Lucene search
+L
UbuntucveMost viewed

71772 matches found

UbuntuCve
UbuntuCve
•added 2023/09/27 12:0 a.m.•51 views

CVE-2023-44216

PVRIC PowerVR Image Compression on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately...

5.3CVSS6.1AI score0.01809EPSS
Exploits1References9
UbuntuCve
UbuntuCve
•added 2023/09/15 7:15 p.m.•51 views

CVE-2023-36479

Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, th...

3.5CVSS6.8AI score0.01006EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2023/08/22 7:16 p.m.•51 views

CVE-2022-48063

GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function loadseparatedebugfiles at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack...

5.5CVSS6.4AI score0.00483EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2023/08/11 3:15 a.m.•51 views

CVE-2022-40964

Improper access control for some IntelR PROSet/Wireless WiFi and KillerTM WiFi software may allow a privileged user to potentially enable escalation of privilege via local access...

7.9CVSS6.8AI score0.00235EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2023/08/09 12:0 a.m.•51 views

CVE-2023-4155

A flaw was found in KVM AMD Secure Encrypted Virtualization SEV in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the VMGEXIT handler recursively. If an attacker manages to call the handler multiple time...

5.6CVSS6.7AI score0.00159EPSS
Exploits0References11
UbuntuCve
UbuntuCve
•added 2023/07/05 12:0 a.m.•51 views

CVE-2023-31248

Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; nftchainlookupbyid failed to check whether a chain was active and CAPNETADMIN is in any user or network namespace...

7.8CVSS6.8AI score0.0205EPSS
Exploits0References11
UbuntuCve
UbuntuCve
•added 2023/07/04 12:0 a.m.•51 views

CVE-2023-36053

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS regular expression denial of service attack via a very large number of domain name labels of emails and URLs...

7.5CVSS7.1AI score0.02978EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2023/06/28 9:15 p.m.•51 views

CVE-2023-3390

A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nftablesapi.c. Mishandled error handling with NFTMSGNEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local...

7.8CVSS6.7AI score0.00871EPSS
Exploits0References13
UbuntuCve
UbuntuCve
•added 2023/06/26 7:15 p.m.•51 views

CVE-2020-23066

Rejected reason: DO NOT USE THIS CVE ID NUMBER. Consult IDs: CVE-2020-17480. Reason: This CVE Record is a duplicate of CVE-2020-17480. Notes: All CVE users should reference CVE-2020-17480 instead of this record...

6.3AI score
Exploits0References2
UbuntuCve
UbuntuCve
•added 2023/06/18 10:15 p.m.•51 views

CVE-2023-35829

An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdecremove in drivers/staging/media/rkvdec/rkvdec.c...

7CVSS6.9AI score0.00476EPSS
Exploits0References11
UbuntuCve
UbuntuCve
•added 2023/06/02 5:15 p.m.•51 views

CVE-2023-25748

By displaying a prompt with a long description, the fullscreen notification could have been hidden, resulting in potential user confusion or spoofing attacks. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 111...

4.3CVSS6.7AI score0.00348EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2023/05/26 6:15 p.m.•51 views

CVE-2023-32681

Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use rebuildproxies to reattach the Proxy-Authorization header to requests. For HTTP connections sent...

6.1CVSS6.6AI score0.02974EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2023/05/17 6:15 p.m.•51 views

CVE-2023-26044

react/http is an event-driven, streaming HTTP client and server implementation for ReactPHP. Previous versions of ReactPHP's HTTP server component contain a potential DoS vulnerability that can cause high CPU load when processing large HTTP request bodies. This vulnerability has little to no impa...

5.3CVSS6AI score0.0068EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2023/04/14 10:15 p.m.•51 views

CVE-2023-29383

In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although it is not possible to exploit this directly e.g., adding a new user fails because \n is in the block list, it is possible to misrepresent the /etc/passwd file when...

3.3CVSS6.6AI score0.00428EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2023/04/11 9:15 p.m.•51 views

CVE-2023-1989

A use-after-free flaw was found in btsdioremove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdioremove with an unfinished job, may cause a race problem leading to a UAF on hdev devices...

7.1CVSS6.7AI score0.00387EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2023/03/29 12:0 a.m.•51 views

CVE-2023-28642

runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when /proc inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked /proc...

7.8CVSS6.6AI score0.00343EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2023/03/27 9:15 p.m.•51 views

CVE-2023-1076

A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAPNETADMIN, it may not always be the case, e.g., a non-root user only having that...

5.5CVSS6.7AI score0.00257EPSS
Exploits0References13
UbuntuCve
UbuntuCve
•added 2023/03/22 9:15 p.m.•51 views

CVE-2023-28439

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages ...

6.1CVSS7AI score0.00725EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2023/03/22 12:0 a.m.•51 views

CVE-2023-28434

Last updated 21 August 2024...

8.9AI score0.06736EPSS
Exploits2References4
UbuntuCve
UbuntuCve
•added 2023/03/19 3:15 a.m.•51 views

CVE-2022-48423

In the Linux kernel before 6.1.3, fs/ntfs3/record.c does not validate resident attribute names. An out-of-bounds write may occur...

7.8CVSS6.8AI score0.00266EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2023/03/06 10:15 p.m.•51 views

CVE-2021-36713

Cross Site Scripting XSS vulnerability in the DataTables plug-in 1.9.2 for jQuery allows attackers to run arbitrary code via the sBaseName parameter to function fnCreateCookie. NOTE: 1.9.2 is a version from 2012...

6.1CVSS7AI score0.00792EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2023/03/05 5:15 a.m.•51 views

CVE-2015-10088

A vulnerability, which was classified as critical, was found in ayttm up to 0.5.0.89. This affects the function httpconnect in the library libproxy/proxy.c. The manipulation leads to format string. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The...

8.1CVSS5.4AI score0.00721EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2023/02/03 12:0 a.m.•51 views

CVE-2022-24894

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses including headers and returns them to the clients. In a recent change in the AbstractSessionListener, the response...

8.8CVSS6.8AI score0.00753EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2023/01/25 12:0 a.m.•51 views

CVE-2022-3094

Sending a flood of dynamic DNS updates may cause named to allocate large amounts of memory. This, in turn, may cause named to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated prior to the checking of access permissions ACLs and is...

7.5CVSS7AI score0.13108EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2023/01/25 12:0 a.m.•51 views

CVE-2022-3924

This issue can affect BIND 9 resolvers with stale-answer-enable yes; that also make use of the option stale-answer-client-timeout, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clien...

7.5CVSS7.2AI score0.15989EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2023/01/14 2:15 a.m.•51 views

CVE-2023-22497

Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. Each Netdata Agent has an automatically generated MACHINE GUID. It is generated when the agent first starts and it is saved to disk, so that it will persist across restarts and reboots. Anyone who has...

9.1CVSS7AI score0.0068EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2023/01/10 8:15 p.m.•51 views

CVE-2023-0129

Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. Chromium security severity: High...

8.8CVSS7.4AI score0.00503EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/11/08 8:15 p.m.•51 views

CVE-2022-39377

sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocatestructures contains a sizet overflow in sacommon.c. The allocatestructures function insufficiently checks bounds before arithmetic...

7.8CVSS7AI score0.01096EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2022/11/01 8:15 p.m.•51 views

CVE-2022-32888

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, macOS Monterey 12.6, tvOS 16. Processing maliciously crafted web content may lead to arbitrary code execution...

8.8CVSS7.3AI score0.01144EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2022/10/25 5:15 p.m.•51 views

CVE-2022-41704

A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16...

7.5CVSS7AI score0.02143EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2022/10/13 11:15 p.m.•51 views

CVE-2022-42719

A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers able to inject WLAN frames to crash the kernel and potentially execute code...

8.8CVSS6.7AI score0.0123EPSS
Exploits1References15
UbuntuCve
UbuntuCve
•added 2022/10/06 12:0 a.m.•51 views

CVE-2022-31008

RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker link state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions...

7.5CVSS6.9AI score0.00322EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/09/23 12:0 a.m.•51 views

CVE-2022-2785

There exists an arbitrary memory read within the Linux Kernel BPF - Constants provided to fill pointers in structs passed in to bpfsysbpf are not verified and can point anywhere, including memory not owned by BPF. An attacker with CAPBPF can arbitrarily read memory from anywhere on the system. We...

6.7CVSS6.2AI score0.00255EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/09/21 7:15 a.m.•51 views

CVE-2022-41218

In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvbdemuxopen and dvbdmxdevrelease...

5.5CVSS6.8AI score0.00778EPSS
Exploits1References30
UbuntuCve
UbuntuCve
•added 2022/09/19 9:15 p.m.•51 views

CVE-2022-28201

An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite recursion, because a bare local interwiki is mishandled for the mainpage message...

4.4CVSS5.9AI score0.00407EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2022/09/09 9:15 p.m.•51 views

CVE-2022-36087

OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of urivalidate functions depending where it is used. OAuthLib...

6.5CVSS6.9AI score0.01323EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2022/08/24 4:15 p.m.•51 views

CVE-2021-4037

A vulnerability was found in the fs/inode.c:inodeinitowner function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belon...

7.8CVSS6.7AI score0.00277EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/08/16 9:15 p.m.•51 views

CVE-2022-35107

SWFTools commit 772e55a2 was discovered to contain a stack overflow via vfprintf at /stdio-common/vfprintf.c...

5.5CVSS6.1AI score0.00284EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2022/08/10 8:15 p.m.•51 views

CVE-2021-33646

The thread function doesn’t free a variable t-thbuf.gnulongname after allocating memory, which may cause a memory leak...

7.5CVSS6.9AI score0.01438EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/07/19 10:15 p.m.•51 views

CVE-2022-21455

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PAM Auth Plugin. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf...

4.9CVSS6.6AI score0.00962EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/07/17 11:15 p.m.•51 views

CVE-2022-31212

An issue was discovered in dbus-broker before 31. It depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based buffer over-read if a malicious Exec line is supplied...

7.5CVSS7.4AI score0.02073EPSS
Exploits3References1
UbuntuCve
UbuntuCve
•added 2022/07/12 4:0 p.m.•51 views

CVE-2022-23825

Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure...

6.5CVSS6.6AI score0.00785EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2022/07/07 12:0 a.m.•51 views

CVE-2022-26710

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may lead to arbitrary code execution...

8.8CVSS7.2AI score0.00844EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/07/04 8:0 a.m.•51 views

CVE-2022-34265

An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc and Extract database functions are subject to SQL injection if untrusted data is used as a kind/lookupname value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected...

9.8CVSS6.8AI score0.73274EPSS
Exploits3References2
UbuntuCve
UbuntuCve
•added 2022/06/16 6:15 p.m.•51 views

CVE-2022-32545

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior...

7.8CVSS6.8AI score0.01327EPSS
Exploits0References12
UbuntuCve
UbuntuCve
•added 2022/05/11 12:0 a.m.•51 views

CVE-2022-27782

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH...

7.5CVSS6.8AI score0.02596EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2022/05/03 11:15 a.m.•51 views

CVE-2021-41959

JerryScript Git version 14ff5bf does not sufficiently track and release allocated memory via jerry-core/ecma/operations/ecma-regexp-object.c after RegExp, which causes a memory leak...

7.5CVSS7.1AI score0.01141EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2022/05/02 11:15 p.m.•51 views

CVE-2021-42529

XMP Toolkit SDK version 2021.07 and earlier is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file...

9.3CVSS7.2AI score0.036EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2022/04/27 6:0 a.m.•51 views

CVE-2022-22576

An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocol...

8.1CVSS6.8AI score0.01914EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2022/04/25 1:15 p.m.•51 views

CVE-2022-28506

There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB in gif2rgb.c:298:45...

5.5CVSS6.4AI score0.01253EPSS
Exploits1References4
Total number of security vulnerabilities5000