Lucene search
+L
UbuntucveMost viewed

71772 matches found

UbuntuCve
UbuntuCve
•added 2013/04/17 12:0 a.m.•49 views

CVE-2013-2436

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-1488 a...

9.3CVSS6.8AI score0.05691EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2013/03/18 12:0 a.m.•49 views

CVE-2013-1796

The kvmsetmsrcommon function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required timepage alignment during an MSRKVMSYSTEMTIME operation, which allows guest OS users to cause a denial of service buffer overflow and host OS memory corruption or possibly have...

6.8CVSS6.9AI score0.00946EPSS
Exploits1References7
UbuntuCve
UbuntuCve
•added 2013/01/30 12:0 a.m.•49 views

CVE-2011-4969

Cross-site scripting XSS vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag...

4.3CVSS6.9AI score0.19191EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2012/11/26 11:55 p.m.•49 views

CVE-2010-5284

Multiple cross-site scripting XSS vulnerabilities in Collabtive 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the 1 User parameter in the edit user profile feature to manageuser.php, 2 y parameter in a newcal action to manageajax.php, and the 3 pic parameter to thumb.php...

4.3CVSS5.9AI score0.01978EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2012/09/04 8:55 p.m.•49 views

CVE-2012-1605

The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature HMAC for a request argument." To our knowledge it is neither...

5CVSS6.2AI score0.02365EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2012/08/29 12:0 a.m.•49 views

CVE-2012-3969

Integer overflow in the nsSVGFEMorphologyElement::Filter function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via a crafted SVG filter that...

9.3CVSS7.6AI score0.04805EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2012/08/10 10:34 a.m.•49 views

CVE-2012-3464

Cross-site scripting XSS vulnerability in activesupport/lib/activesupport/coreext/string/outputsafety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' quote character...

4.3CVSS7.2AI score0.02568EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2012/08/10 12:0 a.m.•49 views

CVE-2012-3412

The sfc aka Solarflare Solarstorm driver in the Linux kernel before 3.2.30 allows remote attackers to cause a denial of service DMA descriptor consumption and network-controller outage via crafted TCP packets that trigger a small MSS value...

7.8CVSS6.9AI score0.06158EPSS
Exploits1References13
UbuntuCve
UbuntuCve
•added 2012/07/25 12:0 a.m.•49 views

CVE-2012-3571

ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a malformed client identifier...

6.1CVSS6.6AI score0.12985EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2012/05/04 12:0 a.m.•49 views

CVE-2012-2311

sapi/cgi/cgimain.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script aka php-cgi, does not properly handle query strings that contain a %3D sequence but no = equals sign character, which allows remote attackers to execute arbitrary code by placing command-line options i...

7.5CVSS7.6AI score0.69559EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2012/03/21 12:0 a.m.•49 views

CVE-2012-1458

The Microsoft CHM file parser in ClamAV 0.96.4 and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the...

4.3CVSS5.9AI score0.73738EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2012/01/27 12:0 a.m.•49 views

CVE-2012-0053

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request aka 400 error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a 1 long or 2 malformed header in...

4.3CVSS6.8AI score0.82756EPSS
Exploits4References4
UbuntuCve
UbuntuCve
•added 2012/01/19 12:0 a.m.•49 views

CVE-2012-0035

Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file...

9.3CVSS7.1AI score0.02723EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2011/12/21 4:2 a.m.•49 views

CVE-2011-3666

Mozilla Firefox before 3.6.25 and Thunderbird before 3.1.17 on Mac OS X do not consider .jar files to be executable files, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted file. NOTE: this vulnerability exists because of an incorrect fix for...

6.8CVSS5.8AI score0.01035EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2011/11/29 12:0 a.m.•49 views

CVE-2011-4317

The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which...

4.3CVSS7AI score0.59603EPSS
Exploits3References3
UbuntuCve
UbuntuCve
•added 2011/10/29 12:0 a.m.•49 views

CVE-2011-4077

Buffer overflow in the xfsreadlink function in fs/xfs/xfsvnodeops.c in XFS in the Linux kernel 2.6, when CONFIGXFSDEBUG is disabled, allows local users to cause a denial of service memory corruption and crash and possibly execute arbitrary code via an XFS image containing a symbolic link with a...

6.9CVSS6.2AI score0.00556EPSS
Exploits1References17
UbuntuCve
UbuntuCve
•added 2011/10/19 12:0 a.m.•49 views

CVE-2011-3556

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.233 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to...

7.5CVSS7.2AI score0.76245EPSS
Exploits5References2
UbuntuCve
UbuntuCve
•added 2011/09/06 3:55 p.m.•49 views

CVE-2010-4833

Untrusted search path vulnerability in modules/engines/ms-windows/xptheme.c in GTK+ before 2.24.0 allows local users to gain privileges via a Trojan horse uxtheme.dll file in the current working directory, a different vulnerability than CVE-2010-4831...

9.3CVSS5.9AI score0.02263EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2011/05/09 12:0 a.m.•49 views

CVE-2011-1745

Integer overflow in the agpgenericinsertmemory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allows local users to gain privileges or cause a denial of service system crash via a crafted AGPIOCBIND agpioctl ioctl call...

6.9CVSS7.1AI score0.00381EPSS
Exploits1References12
UbuntuCve
UbuntuCve
•added 2011/03/02 12:0 a.m.•49 views

CVE-2011-0053

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code...

10CVSS7.3AI score0.05787EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2010/10/05 12:0 a.m.•49 views

CVE-2010-3433

The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allow...

6CVSS7.3AI score0.03331EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2010/09/08 12:0 a.m.•49 views

CVE-2010-2798

The gfs2direntfindspace function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service NULL pointer dereference and panic and possibly have unspecified other...

7.8CVSS6.3AI score0.00414EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2010/06/16 8:30 p.m.•49 views

CVE-2010-2074

istream.c in w3m 0.5.2 and possibly other versions, when sslverifyserver is enabled, does not properly handle a '\0' character in a domain name in the 1 subject's Common Name or 2 Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary S...

6.8CVSS6.9AI score0.01491EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2010/05/07 12:0 a.m.•49 views

CVE-2010-1173

The sctpprocessunkparam function in net/sctp/smmakechunk.c in the Linux kernel 2.6.33.3 and earlier, when SCTP is enabled, allows remote attackers to cause a denial of service system crash via an SCTPChunkInit packet containing multiple invalid parameters that require a large amount of error data...

7.1CVSS6.1AI score0.21238EPSS
Exploits7References2
UbuntuCve
UbuntuCve
•added 2010/04/05 12:0 a.m.•49 views

CVE-2010-0177

Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, frees the contents of the window.navigator.plugins array while a reference to an array element is still active, which allows remote attackers to execute arbitrary code or cause a denial of servi...

9.3CVSS7.6AI score0.06995EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2010/02/18 6:0 p.m.•49 views

CVE-2010-0663

The ParamTraits::Read function in common/commonparamtraits.cc in Google Chrome before 4.0.249.78 does not initialize the memory locations that will hold bitmap data, which might allow remote attackers to obtain potentially sensitive information from process memory by providing insufficient data,...

5CVSS5.9AI score0.01006EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2008/08/14 12:0 a.m.•49 views

CVE-2008-3658

Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted font file...

7.5CVSS7.3AI score0.06847EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2008/06/19 9:41 p.m.•49 views

CVE-2008-2786

Buffer overflow in Firefox 3.0 and 2.0.x has unknown impact and attack vectors. NOTE: due to lack of details as of 20080619, it is not clear whether this is the same issue as CVE-2008-2785. A CVE identifier has been assigned for tracking purposes...

10CVSS5.9AI score0.01376EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2007/12/04 12:46 a.m.•49 views

CVE-2007-6206

The docoredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive informatio...

2.1CVSS5.9AI score0.00425EPSS
Exploits2References3
UbuntuCve
UbuntuCve
•added 2007/05/16 10:30 p.m.•49 views

CVE-2007-2727

The mcryptcreateiv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls phprandr with an uninitialized seed variable and therefore always generates the same initialization vector IV, which might allow context-dependent attackers to decrypt...

2.6CVSS6.1AI score0.0186EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2007/03/28 12:19 a.m.•49 views

CVE-2007-1717

The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ '\0' byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. NOTE: this issue might be security-relevant in cases...

5CVSS5.9AI score0.0465EPSS
Exploits2References1
UbuntuCve
UbuntuCve
•added 2007/02/26 8:28 p.m.•49 views

CVE-2007-0009

Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services NSS before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote...

6.8CVSS7.8AI score0.5036EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2006/11/21 11:7 p.m.•49 views

CVE-2006-6017

WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service application crash via a string that represents a 1 malformed or 2 large serialized object, because the object...

6.5CVSS5.9AI score0.0226EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2005/01/10 5:0 a.m.•49 views

CVE-2004-1268

lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS passwd file, which allows local users to corrupt the file by filling the associated file system and triggering the write errors...

2.1CVSS5.9AI score0.00454EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2025/05/14 11:15 p.m.•48 views

CVE-2025-46836

net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Inn versions up to and including 2.10, the Linux network utilities like ifconfig from the net-tools package do not properly validate the structure of /proc files when...

6.6CVSS7.3AI score0.00165EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2024/08/30 3:15 a.m.•48 views

CVE-2024-45491

An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms where UINTMAX equals SIZEMAX...

9.8CVSS6.9AI score0.0113EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2024/07/09 2:15 a.m.•48 views

CVE-2024-22020

A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports...

6.5CVSS6.8AI score0.01104EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2024/07/05 12:0 a.m.•48 views

CVE-2024-34481

drupal-wiki.com Drupal Wiki before 8.31.1 allows XSS via comments, captions, and image titles of a Wiki page...

6.1CVSS5.8AI score0.00625EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2024/07/01 7:15 p.m.•48 views

CVE-2024-38473

Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

8.1CVSS6.7AI score0.25878EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2024/06/27 9:15 p.m.•48 views

CVE-2024-5642

CPython 3.9 and earlier doesn't disallow configuring an empty list "" for SSLContext.setnpnprotocols which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used see CVE-2024-5535 for OpenSSL. This vulnerability is of low severity due to NPN being...

6.5CVSS6.9AI score0.00744EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2024/05/19 9:15 a.m.•48 views

CVE-2024-35860

In the Linux kernel, the following vulnerability has been resolved: bpf: support deferring bpflink dealloc to after RCU grace period BPF link for some program types is passed as a "context" which can be used by those BPF programs to look up additional information. E.g., for multi-kprobes and...

5.5CVSS5.9AI score0.00225EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2024/05/15 6:15 p.m.•48 views

CVE-2024-25743

In the Linux kernel through 6.9, an untrusted hypervisor can inject virtual interrupts 0 and 14 at any point in time and can trigger the SIGFPE signal handler in userspace applications. This affects AMD SEV-SNP and AMD SEV-ES...

7.1CVSS6.7AI score0.00245EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2024/05/03 8:15 a.m.•48 views

CVE-2024-33918

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maxim K AJAX Login and Registration modal popup + inline form allows Stored XSS.This issue affects AJAX Login and Registration modal popup + inline form: from n/a through 2.23...

5.9CVSS5.9AI score0.00359EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2024/05/03 6:15 a.m.•48 views

CVE-2024-4439

WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

7.2CVSS7.2AI score0.70822EPSS
Exploits4References7
UbuntuCve
UbuntuCve
•added 2024/04/18 10:15 a.m.•48 views

CVE-2024-26921

In the Linux kernel, the following vulnerability has been resolved: inet: inetdefrag: prevent sk release while still in use iplocalout and other functions can pass skb-sk as function argument. If the skb is a fragment and reassembly happens before such function call returns, the sk must not be...

5.5CVSS6.5AI score0.0038EPSS
Exploits1References22
UbuntuCve
UbuntuCve
•added 2024/04/11 9:15 p.m.•48 views

CVE-2024-28458

Null Pointer Dereference vulnerability in swfdump in swftools 0.9.2 allows attackers to crash the appliation via the function compileSWFActionCode in action/actioncompiler.c...

7.5CVSS5.9AI score0.00706EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2024/04/09 6:15 p.m.•48 views

CVE-2024-22423

yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using --exec with %q by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment...

9.8CVSS7AI score0.01254EPSS
Exploits1References7
UbuntuCve
UbuntuCve
•added 2024/03/26 12:0 a.m.•48 views

CVE-2024-42950

Notes Author| Note ---|--- jdstrand | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQwebkit webkit in Ubuntu uses the JavaScriptCore JSC engine, not V8 mdeslaur | It is no longer possible to build new webkit2gtk versions on focal and earlier. Marking as...

7.2AI score0.00553EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2024/03/12 12:0 a.m.•48 views

CVE-2023-28746

Information exposure through microarchitectural state after transient execution from some register files for some IntelR AtomR Processors may allow an authenticated user to potentially enable information disclosure via local access...

6.5CVSS6.8AI score0.00546EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2024/03/11 6:15 p.m.•48 views

CVE-2023-52489

In the Linux kernel, the following vulnerability has been resolved: mm/sparsemem: fix race in accessing memorysection-usage The below race is observed on a PFN which falls into the device memory region with the system memory configuration where PFN's are such that ZONENORMAL ZONEDEVICE ZONENORMAL...

4.7CVSS6.3AI score0.00294EPSS
Exploits1References21
Total number of security vulnerabilities5000