Lucene search
+L
UbuntucveMost viewed

71772 matches found

UbuntuCve
UbuntuCve
added 2013/11/13 3:55 p.m.48 views

CVE-2013-6623

The SVG implementation in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service out-of-bounds read by leveraging the use of tree order, rather than transitive dependency order, for layout...

4.3CVSS7.2AI score0.01448EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2013/10/16 12:0 a.m.48 views

CVE-2013-5780

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to...

4.3CVSS6.8AI score0.03433EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2013/08/07 12:0 a.m.48 views

CVE-2013-4185

Algorithmic complexity vulnerability in OpenStack Compute Nova before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service nova-network consumption via a large number of...

4CVSS5.9AI score0.02087EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2013/04/13 2:59 a.m.48 views

CVE-2013-2596

Integer overflow in the fbmmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges,...

7.8CVSS7AI score0.03373EPSS
Exploits1References17
UbuntuCve
UbuntuCve
added 2013/02/28 12:0 a.m.48 views

CVE-2013-1774

The chaseport function in drivers/usb/serial/ioti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service NULL pointer dereference and system crash via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter...

4CVSS6.8AI score0.00388EPSS
Exploits0References13
UbuntuCve
UbuntuCve
added 2013/02/01 12:0 a.m.48 views

CVE-2013-0441

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors relat...

10CVSS7.2AI score0.08087EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2013/01/13 10:55 p.m.48 views

CVE-2013-0156

activesupport/coreext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a...

7.5CVSS7.5AI score0.99449EPSS
Exploits21References3
UbuntuCve
UbuntuCve
added 2013/01/13 10:55 p.m.48 views

CVE-2013-0155

Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NU...

6.4CVSS7.1AI score0.08245EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2012/10/05 12:0 a.m.48 views

CVE-2012-4481

The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameErrortos method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005...

4.3CVSS5.9AI score0.01941EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2012/07/13 12:0 a.m.48 views

CVE-2012-3406

The vfprintf function in stdio-common/vfprintf.c in GNU C Library aka glibc 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string...

6.8CVSS7.1AI score0.03163EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2012/06/16 12:0 a.m.48 views

CVE-2012-2417

PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key...

4.3CVSS7.1AI score0.02727EPSS
Exploits2References3
UbuntuCve
UbuntuCve
added 2012/06/04 12:0 a.m.48 views

CVE-2012-1667

ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service daemon crash or data corruption or obta...

8.5CVSS6.9AI score0.13405EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2011/11/28 12:0 a.m.48 views

CVE-2011-4566

Integer overflow in the exifprocessIFDTAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offsetval value in an EXIF header in a JPEG file, a...

6.4CVSS7.4AI score0.06558EPSS
Exploits2References2
UbuntuCve
UbuntuCve
added 2011/03/16 12:0 a.m.48 views

CVE-2011-0411

The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is...

6.8CVSS7.2AI score0.16334EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2010/12/29 12:0 a.m.48 views

CVE-2010-3859

Multiple integer signedness errors in the TIPC implementation in the Linux kernel before 2.6.36.2 allow local users to gain privileges via a crafted sendmsg call that triggers a heap-based buffer overflow, related to the tipcmsgbuild function in net/tipc/msg.c and the verifyiovec function in...

6.9CVSS6.4AI score0.00397EPSS
Exploits1References10
UbuntuCve
UbuntuCve
added 2010/09/21 12:0 a.m.48 views

CVE-2010-3067

Integer overflow in the doiosubmit function in fs/aio.c in the Linux kernel before 2.6.36-rc4-next-20100915 allows local users to cause a denial of service or possibly have unspecified other impact via crafted use of the iosubmit system call...

4.9CVSS6.3AI score0.00428EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2010/07/28 12:0 a.m.48 views

CVE-2010-1452

The 1 modcache and 2 moddav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service process crash via a request that lacks a path...

5CVSS6.7AI score0.2187EPSS
Exploits2References2
UbuntuCve
UbuntuCve
added 2010/04/01 10:30 p.m.48 views

CVE-2010-1234

Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows remote attackers to truncate the URL shown in the HTTP Basic Authentication dialog via unknown vectors...

7.5CVSS5.9AI score0.0115EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2010/03/05 12:0 a.m.48 views

CVE-2010-0434

The apreadrequest function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain...

4.3CVSS7.2AI score0.18443EPSS
Exploits2References3
UbuntuCve
UbuntuCve
added 2009/08/11 12:0 a.m.48 views

CVE-2009-2414

Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service application crash via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the...

4.3CVSS6.7AI score0.03147EPSS
Exploits2References2
UbuntuCve
UbuntuCve
added 2009/07/20 5:30 p.m.48 views

CVE-2009-1897

The tunchrpoll function in drivers/net/tun.c in the tun subsystem in the Linux kernel 2.6.30 and 2.6.30.1, when the -fno-delete-null-pointer-checks gcc option is omitted, allows local users to gain privileges via vectors involving a NULL pointer dereference and an mmap of /dev/net/tun, a differen...

6.9CVSS5.9AI score0.01521EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2009/03/26 2:30 p.m.48 views

CVE-2009-1151

Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action...

9.8CVSS7.3AI score0.95438EPSS
Exploits16References2
UbuntuCve
UbuntuCve
added 2009/03/25 12:0 a.m.48 views

CVE-2009-1100

Multiple unspecified vulnerabilities in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service disk consumption via vectors related to temporary font files and 1 "limits on Font...

5CVSS6.3AI score0.03584EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2009/03/25 12:0 a.m.48 views

CVE-2009-1094

Unspecified vulnerability in the LDAP implementation in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.124 and earlier; and 1.4.219 and earlier allows remote LDAP servers to execute arbitrary code via unknown vector...

10CVSS6.6AI score0.04389EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2008/10/20 5:59 p.m.48 views

CVE-2008-4609

The TCP implementation in 1 Linux, 2 platforms based on BSD Unix, 3 Microsoft Windows, 4 Cisco products, and probably other operating systems allows remote attackers to cause a denial of service connection queue exhaustion via multiple vectors that manipulate information in the TCP state table, a...

7.1CVSS7.2AI score0.32123EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2008/09/24 12:0 a.m.48 views

CVE-2008-4062

Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related...

10CVSS6.2AI score0.04988EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2008/01/08 2:46 a.m.48 views

CVE-2008-0098

Buffer overflow in RealPlayer 11 build 6.0.14.748 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: As of 20080103, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE...

10CVSS6.2AI score0.05531EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2007/12/04 12:46 a.m.48 views

CVE-2007-6206

The docoredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive informatio...

2.1CVSS5.9AI score0.00425EPSS
Exploits2References3
UbuntuCve
UbuntuCve
added 2007/11/07 12:0 a.m.48 views

CVE-2007-5393

Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter...

9.3CVSS7AI score0.06408EPSS
Exploits1References7
UbuntuCve
UbuntuCve
added 2005/10/27 10:2 a.m.48 views

CVE-2005-3319

The apache2handler SAPI sapiapache2.c in the Apache module modphp for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service segmentation fault via the session.savepath option in a .htaccess file or VirtualHost...

2.1CVSS5.9AI score0.00587EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2005/05/02 4:0 a.m.48 views

CVE-2005-0247

Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may allow attackers to execute arbitrary code via 1 a large number of variables in a SQL statement being handled by the readsqlconstruct function, 2 a large number of INTO variables in a SELECT statement being handled by the...

6.5CVSS6.4AI score0.03512EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/05/14 11:15 p.m.47 views

CVE-2025-46836

net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Inn versions up to and including 2.10, the Linux network utilities like ifconfig from the net-tools package do not properly validate the structure of /proc files when...

6.6CVSS7.3AI score0.00165EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/02/20 5:15 p.m.47 views

CVE-2025-26310

Multiple memory leaks have been identified in the ABC file parsing functions parseABCCONSTANTPOOL and parseABCFILE in util/parser.c of libming v0.4.8, which allow attackers to cause a denial of service via a crafted ABC file...

6.5CVSS5.8AI score0.00361EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2024/05/30 9:15 p.m.47 views

CVE-2024-1298

EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability...

6CVSS6.8AI score0.00217EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/05/30 4:15 p.m.47 views

CVE-2024-36881

In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: reset ptes when close for wr-protected ones Userfaultfd unregister includes a step to remove wr-protect bits from all the relevant pgtable entries, but that only covered an explicit UFFDIOUNREGISTER ioctl, not a...

5.5CVSS6.4AI score0.00239EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2024/05/16 4:15 p.m.47 views

CVE-2024-4603

Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked...

5.3CVSS6.7AI score0.01131EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/05/14 6:15 p.m.47 views

CVE-2024-4367

A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11...

8.8CVSS7.5AI score0.72648EPSS
Exploits15References10
UbuntuCve
UbuntuCve
added 2024/05/14 3:11 p.m.47 views

CVE-2024-27281

An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be...

4.5CVSS7.4AI score0.01571EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2024/05/14 3:5 p.m.47 views

CVE-2024-25641

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web...

9.1CVSS7.8AI score0.86303EPSS
Exploits17References4
UbuntuCve
UbuntuCve
added 2024/05/07 9:15 p.m.47 views

CVE-2024-4030

On Windows a directory returned by tempfile.mkdtemp would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile...

7.1CVSS6.8AI score0.00303EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2024/05/01 1:15 p.m.47 views

CVE-2024-4059

Out of bounds read in V8 API in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to leak cross-site data via a crafted HTML page. Chromium security severity: High...

6.5CVSS6.6AI score0.009EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2024/05/01 6:15 a.m.47 views

CVE-2024-26943

In the Linux kernel, the following vulnerability has been resolved: nouveau/dmem: handle kcalloc allocation failure The kcalloc in nouveaudmemevictchunk will return null if the physical memory has run out. As a result, if we dereference srcpfns, dstpfns or dmaaddrs, the null pointer dereference...

5.5CVSS6.4AI score0.00225EPSS
Exploits0References12
UbuntuCve
UbuntuCve
added 2024/05/01 6:15 a.m.47 views

CVE-2024-26960

In the Linux kernel, the following vulnerability has been resolved: mm: swap: fix race between freeswapandcache and swapoff There was previously a theoretical window where swapoff could run and teardown a swapinfostruct while a call to freeswapandcache was running in another thread. This could...

5.5CVSS6.4AI score0.00177EPSS
Exploits0References27
UbuntuCve
UbuntuCve
added 2024/04/16 10:15 p.m.47 views

CVE-2024-21094

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracl...

3.7CVSS6.8AI score0.00746EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2024/04/09 6:15 p.m.47 views

CVE-2024-24576

Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files with the bat and cmd extensions on Windows using the Command. An attacker able to control the arguments...

10CVSS7.4AI score0.20342EPSS
Exploits10References9
UbuntuCve
UbuntuCve
added 2024/04/08 8:15 p.m.47 views

CVE-2024-23078

JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compareDouble, Double. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerabilit...

9.1CVSS6.1AI score0.00647EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2024/04/04 12:0 a.m.47 views

CVE-2024-26783

In the Linux kernel, the following vulnerability has been resolved: mm/vmscan: fix a bug calling wakeupkswapd with a wrong zone index With numa balancing on, when a numa system is running where a numa node doesn't have its local memory so it has no managed zones, the following oops has been...

5.5CVSS6.2AI score0.00242EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2024/04/02 10:15 p.m.47 views

CVE-2024-3204

A vulnerability has been found in c-blosc2 up to 2.13.2 and classified as critical. Affected by this vulnerability is the function ndlz4decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz4x4.c. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. Th...

9.8CVSS6.8AI score0.01275EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2024/03/20 11:15 a.m.47 views

CVE-2023-46841

Recent x86 CPUs offer functionality named Control-flow Enforcement Technology CET. A sub-feature of this are Shadow Stacks CET-SS. CET-SS is a hardware feature designed to protect against Return Oriented Programming attacks. When enabled, traditional stacks holding both data and return addresses...

6.5CVSS5.8AI score0.00267EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2024/03/14 9:15 p.m.47 views

CVE-2024-1713

A user who can create objects in a database with plv8 3.2.1 installed is able to cause deferred triggers to execute as the Superuser during autovacuum...

7.2CVSS6AI score0.00548EPSS
Exploits1References2
Total number of security vulnerabilities5000