03/27 7:0 a.m.•52 views

CVE-2024-2004

When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been...

3.5CVSS6.7AI score0.01681EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2024/03/06 7:15 p.m.•52 views

CVE-2024-2176

Use after free in FedCM in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.2AI score0.01251EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2024/02/21 3:15 p.m.•52 views

CVE-2024-26582

In the Linux kernel, the following vulnerability has been resolved: net: tls: fix use-after-free with partial reads and async decrypt tlsdecryptsg doesn't take a reference on the pages from clearskb, so the putpage in tlsdecryptdone releases them, and we trigger a use-after-free in processrxlist...

7.8CVSS6.3AI score0.00254EPSS
Exploits0References11
UbuntuCve
UbuntuCve
•added 2024/01/09 5:15 p.m.•52 views

CVE-2024-0228

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is a duplicate of CVE-2024-0193...

5.8AI score
Exploits0References1
UbuntuCve
UbuntuCve
•added 2023/12/04 12:0 a.m.•52 views

CVE-2023-49083

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling loadpempkcs7certificates or loadderpkcs7certificates could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service...

7.5CVSS6.6AI score0.00985EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2023/11/03 9:15 p.m.•52 views

CVE-2023-47233

The brcm80211 component in the Linux kernel through 6.5.10 has a brcmfcfg80211detach use-after-free in the device unplugging disconnect the USB by hotplug code. For physically proximate attackers with local access, this "could be exploited in a real world scenario." This is related to...

4.3CVSS6.7AI score0.00315EPSS
Exploits0References19
UbuntuCve
UbuntuCve
•added 2023/10/17 10:15 p.m.•52 views

CVE-2023-22025

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition:...

3.7CVSS6.4AI score0.00883EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2023/09/13 12:0 a.m.•52 views

CVE-2023-3867

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out of bounds read in smb2sesssetup ksmbd does not consider the case of that smb2 session setup is in compound request. If this is the second payload of the compound, OOB read issue occurs while processing the first...

7.1CVSS6.4AI score0.0304EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2023/07/26 12:0 a.m.•52 views

CVE-2023-30577

AMANDA Advanced Maryland Automatic Network Disk Archiver before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705...

7.8CVSS7AI score0.00459EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2023/07/05 6:15 p.m.•52 views

CVE-2020-23452

A cross-site scripting XSS vulnerability in Selenium Grid v3.141.59 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the hub parameter under the /grid/console page...

6.1CVSS6.5AI score0.00406EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2023/06/30 10:15 p.m.•52 views

CVE-2023-3117

Rejected reason: Duplicate of CVE-2023-3390...

6.8AI score
Exploits0References2
UbuntuCve
UbuntuCve
•added 2023/06/07 3:15 a.m.•52 views

CVE-2023-0667

Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark...

6.5CVSS7.2AI score0.02008EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2023/06/02 5:15 p.m.•52 views

CVE-2023-25749

Android applications with unpatched vulnerabilities can be launched from a browser using Intents, exposing users to these vulnerabilities. Firefox will now confirm with users that they want to launch an external application before doing so. This bug only affects Firefox for Android. Other version...

4.3CVSS6.8AI score0.00384EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2023/06/02 12:15 p.m.•52 views

CVE-2022-24695

Bluetooth Classic in Bluetooth Core Specification through 5.3 does not properly conceal device information for Bluetooth transceivers in Non-Discoverable mode. By conducting an efficient over-the-air attack, an attacker can fully extract the permanent, unique Bluetooth MAC identifier, along with...

4.3CVSS5.9AI score0.00409EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2023/06/01 12:0 p.m.•52 views

CVE-2023-32324

OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service DoS attack. A buffer overflow vulnerability in the function formatlogline could allow remote attackers to cause a DoS ...

7.5CVSS7.1AI score0.01461EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2023/04/24 12:0 a.m.•52 views

CVE-2022-32885

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution...

8.8CVSS7.3AI score0.00799EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2023/04/19 11:15 p.m.•52 views

CVE-2023-28327

A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unixdiaggetexact in the Linux Kernel. The newly allocated skb does not have sk, leading to a NULL pointer. This flaw allows a local user to crash or potentially cause a denial of service...

5.5CVSS6.7AI score0.00189EPSS
Exploits0References2
Total number of security vulnerabilities5000