Lucene search
+L
UbuntucveMost viewed

71772 matches found

UbuntuCve
UbuntuCve
added 2017/06/29 12:0 a.m.52 views

CVE-2017-10688

In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tifdirwrite.c. A crafted input will lead to a remote denial of service attack...

7.5CVSS6.9AI score0.06721EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2017/04/20 12:0 a.m.52 views

CVE-2017-5442

A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...

9.8CVSS7.2AI score0.02665EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2017/04/03 12:0 a.m.52 views

CVE-2017-7407

The ourWriteOut function in toolwriteout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a...

2.4CVSS6.9AI score0.00581EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2017/01/12 12:0 a.m.52 views

CVE-2016-8399

An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler...

7.6CVSS7.1AI score0.02341EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2016/11/04 12:0 a.m.52 views

CVE-2016-8909

The intelhdaxfer function in hw/audio/intel-hda.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service infinite loop and CPU consumption via an entry with the same value for buffer length and pointer position...

6CVSS6.8AI score0.00441EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2016/10/16 12:0 a.m.52 views

CVE-2016-7097

The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions...

4.4CVSS6.8AI score0.00377EPSS
Exploits0References14
UbuntuCve
UbuntuCve
added 2016/09/22 12:0 a.m.52 views

CVE-2016-6304

Multiple memory leaks in t1lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service memory consumption via large OCSP Status Request extensions...

7.8CVSS7.1AI score0.63029EPSS
Exploits2References4
UbuntuCve
UbuntuCve
added 2016/07/20 12:0 a.m.52 views

CVE-2016-5441

Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Replication...

4.9CVSS6.7AI score0.02213EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2016/06/07 2:6 p.m.52 views

CVE-2014-9747

The t42parseencoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly update the current position for immediates-only mode, which allows remote attackers to cause a denial of service infinite loop via a Type42 font...

7.5CVSS7.2AI score0.03015EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2016/05/06 12:0 a.m.52 views

CVE-2016-4543

The exifprocessIFDinJPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via crafted header data...

9.8CVSS7.2AI score0.12179EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2015/12/09 12:0 a.m.52 views

CVE-2015-8472

Buffer overflow in the pngsetPLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a small...

7.5CVSS7.2AI score0.06054EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2015/11/16 12:0 a.m.52 views

CVE-2015-8104

The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service host OS panic or hang by triggering many DB aka Debug exceptions, related to svm.c...

10CVSS6.7AI score0.02501EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2015/10/01 12:59 a.m.52 views

CVE-2015-3832

Multiple buffer overflows in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via invalid size values of NAL units in MP4 data, aka internal bug 19641538...

10CVSS6.2AI score0.02883EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2015/10/01 12:59 a.m.52 views

CVE-2015-3842

Multiple heap-based buffer overflows in libeffects in the Audio Policy Service in mediaserver in Android before 5.1.1 LMY48I allow attackers to execute arbitrary code via a crafted application, aka internal bug 21953516...

9.3CVSS6.3AI score0.01439EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2015/07/16 12:0 a.m.52 views

CVE-2015-2601

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, JRockit R28.3.6, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE...

5CVSS6.3AI score0.03612EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2015/06/09 12:0 a.m.52 views

CVE-2015-4022

Integer overflow in the ftpgenlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow...

7.5CVSS7.8AI score0.20837EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2015/04/24 12:0 a.m.52 views

CVE-2015-3414

SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service uninitialized memory access and application crash or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrate...

7.5CVSS6.8AI score0.04852EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2015/04/15 12:0 a.m.52 views

CVE-2015-0480

Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools...

5.8CVSS6.3AI score0.03608EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2014/12/31 12:0 a.m.52 views

CVE-2014-8160

net/netfilter/nfconntrackprotogeneric.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with...

5CVSS6.8AI score0.05489EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2014/07/20 12:0 a.m.52 views

CVE-2014-0117

The modproxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service child-process crash via a crafted HTTP Connection header...

4.3CVSS6.9AI score0.35543EPSS
Exploits2References3
UbuntuCve
UbuntuCve
added 2014/07/03 12:0 a.m.52 views

CVE-2014-4655

The sndctlelemadd function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the userctlcount value, which allows local users to cause a denial of service integer overflow and limit bypass by leveraging /dev/snd/controlCX acces...

4.9CVSS6.8AI score0.00494EPSS
Exploits0References12
UbuntuCve
UbuntuCve
added 2014/04/15 12:0 a.m.52 views

CVE-2014-0458

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-2423...

7.5CVSS7.1AI score0.04976EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2014/02/21 12:0 a.m.52 views

CVE-2014-1912

Buffer overflow in the socket.recvfrominto function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string...

7.5CVSS7.3AI score0.28319EPSS
Exploits7References3
UbuntuCve
UbuntuCve
added 2013/09/16 12:0 a.m.52 views

CVE-2013-2888

Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device HID subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service heap memory corruption via a crafted device that provides an invalid Repor...

6.2CVSS7.2AI score0.00477EPSS
Exploits0References13
UbuntuCve
UbuntuCve
added 2013/03/05 9:38 p.m.52 views

CVE-2012-3411

Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service traffic amplification via a spoofed DNS query...

5CVSS5.9AI score0.05028EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2012/02/24 12:0 a.m.52 views

CVE-2012-0507

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE:...

10CVSS7.3AI score0.98113EPSS
Exploits13References4
UbuntuCve
UbuntuCve
added 2011/05/04 12:0 a.m.52 views

CVE-2011-0077

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code vi...

10CVSS7.3AI score0.05259EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2010/11/05 12:0 a.m.52 views

CVE-2010-3840

The Gislinestring::initfromwkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service server crash by calling the PolyFromWKB function with Well-Known Binary WKB data containing a crafted number of 1 line strings or 2 line points...

4CVSS5.9AI score0.03391EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2010/10/22 12:0 a.m.52 views

CVE-2010-3856

ld.so in the GNU C Library aka glibc or libc6 before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LDAUDIT environment variable to reference dynamic shared objects DSOs as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a...

7.2CVSS7.1AI score0.09454EPSS
Exploits24References2
UbuntuCve
UbuntuCve
added 2010/09/21 12:0 a.m.52 views

CVE-2010-3477

The tcfactpolicedump function in net/sched/actpolice.c in the actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc4 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel...

2.1CVSS6.3AI score0.00404EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2010/01/13 12:0 a.m.52 views

CVE-2009-4492

WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrar...

7.5CVSS7.1AI score0.15684EPSS
Exploits2References2
UbuntuCve
UbuntuCve
added 2009/12/21 4:30 p.m.53 views

CVE-2009-4371

Cross-site scripting XSS vulnerability in the Locale module modules/locale/locale.module in Drupal Core 6.14, and possibly other versions including 6.15, allows remote authenticated users with "administer languages" permissions to inject arbitrary web script or HTML via the 1 Language name in...

3.5CVSS6AI score0.00888EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2009/03/27 4:30 p.m.52 views

CVE-2009-0590

The ASN1STRINGprintex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service invalid memory access and application crash via vectors that trigger printing of a 1 BMPString or 2 UniversalString with an invalid encoded length...

5CVSS7.1AI score0.06194EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2009/03/06 11:30 a.m.52 views

CVE-2009-0834

The auditsyscallentry function in the Linux kernel 2.6.28.7 and earlier on the x8664 platform does not properly handle 1 a 32-bit process making a 64-bit syscall or 2 a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted...

3.6CVSS6.3AI score0.00441EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2009/02/20 7:30 p.m.52 views

CVE-2009-0653

OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970...

7.5CVSS5.9AI score0.01148EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2008/08/04 1:41 a.m.52 views

CVE-2008-1232

Cross-site scripting XSS vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method...

4.3CVSS6.3AI score0.75865EPSS
Exploits2References1
UbuntuCve
UbuntuCve
added 2007/11/20 7:46 p.m.52 views

CVE-2007-5899

The outputaddrewritevar function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a loca...

4.3CVSS5.9AI score0.03393EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2007/07/02 7:30 p.m.52 views

CVE-2007-3506

The ftbitmapassurebuffer function in src/base/ftbimap.c in FreeType 2.3.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors involving bitmap fonts, related to a "memory buffer overwrite bug."...

7.5CVSS6.4AI score0.02018EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2005/05/31 4:0 a.m.52 views

CVE-2005-0356

Multiple TCP implementations with Protection Against Wrapped Sequence Numbers PAWS with the timestamps option enabled allow remote attackers to cause a denial of service connection loss via a spoofed packet with a large timer value, which causes the host to discard later packets because they appe...

5CVSS5.9AI score0.83284EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2005/05/02 4:0 a.m.52 views

CVE-2005-1080

Directory traversal vulnerability in the Java Archive Tool Jar utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. dot dot in filenames in a .jar file...

5CVSS6.1AI score0.06717EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2024/10/21 8:15 p.m.51 views

CVE-2022-48984

In the Linux kernel, the following vulnerability has been resolved: can: slcan: fix freed work crash The LTP test pty03 is causing a crash in slcan: BUG: kernel NULL pointer dereference, address: 0000000000000008 PF: supervisor read access in kernel mode PF: errorcode0x0000 - not-present page PGD...

5.5CVSS5.7AI score0.002EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2024/10/01 10:15 a.m.51 views

CVE-2023-3441

An issue has been discovered in GitLab EE/CE affecting all versions starting from 8.0 before 16.4. The product did not sufficiently warn about security implications of granting merge rights to protected branches...

9.1CVSS5.8AI score0.00554EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2024/07/09 12:0 p.m.51 views

CVE-2024-3596

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response Access-Accept, Access-Reject, or Access-Challenge to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature...

9CVSS7.1AI score0.14859EPSS
Exploits2References6
UbuntuCve
UbuntuCve
added 2024/05/14 3:36 p.m.51 views

CVE-2024-32655

Npgsql is the .NET data provider for PostgreSQL. The WriteBind method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This cause...

8.1CVSS7.4AI score0.01716EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/04/29 4:15 a.m.51 views

CVE-2024-2757

In PHP 8.3. before 8.3.5, function mbencodemimeheader runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function...

7.5CVSS7.1AI score0.01924EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2024/03/27 12:0 a.m.51 views

CVE-2023-45288

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS7AI score0.91969EPSS
Exploits1References8
UbuntuCve
UbuntuCve
added 2024/03/13 4:15 p.m.51 views

CVE-2024-23672

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from...

6.3CVSS6.7AI score0.02313EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2024/03/06 7:15 p.m.51 views

CVE-2024-2176

Use after free in FedCM in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.2AI score0.01251EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2024/02/29 1:42 a.m.51 views

CVE-2023-7207

Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames...

4.9CVSS6.3AI score0.00906EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2024/02/28 9:15 a.m.51 views

CVE-2021-47001

In the Linux kernel, the following vulnerability has been resolved: xprtrdma: Fix cwnd update ordering After a reconnect, the reply handler is opening the cwnd and thus enabling more RPC Calls to be sent /before/ rpcrdmapostrecvs can post enough Receive WRs to receive their replies. This causes a...

4.7CVSS6.4AI score0.00285EPSS
Exploits0References12
Total number of security vulnerabilities5000