Lucene search
+L
UbuntucveMost viewed

71772 matches found

UbuntuCve
UbuntuCve
•added 2022/03/03 11:15 p.m.•52 views

CVE-2021-26948

Null pointer dereference in the htmldoc v1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service via a crafted html file...

7.8CVSS7.4AI score0.00786EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2022/03/03 11:15 p.m.•52 views

CVE-2021-3638

An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati2dblt routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QE...

6.5CVSS6.8AI score0.00429EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2022/03/02 11:15 p.m.•52 views

CVE-2021-3623

A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this vulnerability is to...

6.1CVSS6.6AI score0.00316EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/02/20 8:15 p.m.•52 views

CVE-2022-25375

An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDISMSGSET command. Attackers can obtain sensitive information from kernel memory...

5.5CVSS6.8AI score0.01054EPSS
Exploits1References9
UbuntuCve
UbuntuCve
•added 2022/02/14 9:15 p.m.•52 views

CVE-2022-23638

svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scripting vulnerability impacts all users of the svg-sanitizer library prior to version 0.15.0. This issue is fixed in version 0.15.0. There is currently no workaround available...

6.2CVSS6.6AI score0.00682EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2022/02/09 11:15 p.m.•52 views

CVE-2021-0166

Exposure of Sensitive Information to an Unauthorized Actor in firmware for some IntelR PROSet/Wireless Wi-Fi in multiple operating systems and some KillerTM Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable escalation of privilege via local access...

6.7CVSS6.5AI score0.00293EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/01/31 12:0 a.m.•52 views

CVE-2021-44141

All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succee...

4.3CVSS6.8AI score0.01097EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/01/10 2:12 p.m.•52 views

CVE-2022-22826

nextScaffoldPart in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow...

8.8CVSS7AI score0.02801EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2021/12/16 4:15 a.m.•52 views

CVE-2021-45095

pepsockaccept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak...

5.5CVSS6.8AI score0.00338EPSS
Exploits0References11
UbuntuCve
UbuntuCve
•added 2021/11/15 9:15 p.m.•52 views

CVE-2021-42383

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function...

7.2CVSS7.3AI score0.02117EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2021/10/26 3:15 p.m.•52 views

CVE-2021-41182

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now...

6.5CVSS6.7AI score0.42229EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2021/09/08 3:15 p.m.•52 views

CVE-2021-30666

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited...

8.8CVSS7.3AI score0.03031EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2021/07/27 12:0 a.m.•52 views

CVE-2021-30749

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution...

8.8CVSS7AI score0.0166EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2021/07/27 12:0 a.m.•52 views

CVE-2021-30744

Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site...

6.1CVSS6.5AI score0.01068EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2021/07/09 11:15 a.m.•52 views

CVE-2012-2666

golang/go in 1.0.2 fixes all.bash on shared machines. dotest in src/pkg/debug/gosym/pclntabtest.go creates a temporary file with predicable name and executes it as shell script...

9.8CVSS7.2AI score0.01935EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2021/06/03 12:0 a.m.•52 views

CVE-2021-23180

A flaw was found in htmldoc in v1.9.12 and before. Null pointer dereference in fileextension,in file.c may lead to execute arbitrary code and denial of service...

7.8CVSS7.4AI score0.01268EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2021/05/06 4:15 p.m.•52 views

CVE-2021-31829

kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against speculative loads. Also, the BPF stack can...

5.5CVSS6.8AI score0.00313EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2021/04/28 3:15 a.m.•52 views

CVE-2020-36326

PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in...

9.8CVSS6.9AI score0.03095EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2021/04/22 6:15 p.m.•52 views

CVE-2021-23133

A race condition in Linux kernel SCTP sockets net/sctp/socket.c before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctpdestroysock is called without socknetsk-sctp.addrwqlock then an element is removed from the...

7CVSS6.7AI score0.00482EPSS
Exploits1References11
UbuntuCve
UbuntuCve
•added 2021/04/02 7:15 p.m.•52 views

CVE-2021-1844

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 v. 14610.4.3.1.7 and 15610.4.3.1.7, watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution...

8.8CVSS7.1AI score0.02368EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2021/03/24 12:0 a.m.•52 views

CVE-2021-1801

This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy...

6.5CVSS7.1AI score0.01515EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2021/02/14 3:15 a.m.•52 views

CVE-2021-27212

In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service daemon exit via a short timestamp. This is related to schemainit.c and checkTime...

7.5CVSS7.1AI score0.64147EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2021/01/19 6:15 a.m.•52 views

CVE-2021-3177

Python 3.x through 3.9.1 has a buffer overflow in PyCArgrepr in ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to cdouble.fromparam. This occurs because sprintf is...

9.8CVSS7.6AI score0.23293EPSS
Exploits1References10
UbuntuCve
UbuntuCve
•added 2021/01/07 12:0 a.m.•52 views

CVE-2021-1053

NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape or IOCTL in which improper validation of a user pointer may lead to denial of service...

5.5CVSS6.1AI score0.00388EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2020/11/23 9:15 p.m.•52 views

CVE-2020-15436

Use-after-free vulnerability in fs/blockdev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field...

7.2CVSS6.7AI score0.00928EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2020/11/13 12:0 a.m.•52 views

CVE-2020-25696

A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute arbitrary code as the operating...

7.6CVSS7.4AI score0.02586EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2020/09/18 6:15 p.m.•52 views

CVE-2020-14390

A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out...

5.6CVSS6.7AI score0.00344EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2020/08/21 7:15 p.m.•52 views

CVE-2020-14201

Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code...

6.5CVSS6.7AI score0.01629EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2020/06/26 4:15 p.m.•52 views

CVE-2020-10769

A buffer over-read flaw was found in RH kernel versions before 5.0 in cryptoauthencextractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read...

5.5CVSS6.9AI score0.00491EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2020/06/03 12:0 a.m.•52 views

CVE-2020-12410

Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird 68.9.0,...

9.3CVSS7.3AI score0.01537EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2020/05/24 10:15 p.m.•52 views

CVE-2020-13435

SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c...

5.5CVSS6.8AI score0.0064EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2020/05/04 12:15 p.m.•52 views

CVE-2020-12114

A pivotroot race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a denial of service panic by corrupting a mountpoint reference counter...

4.7CVSS6.7AI score0.00423EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2020/04/01 9:15 p.m.•52 views

CVE-2019-11254

The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML...

6.5CVSS6.8AI score0.0236EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2020/03/10 6:15 p.m.•52 views

CVE-2020-5258

In affected versions of dojo NPM package, the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or...

7.7CVSS6.6AI score0.0399EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2020/03/05 7:15 p.m.•52 views

CVE-2019-20382

QEMU 4.1.0 has a memory leak in zrlecompressdata in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd...

3.5CVSS6.8AI score0.00866EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2020/02/14 12:0 a.m.•52 views

CVE-2020-3868

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to...

9.3CVSS6.9AI score0.027EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2020/01/27 4:15 p.m.•52 views

CVE-2015-3154

CRLF injection vulnerability in Zend\Mail ZendMail in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email...

6.1CVSS7AI score0.01009EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2019/12/23 3:15 a.m.•52 views

CVE-2019-11047

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure o...

6.5CVSS6.8AI score0.07473EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2019/12/09 4:15 p.m.•52 views

CVE-2019-19645

alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements...

5.5CVSS6.8AI score0.00566EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2019/12/03 4:15 p.m.•52 views

CVE-2019-19533

In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusbdec.c driver, aka CID-a10feaf8c464...

2.4CVSS6.7AI score0.0046EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2019/11/19 9:15 p.m.•52 views

CVE-2019-10768

In AngularJS before 1.7.9 the function merge could be tricked into adding or modifying properties of Object.prototype using a proto payload...

7.5CVSS6.8AI score0.02179EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2019/11/19 3:15 p.m.•52 views

CVE-2016-1000006

hhvm before 3.12.11 has a use-after-free in the serializememoizeparam and ResourceBundle::construct functions...

9.8CVSS7.2AI score0.01568EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2019/11/12 6:0 p.m.•52 views

CVE-2018-12207

Improper invalidation for page table updates by a virtual guest operating system for multiple IntelR Processors may allow an authenticated user to potentially enable denial of service of the host system via local access...

6.5CVSS6.8AI score0.00915EPSS
Exploits0References11
UbuntuCve
UbuntuCve
•added 2019/11/01 12:0 a.m.•52 views

CVE-2019-8769

An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history...

4.3CVSS6.8AI score0.01241EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2019/08/25 12:0 a.m.•52 views

CVE-2019-15538

An issue was discovered in xfssetattrnonsize in fs/xfs/xfsiops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfssetattrnonsize is failing to unlock the ILOCK after the xfsqmvopchownreserve call fails. This is primarily a local...

7.8CVSS6.8AI score0.03916EPSS
Exploits0References8
UbuntuCve
UbuntuCve
•added 2019/08/05 12:15 p.m.•52 views

CVE-2019-14663

Brandy 1.20.1 has a stack-based buffer overflow in fileioopenin in fileio.c via crafted BASIC source code...

5.5CVSS6.4AI score0.00842EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2019/07/25 2:15 p.m.•52 views

CVE-2019-1010176

JerryScript commit 4e58ccf68070671e1fff5cd6673f0c1d5b80b166 is affected by: Buffer Overflow. The impact is: denial of service and possibly arbitrary code execution. The component is: function litchartoutf8bytes jerry-core/lit/lit-char-helpers.c:377. The attack vector is: executing crafted...

9.8CVSS7.2AI score0.02549EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2019/06/13 12:0 a.m.•52 views

CVE-2019-12818

An issue was discovered in the Linux kernel before 4.20.15. The nfcllcpbuildtlv function in net/nfc/llcpcommands.c may return NULL. If the caller does not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfcllcpbuildgb in net/nfc/llcpcore...

7.5CVSS6.7AI score0.05482EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2019/06/03 12:0 a.m.•52 views

CVE-2019-12614

An issue was discovered in dlparparseccproperty in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop-name, which might allow an attacker to cause a denial of service NULL pointer dereference and system crash...

4.7CVSS6.7AI score0.00623EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2019/05/08 12:0 a.m.•52 views

CVE-2019-11815

An issue was discovered in rdstcpkillsock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup...

9.3CVSS6.8AI score0.04458EPSS
Exploits1References9
Total number of security vulnerabilities5000