Lucene search
+L
UbuntucveMost viewed

71772 matches found

UbuntuCve
UbuntuCve
•added 2019/03/28 9:29 p.m.•51 views

CVE-2019-0224

In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could execute javascript on another user's session. No information could be saved on the server or jspwiki database, nor would an attacker be able to execute js on someone else's browser; only on its own browser...

6.1CVSS6.5AI score0.0515EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2019/03/08 12:0 a.m.•51 views

CVE-2019-9636

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding with an incorrect netloc during NFKC normalization. The impact is: Information disclosure credentials, cookies, etc. that are cached against a given hostname. The components are:...

9.8CVSS6.8AI score0.09125EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2019/02/01 12:0 a.m.•51 views

CVE-2019-7308

kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks...

5.6CVSS6.8AI score0.00543EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2018/12/24 12:0 a.m.•51 views

CVE-2018-19985

The function hsogetconfigdata in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads ifnum from the USB device as a u8 and uses it to index a small array, resulting in an object out-of-bounds OOB read that potentially allows arbitrary read in the kernel address space...

4.6CVSS6.8AI score0.00961EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2018/10/16 12:0 a.m.•51 views

CVE-2018-3136

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

3.4CVSS6.8AI score0.03641EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2018/08/22 1:29 p.m.•51 views

CVE-2018-11776

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true either by user or a plugin like Convention Plugin and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace...

9.3CVSS7.4AI score0.99993EPSS
Exploits41References5
UbuntuCve
UbuntuCve
•added 2018/07/26 12:0 a.m.•51 views

CVE-2018-10879

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4xattrsetentry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image...

7.8CVSS6.7AI score0.00861EPSS
Exploits1References7
UbuntuCve
UbuntuCve
•added 2018/05/17 2:29 p.m.•51 views

CVE-2018-7159

The HTTP parser in all current versions of Node.js ignores spaces in the Content-Length header, allowing input such as Content-Length: 1 2 to be interpreted as having a value of 12. The HTTP specification does not allow for spaces in the Content-Length value and the Node.js HTTP parser has been...

5.3CVSS6.7AI score0.03621EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2018/04/23 12:0 a.m.•51 views

CVE-2018-8781

The udlfbmmap function in drivers/gpu/drm/udl/udlfb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code...

7.8CVSS7.2AI score0.00502EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2018/03/29 7:29 a.m.•51 views

CVE-2018-7600

Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations...

9.8CVSS7.4AI score0.99993EPSS
Exploits46References6
UbuntuCve
UbuntuCve
•added 2018/03/26 12:0 a.m.•51 views

CVE-2018-1283

In Apache httpd 2.4.0 to 2.4.29, when modsession is configured to forward its session data to CGI applications SessionEnv on, not the default, a remote user may influence their content by using a "Session" header. This comes from the "HTTPSESSION" variable name used by modsession to forward its...

5.3CVSS6.8AI score0.10118EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2018/03/04 9:29 p.m.•51 views

CVE-2017-18214

The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055...

7.5CVSS6.8AI score0.03673EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2018/02/26 3:29 p.m.•51 views

CVE-2018-7489

FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of th...

9.8CVSS7.5AI score0.20135EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2018/02/09 12:0 a.m.•51 views

CVE-2018-1000026

Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pa...

7.7CVSS6.7AI score0.039EPSS
Exploits0References14
UbuntuCve
UbuntuCve
•added 2018/01/29 5:29 p.m.•51 views

CVE-2017-1000353

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java SignedObject object to the Jenkins CLI, that would be deserialized...

9.8CVSS7.7AI score0.99679EPSS
Exploits36References2
UbuntuCve
UbuntuCve
•added 2017/12/27 5:8 p.m.•51 views

CVE-2017-16996

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service memory corruption or possibly have unspecified other impact by leveraging register truncation mishandling...

7.8CVSS7.1AI score0.00397EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2017/12/27 12:0 a.m.•51 views

CVE-2017-17862

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service...

5.5CVSS6.7AI score0.00437EPSS
Exploits0References8
UbuntuCve
UbuntuCve
•added 2017/12/20 12:0 a.m.•51 views

CVE-2017-17807

The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the requestkey system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search...

3.3CVSS6.7AI score0.0042EPSS
Exploits0References12
UbuntuCve
UbuntuCve
•added 2017/12/11 12:0 a.m.•51 views

CVE-2017-1000407

The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic...

7.4CVSS6.8AI score0.01216EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2017/12/06 2:29 p.m.•51 views

CVE-2017-13166

An elevation of privilege vulnerability in the kernel v4l2 video driver. Product: Android. Versions: Android kernel. Android ID A-34624167...

7.8CVSS7.1AI score0.00359EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2017/11/07 12:0 a.m.•51 views

CVE-2017-16642

In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelibmeridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parsedate.c...

7.5CVSS6.7AI score0.26373EPSS
Exploits2References4
UbuntuCve
UbuntuCve
•added 2017/10/19 5:29 p.m.•51 views

CVE-2017-10309

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Deployment. Supported versions that are affected are Java SE: 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks...

7.1CVSS6.8AI score0.08794EPSS
Exploits6References1
UbuntuCve
UbuntuCve
•added 2017/10/17 12:0 a.m.•51 views

CVE-2017-15537

The x86/fpu Floating Point Unit subsystem in the Linux kernel before 4.13.5, when a processor supports the xsave feature but not the xsaves feature, does not correctly handle attempts to set reserved bits in the xstate header via the ptrace or rtsigreturn system call, allowing local users to read...

5.5CVSS6.7AI score0.00398EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2017/10/02 12:0 a.m.•51 views

CVE-2017-14496

Integer underflow in the addpseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request...

7.8CVSS7.3AI score0.66347EPSS
Exploits5References4
UbuntuCve
UbuntuCve
•added 2017/09/09 12:0 a.m.•51 views

CVE-2017-14228

In Netwide Assembler NASM 2.14rc0, there is an illegal address access in the function pastetokens in preproc.c, aka a NULL pointer dereference. It will lead to remote denial of service...

5.5CVSS6.9AI score0.01146EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2017/08/07 12:0 a.m.•51 views

CVE-2011-5325

Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink...

7.5CVSS6.8AI score0.07176EPSS
Exploits3References3
UbuntuCve
UbuntuCve
•added 2017/06/05 3:29 a.m.•51 views

CVE-2017-9431

Google gRPC before 2017-04-05 has an out-of-bounds write caused by a heap-based buffer overflow related to core/lib/iomgr/error.c...

9.8CVSS7.4AI score0.02368EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2017/05/25 5:29 p.m.•51 views

CVE-2014-0225

When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack...

8.8CVSS7.2AI score0.01696EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2017/04/17 12:0 a.m.•51 views

CVE-2017-5647

A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. Thi...

7.5CVSS7.1AI score0.1684EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2017/04/17 12:0 a.m.•51 views

CVE-2017-5648

While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was...

9.1CVSS7.1AI score0.13225EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2017/03/01 12:0 a.m.•51 views

CVE-2017-6346

Race condition in net/packet/afpacket.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service use-after-free or possibly have unspecified other impact via a multithreaded application that makes PACKETFANOUT setsockopt system calls...

7CVSS6.8AI score0.00296EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2017/02/18 12:0 a.m.•51 views

CVE-2017-5986

Race condition in the sctpwaitforsndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service assertion failure and panic via a multithreaded application that peels off an association in a certain buffer-full state...

7.1CVSS6.8AI score0.01162EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2016/12/30 7:59 p.m.•51 views

CVE-2016-10045

The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOT...

9.8CVSS7.2AI score0.98038EPSS
Exploits19References10
UbuntuCve
UbuntuCve
•added 2016/12/11 2:59 a.m.•51 views

CVE-2016-6620

An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize function without verification that it's valid serialized data. The unserialization can result in code execution because of the interaction with object instantiation and autoloading. All 4.6.x versions prior to 4.6.4...

9.8CVSS7.6AI score0.03189EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2016/12/09 8:59 p.m.•51 views

CVE-2016-6301

The recvandprocessclientpkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service CPU and bandwidth consumption via a forged NTP packet, which triggers a communication loop...

7.8CVSS7.2AI score0.08894EPSS
Exploits5References1
UbuntuCve
UbuntuCve
•added 2016/11/27 12:0 a.m.•51 views

CVE-2016-8633

drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets...

6.8CVSS7.2AI score0.01765EPSS
Exploits0References11
UbuntuCve
UbuntuCve
•added 2016/08/18 12:0 a.m.•51 views

CVE-2016-6828

The tcpchecksendhead function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service tcpxmitretransmitqueue use-after-free and system crash via a crafted SACK option...

5.5CVSS6.7AI score0.01181EPSS
Exploits5References10
UbuntuCve
UbuntuCve
•added 2016/07/25 12:0 a.m.•51 views

CVE-2016-6293

The ulocacceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode ICU through 57.1 for C/C++ does not ensure that there is a '\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service out-of-bounds read or...

9.8CVSS7.3AI score0.04957EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2016/07/18 2:0 p.m.•51 views

CVE-2016-5387

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary...

8.1CVSS6.7AI score0.55724EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2016/05/13 4:59 p.m.•51 views

CVE-2016-2860

The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID...

6.5CVSS6.8AI score0.01501EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2016/05/05 12:0 a.m.•51 views

CVE-2016-3714

The 1 EPHEMERAL, 2 HTTPS, 3 MVG, 4 MSL, 5 TEXT, 6 SHOW, 7 WIN, and 8 PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."...

10CVSS7AI score0.97485EPSS
Exploits11References6
UbuntuCve
UbuntuCve
•added 2016/03/31 12:0 a.m.•51 views

CVE-2016-3142

The pharparsezipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service out-of-bounds read and application crash by placing a PK\x05\x06 signature at an inval...

8.2CVSS7.2AI score0.05181EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2016/01/26 12:0 a.m.•51 views

CVE-2016-0746

Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service worker process crash or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing...

9.8CVSS7AI score0.08625EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2015/04/21 12:0 a.m.•51 views

CVE-2015-3339

Race condition in the preparebinprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped...

6.2CVSS6.8AI score0.00317EPSS
Exploits0References11
UbuntuCve
UbuntuCve
•added 2015/04/15 12:0 a.m.•51 views

CVE-2015-0477

Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity via unknown vectors related to Beans...

4.3CVSS6.3AI score0.03307EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2015/02/17 3:59 p.m.•51 views

CVE-2015-1427

The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script...

9.8CVSS7.6AI score0.99906EPSS
Exploits19References6
UbuntuCve
UbuntuCve
•added 2015/01/27 6:0 p.m.•51 views

CVE-2015-0235

Heap-based buffer overflow in the nsshostnamedigitsdots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the 1 gethostbyname or 2 gethostbyname2 function, aka "GHOST."...

10CVSS7.5AI score0.94859EPSS
Exploits29References4
UbuntuCve
UbuntuCve
•added 2015/01/09 12:0 a.m.•51 views

CVE-2014-9585

The vdsoaddr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD...

2.1CVSS6.8AI score0.00557EPSS
Exploits1References9
UbuntuCve
UbuntuCve
•added 2014/10/15 12:0 a.m.•51 views

CVE-2014-6558

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security...

2.6CVSS6.8AI score0.03137EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2014/07/16 12:0 a.m.•51 views

CVE-2014-4943

The PPPoL2TP feature in net/l2tp/l2tpppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket...

6.9CVSS6.8AI score0.02103EPSS
Exploits6References11
Total number of security vulnerabilities5000