Lucene search
+L
UbuntucveMost viewed

69832 matches found

ubuntucve
ubuntucve
added 2023/06/13 12:0 a.m.209 views

CVE-2023-20867

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine...

3.9CVSS6.5AI score0.13638EPSS
Exploits0References4
ubuntucve
ubuntucve
added 2017/06/27 5:29 p.m.207 views

CVE-2017-9841

Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the...

9.8CVSS7.5AI score0.99999EPSS
Exploits19References6
ubuntucve
ubuntucve
added 2024/01/19 6:15 p.m.205 views

CVE-2024-22915

A heap-use-after-free was found in SWFTools v0.9.2, in the function swfDeleteTag at rfxswf.c:1193. It allows an attacker to cause code execution...

7.8CVSS7AI score0.00376EPSS
Exploits1References2
ubuntucve
ubuntucve
added 2017/06/19 3:0 p.m.203 views

CVE-2017-1000366

glibc contains a vulnerability that allows specially crafted LDLIBRARYPATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap...

7.8CVSS7.2AI score0.02733EPSS
Exploits14References3
ubuntucve
ubuntucve
added 2023/06/15 6:15 p.m.202 views

CVE-2023-34455

snappy-java is a fast compressor/decompressor for Java. Due to use of an unchecked chunk length, an unrecoverable fatal error can occur in versions prior to 1.1.10.1. The code in the function hasNextChunk in the fileSnappyInputStream.java checks if a given stream has more chunks to read. It does...

7.5CVSS6.9AI score0.01762EPSS
Exploits1References5
ubuntucve
ubuntucve
added 2024/01/31 1:15 p.m.200 views

CVE-2024-1085

A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. The nftsetelemcatchalldeactivate function checks whether the catch-all set element is active in the current generation instead of the next generation before...

7.8CVSS6.7AI score0.00284EPSS
Exploits0References14
ubuntucve
ubuntucve
added 2022/03/23 8:15 p.m.200 views

CVE-2021-3618

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...

7.4CVSS7.1AI score0.02037EPSS
Exploits0References8
ubuntucve
ubuntucve
added 2023/06/25 10:15 p.m.199 views

CVE-2023-36664

Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices with the %pipe% prefix or the | pipe character prefix...

7.8CVSS7.2AI score0.03236EPSS
Exploits4References2
ubuntucve
ubuntucve
added 2023/01/13 12:0 a.m.199 views

CVE-2023-0179

A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution...

7.8CVSS7.1AI score0.01944EPSS
Exploits5References16
ubuntucve
ubuntucve
added 2022/02/08 12:0 a.m.199 views

CVE-2022-0492

A vulnerability was found in the Linux kernel’s cgroupreleaseagentwrite in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 releaseagent feature to escalate privileges and bypass the namespace isolation unexpectedly...

7.8CVSS6.9AI score0.05528EPSS
Exploits12References11
ubuntucve
ubuntucve
added 2022/11/01 11:15 p.m.198 views

CVE-2022-3723

Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.3AI score0.0675EPSS
Exploits1References2
ubuntucve
ubuntucve
added 2023/10/23 7:15 a.m.196 views

CVE-2023-45802

When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing...

5.9CVSS6.8AI score0.03024EPSS
Exploits1References6
ubuntucve
ubuntucve
added 2021/12/20 12:0 a.m.196 views

CVE-2021-44790

A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier...

9.8CVSS7.5AI score0.97108EPSS
Exploits4References4
ubuntucve
ubuntucve
added 2013/03/06 12:0 a.m.195 views

CVE-2013-1048

The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an...

4.6CVSS5.9AI score0.00378EPSS
Exploits0References3
ubuntucve
ubuntucve
added 2024/01/19 6:15 p.m.194 views

CVE-2024-22912

A global-buffer-overflow was found in SWFTools v0.9.2, in the function countline at swf5compiler.flex:327. It allows an attacker to cause code execution...

7.8CVSS7AI score0.00357EPSS
Exploits1References2
ubuntucve
ubuntucve
added 2023/05/17 9:15 a.m.191 views

CVE-2023-2745

WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wplang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such ...

6.1CVSS6.5AI score0.79527EPSS
Exploits7References3
ubuntucve
ubuntucve
added 2022/09/28 2:15 p.m.191 views

CVE-2021-43980

The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing but extremely hard to trigger concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 tha...

3.7CVSS6.8AI score0.01912EPSS
Exploits0References5
ubuntucve
ubuntucve
added 2019/06/05 5:29 a.m.191 views

CVE-2019-12616

An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken tag pointing at the victim's phpMyAdmin database, and the attacker can potential...

6.5CVSS6.9AI score0.19184EPSS
Exploits4References6
ubuntucve
ubuntucve
added 2024/01/27 7:15 a.m.190 views

CVE-2024-22861

Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service DoS via the avcodec/osq module...

7.5CVSS7.1AI score0.00608EPSS
Exploits0References3
ubuntucve
ubuntucve
added 2019/11/20 12:0 a.m.190 views

CVE-2019-16255

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument aka the "command" argument to Shell or Shelltest in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method...

8.1CVSS6.7AI score0.04187EPSS
Exploits1References3
ubuntucve
ubuntucve
added 2021/08/31 5:15 p.m.188 views

CVE-2021-37712

The npm package "tar" aka node-tar before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achiev...

8.6CVSS7AI score0.0185EPSS
Exploits0References3
ubuntucve
ubuntucve
added 2023/12/20 12:0 a.m.184 views

CVE-2023-51385

In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or...

6.5CVSS6.8AI score0.19753EPSS
Exploits8References6
ubuntucve
ubuntucve
added 2017/06/06 12:0 a.m.184 views

CVE-2017-5664

The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the origin...

7.5CVSS7.1AI score0.16567EPSS
Exploits1References4
ubuntucve
ubuntucve
added 2023/12/24 7:15 a.m.183 views

CVE-2023-51767

OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks for authentication bypass because the integer value of authenticated in mmanswerauthpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim...

7CVSS6.8AI score0.00661EPSS
Exploits0References2
ubuntucve
ubuntucve
added 2022/01/10 9:15 p.m.182 views

CVE-2022-21668

pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims...

9.3CVSS7.8AI score0.03897EPSS
Exploits1References4
ubuntucve
ubuntucve
added 2022/11/23 3:15 p.m.181 views

CVE-2022-42896

There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2capcore.c's l2capconnect and l2capleconnectreq functions which may allow code execution and leaking kernel memory respectively remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via...

8.8CVSS7.3AI score0.02014EPSS
Exploits0References26
ubuntucve
ubuntucve
added 2022/01/24 3:15 p.m.181 views

CVE-2022-23437

There's a vulnerability within the Apache Xerces Java XercesJ XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present withi...

7.1CVSS6.8AI score0.0444EPSS
Exploits0References4
ubuntucve
ubuntucve
added 2024/08/13 5:15 p.m.180 views

CVE-2023-20584

IOMMU improperly handles certain special address ranges with invalid device table entries DTEs, which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest integrity...

6CVSS6.6AI score0.00174EPSS
Exploits0References4
ubuntucve
ubuntucve
added 2024/02/09 11:15 p.m.180 views

CVE-2023-6935

wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSLSTATICRSA" The define “WOLFSSLSTATICRSA” enables static RSA cipher suites, which is n...

5.9CVSS6.1AI score0.00539EPSS
Exploits0References2
ubuntucve
ubuntucve
added 2022/06/18 9:15 p.m.178 views

CVE-2022-33987

The got package before 12.1.0 also fixed in 11.8.5 for Node.js allows a redirect to a UNIX socket...

5.3CVSS6.8AI score0.01855EPSS
Exploits0References3
ubuntucve
ubuntucve
added 2023/05/31 8:15 p.m.176 views

CVE-2023-34256

An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4groupdesccsum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend again...

5.5CVSS6.5AI score0.00247EPSS
Exploits0References11
ubuntucve
ubuntucve
added 2023/01/30 2:15 p.m.173 views

CVE-2023-0266

A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRVCTLIOCTLELEMREAD|WRITE32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past...

7.9CVSS7AI score0.03702EPSS
Exploits0References23
ubuntucve
ubuntucve
added 2023/06/15 5:15 p.m.172 views

CVE-2023-34454

snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing an unrecoverable fatal error. The function compresschar input in the file Snappy.java receives an array of characters and compresses it. I...

7.5CVSS6.8AI score0.01469EPSS
Exploits0References6
ubuntucve
ubuntucve
added 2024/07/24 5:15 p.m.171 views

CVE-2024-41110

Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being...

9.9CVSS6.9AI score0.16496EPSS
Exploits0References6
ubuntucve
ubuntucve
added 2023/05/02 8:15 p.m.171 views

CVE-2023-30943

The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system...

6.5CVSS6.3AI score0.06583EPSS
Exploits3References4
ubuntucve
ubuntucve
added 2021/12/10 12:0 a.m.171 views

CVE-2021-44228

Apache Log4j2 2.0-beta9 through 2.15.0 excluding security releases 2.12.2, 2.12.3, and 2.3.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message...

10CVSS7.2AI score0.99999EPSS
Exploits354References10
ubuntucve
ubuntucve
added 2020/07/14 3:15 p.m.170 views

CVE-2020-13934

An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service...

7.5CVSS7.1AI score0.64124EPSS
Exploits0References4
ubuntucve
ubuntucve
added 2023/07/05 9:15 p.m.169 views

CVE-2023-35936

Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Starting in version 1.13 and prior to version 3.1.4, Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing a specially crafte...

6.1CVSS6.3AI score0.00368EPSS
Exploits1References2
ubuntucve
ubuntucve
added 2020/11/02 12:0 a.m.169 views

CVE-2020-28035

WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC...

9.8CVSS7.2AI score0.04204EPSS
Exploits0References2
ubuntucve
ubuntucve
added 2017/07/23 3:29 a.m.169 views

CVE-2017-11524

The WriteBlob function in MagickCore/blob.c in ImageMagick before 6.9.8-10 and 7.x before 7.6.0-0 allows remote attackers to cause a denial of service assertion failure and application exit via a crafted file...

6.5CVSS7AI score0.03183EPSS
Exploits1References1
ubuntucve
ubuntucve
added 2023/06/07 8:15 p.m.168 views

CVE-2023-33595

CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function asciidecode at /Objects/unicodeobject.c...

5.5CVSS6.1AI score0.0037EPSS
Exploits0References3
ubuntucve
ubuntucve
added 2022/12/23 4:15 p.m.168 views

CVE-2022-47939

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c has a use-after-free and OOPS for SMB2TREEDISCONNECT...

9.8CVSS6.8AI score0.46428EPSS
Exploits0References3
ubuntucve
ubuntucve
added 2021/08/03 7:15 p.m.167 views

CVE-2021-30563

Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS7AI score0.08928EPSS
Exploits0References2
ubuntucve
ubuntucve
added 2014/09/30 12:0 a.m.167 views

CVE-2014-6278

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and...

10CVSS7.5AI score0.99621EPSS
Exploits31References6
ubuntucve
ubuntucve
added 2010/12/06 10:30 p.m.167 views

CVE-2010-4478

OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a...

9.8CVSS6.8AI score0.04242EPSS
Exploits1References1
ubuntucve
ubuntucve
added 2024/12/04 5:15 a.m.162 views

CVE-2024-54661

readline.sh in socat before1.8.0.2 relies on the /tmp/$USER/stderr2 file...

9.8CVSS6.8AI score0.008EPSS
Exploits0References3
ubuntucve
ubuntucve
added 2022/08/11 3:15 p.m.162 views

CVE-2022-20368

Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel...

7.8CVSS6.6AI score0.00126EPSS
Exploits0References4
ubuntucve
ubuntucve
added 2024/01/31 1:15 p.m.161 views

CVE-2024-1086

A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. The nftverdictinit function allows positive values as drop error within the hook verdict, and hence the nfhookslow function can cause a double free...

7.8CVSS6.9AI score0.28058EPSS
Exploits16References24
ubuntucve
ubuntucve
added 2023/09/06 2:15 p.m.161 views

CVE-2023-4207

A use-after-free vulnerability in the Linux kernel's net/sched: clsfw component can be exploited to achieve local privilege escalation. When fwchange is called on an existing filter, the whole tcfresult struct is always copied into the new instance of the filter. This causes a problem when updati...

7.8CVSS6.7AI score0.00301EPSS
Exploits0References4
ubuntucve
ubuntucve
added 2022/02/01 12:0 a.m.161 views

CVE-2021-3999

A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd in a setuid program could use this flaw to potentially execute...

7.8CVSS7.3AI score0.0072EPSS
Exploits1References4
Total number of security vulnerabilities5000