Lucene search
+L
UbuntucveMost viewed

71772 matches found

UbuntuCve
UbuntuCve
•added 2018/04/16 9:58 a.m.•50 views

CVE-2014-1686

MediaWiki 1.18.0 allows remote attackers to obtain the installation path via vectors related to thumbnail creation...

5.3CVSS6.1AI score0.02117EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2018/01/29 12:0 a.m.•50 views

CVE-2017-18079

drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact because the port-exists value can change after it is validated...

7.8CVSS6.8AI score0.00418EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2018/01/16 7:29 p.m.•50 views

CVE-2014-6071

jQuery 1.4.2 allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to use of the text method inside after...

6.1CVSS6.7AI score0.02338EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2018/01/16 12:0 a.m.•50 views

CVE-2018-5711

gdgifin.c in the GD Graphics Library aka libgd, as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or...

5.5CVSS6.8AI score0.13204EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2018/01/03 10:0 p.m.•50 views

CVE-2017-5754

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache...

5.6CVSS6.9AI score0.84172EPSS
Exploits3References25
UbuntuCve
UbuntuCve
•added 2017/08/18 9:29 p.m.•50 views

CVE-2017-12963

There is an illegal address access in Sass::Eval::operator in eval.cpp of LibSass 3.4.5, leading to a remote denial of service attack. NOTE: this is similar to CVE-2017-11555 but remains exploitable after the vendor's CVE-2017-11555 fix available from GitHub after 2017-07-24...

7.5CVSS7.1AI score0.01225EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2017/07/24 7:29 a.m.•50 views

CVE-2017-11600

net/xfrm/xfrmpolicy.c in the Linux kernel through 4.12.3, when CONFIGXFRMMIGRATE is enabled, does not ensure that the dir value of xfrmuserpolicyid is XFRMPOLICYMAX or less, which allows local users to cause a denial of service out-of-bounds access or possibly have unspecified other impact via an...

7CVSS6.8AI score0.00406EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2017/07/20 12:0 a.m.•50 views

CVE-2017-10078

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Scripting. The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this...

8.1CVSS6.8AI score0.02402EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2017/05/04 7:29 p.m.•50 views

CVE-2017-3730

In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack...

7.5CVSS7.1AI score0.55294EPSS
Exploits5References2
UbuntuCve
UbuntuCve
•added 2017/04/17 12:0 a.m.•50 views

CVE-2017-5648

While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was...

9.1CVSS7.1AI score0.13225EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2017/03/27 5:59 p.m.•50 views

CVE-2017-7272

PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead ...

7.4CVSS7.1AI score0.03514EPSS
Exploits2References1
UbuntuCve
UbuntuCve
•added 2017/02/18 12:0 a.m.•50 views

CVE-2017-5986

Race condition in the sctpwaitforsndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service assertion failure and panic via a multithreaded application that peels off an association in a certain buffer-full state...

7.1CVSS6.8AI score0.01162EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2017/02/09 12:0 a.m.•50 views

CVE-2016-2148

Heap-based buffer overflow in the DHCP client udhcpc in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION6RD parsing...

9.8CVSS7.1AI score0.28429EPSS
Exploits4References2
UbuntuCve
UbuntuCve
•added 2016/12/30 7:59 p.m.•50 views

CVE-2016-10045

The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOT...

9.8CVSS7.2AI score0.98038EPSS
Exploits19References10
UbuntuCve
UbuntuCve
•added 2016/11/27 12:0 a.m.•50 views

CVE-2016-8633

drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets...

6.8CVSS7.2AI score0.01765EPSS
Exploits0References11
UbuntuCve
UbuntuCve
•added 2016/10/10 4:59 p.m.•50 views

CVE-2016-5325

CRLF injection vulnerability in the ServerResponsewriteHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument...

6.1CVSS6.9AI score0.04093EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2016/08/18 12:0 a.m.•50 views

CVE-2016-6828

The tcpchecksendhead function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service tcpxmitretransmitqueue use-after-free and system crash via a crafted SACK option...

5.5CVSS6.7AI score0.01181EPSS
Exploits5References10
UbuntuCve
UbuntuCve
•added 2016/08/06 8:59 p.m.•50 views

CVE-2016-6198

The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service system crash via a rename system call, related to fs/namei.c and fs/open.c...

5.5CVSS6.8AI score0.00613EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2016/08/06 12:0 a.m.•50 views

CVE-2016-6136

Race condition in the auditlogsingleexecvearg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability...

4.7CVSS6.7AI score0.00267EPSS
Exploits0References12
UbuntuCve
UbuntuCve
•added 2016/07/03 1:59 a.m.•50 views

CVE-2016-5734

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the pregreplace e aka eval modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table...

9.8CVSS7.4AI score0.81373EPSS
Exploits8References2
UbuntuCve
UbuntuCve
•added 2016/06/27 12:0 a.m.•50 views

CVE-2016-4470

The keyrejectandlink function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service system crash via vectors involving a crafted keyctl request2 command...

5.5CVSS6.8AI score0.00582EPSS
Exploits0References11
UbuntuCve
UbuntuCve
•added 2016/05/12 12:0 a.m.•50 views

CVE-2016-0758

Integer overflow in lib/asn1decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data...

7.8CVSS6.8AI score0.00397EPSS
Exploits0References14
UbuntuCve
UbuntuCve
•added 2016/03/31 12:0 a.m.•50 views

CVE-2016-3142

The pharparsezipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service out-of-bounds read and application crash by placing a PK\x05\x06 signature at an inval...

8.2CVSS7.2AI score0.05181EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2015/06/11 12:0 a.m.•50 views

CVE-2015-1792

The dofreeupto function in crypto/cms/cmssmime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service infinite loop via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an...

5CVSS7.2AI score0.22476EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2015/06/03 12:0 a.m.•50 views

CVE-2015-1805

The 1 piperead and 2 pipewrite implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed copytouserinatomic and copyfromuserinatomic calls, which allows local users to cause a denial of service system crash or possibly gain privileges via a...

7.2CVSS7AI score0.01395EPSS
Exploits3References7
UbuntuCve
UbuntuCve
•added 2015/02/23 12:0 a.m.•50 views

CVE-2015-0273

Multiple use-after-free vulnerabilities in ext/date/phpdate.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a 1 R or 2 r type specifier in a DateTimeZone data handled by the...

7.5CVSS7.1AI score0.42911EPSS
Exploits9References3
UbuntuCve
UbuntuCve
•added 2015/01/27 6:0 p.m.•50 views

CVE-2015-0235

Heap-based buffer overflow in the nsshostnamedigitsdots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the 1 gethostbyname or 2 gethostbyname2 function, aka "GHOST."...

10CVSS7.5AI score0.94859EPSS
Exploits29References4
UbuntuCve
UbuntuCve
•added 2014/11/17 4:59 p.m.•50 views

CVE-2014-3629

XML external entity XXE vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote attackers to cause outgoing HTTP connections via a crafted message...

4.3CVSS6AI score0.06918EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2014/07/16 12:0 a.m.•50 views

CVE-2014-4943

The PPPoL2TP feature in net/l2tp/l2tpppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket...

6.9CVSS6.8AI score0.02103EPSS
Exploits6References11
UbuntuCve
UbuntuCve
•added 2014/03/24 12:0 a.m.•50 views

CVE-2014-0131

Use-after-free vulnerability in the skbsegment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation...

2.9CVSS6.5AI score0.00675EPSS
Exploits2References13
UbuntuCve
UbuntuCve
•added 2014/03/24 12:0 a.m.•50 views

CVE-2014-2284

The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1 does not properly validate input, which allows remote attackers to cause a denial of service via unspecified vectors...

5CVSS7.2AI score0.04432EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2014/03/18 12:0 a.m.•50 views

CVE-2014-1510

The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call...

9.8CVSS7.2AI score0.82339EPSS
Exploits5References4
UbuntuCve
UbuntuCve
•added 2014/02/10 6:15 p.m.•50 views

CVE-2013-4736

Multiple integer overflows in the JPEG engine drivers in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, allow attackers to cause a denial of service system crash via a large number of...

7.8CVSS5.9AI score0.01329EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2014/01/19 6:2 p.m.•50 views

CVE-2013-2185

The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar iss...

7.5CVSS6.9AI score0.07199EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2013/10/10 12:55 a.m.•50 views

CVE-2013-4271

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-2013-4221...

7.5CVSS6.2AI score0.02832EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2013/09/18 12:0 a.m.•50 views

CVE-2013-1063

usb-creator 0.2.47 before 0.2.47.1, 0.2.40 before 0.2.40ubuntu2, and 0.2.38 before 0.2.38.2 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a 1...

4.6CVSS5.9AI score0.00373EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2013/07/20 3:37 a.m.•50 views

CVE-2013-2251

Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted 1 action:, 2 redirect:, or 3 redirectAction: prefix...

9.8CVSS7AI score0.99998EPSS
Exploits18References3
UbuntuCve
UbuntuCve
•added 2013/06/18 12:0 a.m.•50 views

CVE-2013-2407

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and availability via unknown vectors related to Libraries. NOTE: the previous information...

6.4CVSS6.9AI score0.05166EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2013/04/22 12:0 a.m.•50 views

CVE-2013-3224

The btsockrecvmsg function in net/bluetooth/afbluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call...

4.9CVSS6.5AI score0.00392EPSS
Exploits0References15
UbuntuCve
UbuntuCve
•added 2013/03/15 8:55 p.m.•50 views

CVE-2012-6543

The l2tpip6getname function in net/l2tp/l2tpip6.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application...

1.9CVSS5.9AI score0.00361EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2013/02/26 12:0 a.m.•50 views

CVE-2012-4558

Multiple cross-site scripting XSS vulnerabilities in the balancerhandler function in the manager interface in modproxybalancer.c in the modproxybalancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML vi...

4.3CVSS6AI score0.22913EPSS
Exploits2References4
UbuntuCve
UbuntuCve
•added 2012/12/17 12:0 a.m.•50 views

CVE-2012-0962

Aptdaemon 0.43 in Ubuntu 11.10 and 12.04 LTS uses short IDs when importing PPA GPG keys from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle MITM attack...

4.3CVSS5.9AI score0.018EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2012/11/28 1:3 p.m.•50 views

CVE-2012-2739

Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an...

5CVSS6.8AI score0.0317EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2012/10/26 12:0 a.m.•50 views

CVE-2012-4195

The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and principal in its return value, which makes it easie...

4.3CVSS7.2AI score0.01902EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2012/04/10 12:0 a.m.•50 views

CVE-2012-1182

The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call...

10CVSS7.6AI score0.74034EPSS
Exploits9References3
UbuntuCve
UbuntuCve
•added 2011/11/16 12:0 a.m.•50 views

CVE-2011-3389

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...

4.3CVSS6.8AI score0.73327EPSS
Exploits4References3
UbuntuCve
UbuntuCve
•added 2011/09/28 12:0 a.m.•50 views

CVE-2011-3000

Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting...

4.3CVSS7.2AI score0.02018EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2011/09/23 11:55 p.m.•50 views

CVE-2011-3730

Drupal 7.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/simpletest/tests/upgrade/drupal-6.upload.database.php and certain other files...

5CVSS7.1AI score0.01644EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2011/07/21 11:55 p.m.•50 views

CVE-2011-0255

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1...

9.3CVSS7.4AI score0.03923EPSS
Exploits2References1
UbuntuCve
UbuntuCve
•added 2011/06/24 12:0 a.m.•50 views

CVE-2011-2484

The adddellistener function in kernel/taskstats.c in the Linux kernel 2.6.39.1 and earlier does not prevent multiple registrations of exit handlers, which allows local users to cause a denial of service memory and CPU consumption, and bypass the OOM Killer, via a crafted application...

4.9CVSS7.1AI score0.00388EPSS
Exploits1References14
Total number of security vulnerabilities5000