Lucene search
+L
UbuntucveMost viewed

71772 matches found

UbuntuCve
UbuntuCve
•added 2018/03/26 12:0 a.m.•49 views

CVE-2018-1301

A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode both log and build level...

5.9CVSS6.8AI score0.15564EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2018/02/23 12:0 a.m.•49 views

CVE-2018-1305

Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that...

6.5CVSS6.7AI score0.14737EPSS
Exploits2References2
UbuntuCve
UbuntuCve
•added 2018/01/18 8:29 p.m.•49 views

CVE-2017-3158

A race condition in Guacamole's terminal emulator in versions 0.9.5 through 0.9.10-incubating could allow writes of blocks of printed data to overlap. Such overlapping writes could cause packet data to be misread as the packet length, resulting in the remaining data being written beyond the end o...

8.1CVSS7.1AI score0.01221EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2017/12/08 3:29 p.m.•49 views

CVE-2017-16921

In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters related to PGP and execute arbitrary shell commands with the permissions of the OTRS or web...

9CVSS7.4AI score0.19901EPSS
Exploits8References3
UbuntuCve
UbuntuCve
•added 2017/12/07 12:0 a.m.•49 views

CVE-2017-15412

Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS7.2AI score0.02963EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2017/11/14 8:29 p.m.•49 views

CVE-2017-12635

Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit users documents with duplicate keys for 'roles' used for access control within the database, including the special case 'admin' role,...

10CVSS7.2AI score0.99838EPSS
Exploits21References3
UbuntuCve
UbuntuCve
•added 2017/10/19 12:0 a.m.•49 views

CVE-2017-10388

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

7.5CVSS6.8AI score0.03206EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2017/10/18 12:0 a.m.•49 views

CVE-2017-10378

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple...

6.5CVSS6.9AI score0.03237EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2017/09/12 1:0 p.m.•49 views

CVE-2017-1000251

The native Bluetooth stack in the Linux Kernel BlueZ, starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space...

8CVSS7.3AI score0.16181EPSS
Exploits12References10
UbuntuCve
UbuntuCve
•added 2017/08/23 3:29 a.m.•49 views

CVE-2017-13133

In ImageMagick 7.0.6-8, the loadlevel function in coders/xcf.c lacks offset validation, which allows attackers to cause a denial of service loadtile memory exhaustion via a crafted file...

7.1CVSS6.9AI score0.01632EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2017/07/20 12:29 a.m.•49 views

CVE-2017-9765

Integer overflow in the soapget function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denial of service stack-based buffer overflow and application crash via a large XML document, aka Devil'...

8.1CVSS7.8AI score0.21894EPSS
Exploits2References3
UbuntuCve
UbuntuCve
•added 2017/07/17 1:18 p.m.•49 views

CVE-2017-1000061

xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service...

7.1CVSS6.8AI score0.01341EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2017/07/13 12:0 a.m.•49 views

CVE-2017-9788

In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in Proxy-Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by modauthdigest. Providing an initial key with no '=' assignment could reflect the stale...

9.1CVSS6.8AI score0.5677EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2017/06/19 3:0 p.m.•49 views

CVE-2017-1000370

The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the protection of the offset2li...

7.8CVSS6.7AI score0.02253EPSS
Exploits6References2
UbuntuCve
UbuntuCve
•added 2017/06/12 12:0 a.m.•49 views

CVE-2015-9096

Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring...

6.1CVSS6.8AI score0.03675EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2017/03/13 6:59 a.m.•49 views

CVE-2017-5929

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...

9.8CVSS6.8AI score0.07501EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2017/03/02 1:59 a.m.•49 views

CVE-2016-10228

The iconv program in the GNU C Library aka glibc or libc6 2.31 and earlier, when invoked with multiple suffixes in the destination encoding TRANSLATE or IGNORE along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service...

5.9CVSS6.5AI score0.04006EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2017/03/01 8:59 p.m.•49 views

CVE-2017-6353

net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service invalid unlock and double free via a multithreaded application. NOTE: this vulnerability exists because...

5.5CVSS6.8AI score0.00374EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2017/02/01 12:0 a.m.•49 views

CVE-2017-2615

Quick emulator QEMU built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or...

9.1CVSS7.2AI score0.03648EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2017/01/24 12:0 a.m.•49 views

CVE-2016-10158

The exifconvertanytoint function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service application crash via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1...

7.5CVSS7.2AI score0.07827EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2017/01/24 12:0 a.m.•49 views

CVE-2016-10159

Integer overflow in the pharparsepharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service memory consumption or application crash via a truncated manifest entry in a PHAR archive...

7.5CVSS6.9AI score0.07681EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2017/01/20 12:0 a.m.•49 views

CVE-2016-5318

Stack-based buffer overflow in the TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff...

6.5CVSS7.2AI score0.04837EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2016/12/09 11:59 a.m.•49 views

CVE-2016-8858

The kexinputkexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service memory consumption by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue."...

7.8CVSS7.1AI score0.29462EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2016/11/30 12:0 a.m.•49 views

CVE-2016-9078

Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without t...

8.8CVSS7AI score0.01884EPSS
Exploits2References3
UbuntuCve
UbuntuCve
•added 2016/10/07 2:59 p.m.•49 views

CVE-2015-2080

The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak...

7.5CVSS7.2AI score0.74881EPSS
Exploits16References4
UbuntuCve
UbuntuCve
•added 2016/07/06 2:59 p.m.•49 views

CVE-2016-4979

The Apache HTTP Server 2.4.18 through 2.4.20, when modhttp2 and modssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allows remote attackers to bypass intended access restrictions by leveraging the ability to send multiple...

7.5CVSS7.2AI score0.18802EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2016/06/27 12:0 a.m.•49 views

CVE-2016-5829

Multiple heap-based buffer overflows in the hiddevioctlusage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted 1 HIDIOCGUSAGES or 2 HIDIOCSUSAGES ioctl call...

7.8CVSS6.9AI score0.00458EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2016/05/16 10:59 a.m.•49 views

CVE-2015-4642

The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted string to an application that accepts command-line arguments for a call to the PHP system functio...

10CVSS7.5AI score0.05999EPSS
Exploits2References2
UbuntuCve
UbuntuCve
•added 2016/05/06 12:0 a.m.•49 views

CVE-2016-4537

The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call...

9.8CVSS7.2AI score0.05873EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2016/04/29 12:0 a.m.•49 views

CVE-2016-4343

The pharmakedirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service uninitialized pointer dereference or possibly have unspecified other impact via a crafted TAR archi...

8.8CVSS7.2AI score0.0421EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2016/04/21 12:0 a.m.•49 views

CVE-2016-3426

Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality via vectors related to JCE...

4.3CVSS6.8AI score0.02795EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2015/10/19 12:0 a.m.•49 views

CVE-2015-7833

The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in Red Hat Enterprise Linux RHEL 7.1 allows physically proximate attackers to cause a denial of service panic via a nonzero bInterfaceNumber value in a USB device descriptor...

4.9CVSS6.7AI score0.00675EPSS
Exploits1References13
UbuntuCve
UbuntuCve
•added 2015/08/27 12:0 a.m.•49 views

CVE-2015-6831

Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving 1 ArrayObject, 2 SplObjectStorage, and 3 SplDoublyLinkedList, which are mishandled during unserialization...

7.5CVSS7.2AI score0.07057EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2015/07/08 2:59 p.m.•49 views

CVE-2015-5119

Use-after-free vulnerability in the ByteArray class in the ActionScript 3 AS3 implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of...

10CVSS7.7AI score0.99344EPSS
Exploits6References7
UbuntuCve
UbuntuCve
•added 2015/06/18 12:0 a.m.•49 views

CVE-2015-4605

The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service application crash or possibly execute...

7.5CVSS7.1AI score0.0739EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2015/02/03 12:0 a.m.•49 views

CVE-2014-5352

The krb5gssprocesscontexttoken function in lib/gssapi/krb5/processcontexttoken.c in the libgssapikrb5 library in MIT Kerberos 5 aka krb5 through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to...

9CVSS7AI score0.06213EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2014/06/25 12:0 a.m.•49 views

CVE-2014-4650

The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as...

9.8CVSS7AI score0.247EPSS
Exploits5References3
UbuntuCve
UbuntuCve
•added 2014/06/23 12:0 a.m.•49 views

CVE-2014-4171

mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service imutex hold by using the mmap system call to access a hole, as demonstrated by interfering with intended...

4.7CVSS6.8AI score0.0044EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2014/06/05 12:0 p.m.•49 views

CVE-2014-0224

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessio...

7.4CVSS7AI score0.95326EPSS
Exploits9References3
UbuntuCve
UbuntuCve
•added 2014/06/05 12:0 a.m.•49 views

CVE-2014-3153

The futexrequeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEXREQUEUE command that facilitates unsafe waiter modification...

7.8CVSS6.7AI score0.37233EPSS
Exploits15References12
UbuntuCve
UbuntuCve
•added 2014/04/29 12:0 a.m.•49 views

CVE-2014-1524

The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of...

9.8CVSS7.3AI score0.07543EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2014/03/18 12:0 a.m.•49 views

CVE-2014-1505

The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a differen...

7.5CVSS6.9AI score0.04002EPSS
Exploits3References4
UbuntuCve
UbuntuCve
•added 2013/12/07 12:55 a.m.•49 views

CVE-2013-6414

actionpack/lib/actionview/lookupcontext.rb in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service memory consumption via a header containing an invalid MIME type that leads to excessive caching...

5CVSS5.9AI score0.207EPSS
Exploits2References2
UbuntuCve
UbuntuCve
•added 2013/11/29 4:33 a.m.•49 views

CVE-2013-6885

The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service system hang via a crafted application, aka the errata 793 issue...

4.7CVSS6.8AI score0.00588EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2013/09/18 12:0 a.m.•49 views

CVE-2013-1066

language-selector 0.110.x before 0.110.1, 0.90.x before 0.90.1, and 0.79.x before 0.79.4 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a 1...

4.6CVSS5.9AI score0.00375EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2013/08/20 10:55 p.m.•49 views

CVE-2013-4962

The reset password page in Puppet Enterprise before 3.0.1 does not force entry of the current password, which allows attackers to modify user passwords by leveraging session hijacking, an unattended workstation, or other vectors...

5.8CVSS5.9AI score0.01226EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2013/07/19 2:36 p.m.•49 views

CVE-2012-3414

Cross-site scripting XSS vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the...

4.3CVSS5.9AI score0.09088EPSS
Exploits10References2
UbuntuCve
UbuntuCve
•added 2013/06/18 12:0 a.m.•49 views

CVE-2013-2443

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different...

5CVSS6.9AI score0.04586EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2013/06/18 12:0 a.m.•49 views

CVE-2013-2473

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2...

10CVSS6.9AI score0.07437EPSS
Exploits4References6
UbuntuCve
UbuntuCve
•added 2013/06/18 12:0 a.m.•49 views

CVE-2013-2453

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented ...

5CVSS6.9AI score0.04552EPSS
Exploits0References6
Total number of security vulnerabilities5000