Lucene search
+L
UbuntucveMost viewed

71772 matches found

UbuntuCve
UbuntuCve
•added 2020/10/21 3:15 p.m.•47 views

CVE-2020-14779

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

4.3CVSS6.7AI score0.03758EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2020/10/20 12:0 a.m.•47 views

CVE-2020-15999

Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

9.6CVSS7.3AI score0.5063EPSS
Exploits2References7
UbuntuCve
UbuntuCve
•added 2020/10/02 1:15 p.m.•47 views

CVE-2020-18184

In PluxXml V5.7,the theme edit function /PluXml/core/admin/parametresedittpl.php allows remote attackers to execute arbitrary PHP code by placing this code into a template...

7.2CVSS7.2AI score0.01438EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2020/09/30 6:15 p.m.•47 views

CVE-2020-26160

jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with string for m"aud" which is allowed by the specification. Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lac...

7.5CVSS6.8AI score0.02158EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2020/09/23 10:15 p.m.•47 views

CVE-2020-25599

An issue was discovered in Xen through 4.14.x. There are evtchnreset race conditions. Uses of EVTCHNOPreset potentially by a guest on itself or XENDOMCTLsoftreset by itself covered by XSA-77 can lead to the violation of various internal assumptions. This may lead to out of bounds memory accesses ...

7CVSS6.7AI score0.00286EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2020/09/15 7:15 p.m.•47 views

CVE-2020-14331

A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VTRESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the...

7.2CVSS6.7AI score0.00563EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2020/09/10 5:15 p.m.•47 views

CVE-2020-10773

A stack information leak flaw was found in s390/s390x in the Linux kernel’s memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmmtimeout file. This flaw allows a local user to see the kernel data...

4.4CVSS6.7AI score0.00366EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2020/08/31 4:15 a.m.•47 views

CVE-2020-25031

checkinstall 1.6.2, when used to create a package that contains a symlink, may trigger the creation of a mode 0777 executable file...

7.8CVSS7.1AI score0.00544EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2020/08/18 5:15 p.m.•47 views

CVE-2020-7018

Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the �developer� role, they will be able to view the administrator API credentials. These credentials could allow the developer user to conduct operations with the same...

8.8CVSS7.2AI score0.0109EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2020/07/13 5:15 p.m.•47 views

CVE-2019-19338

A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort TAA error occurs. When a guest is running on a host CPU affected by the TAA flaw TAANO=0, but is no...

5.5CVSS6.8AI score0.00457EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2020/06/20 1:15 p.m.•47 views

CVE-2020-14933

compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. NOTE: the vendor disputes this because these two conditions for PHP object injection are not satisfied: existence of a PHP magic method such as wakeup or destruct, and any...

8.8CVSS7.2AI score0.01415EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2020/05/27 12:15 a.m.•47 views

CVE-2020-13622

JerryScript 2.2.0 allows attackers to cause a denial of service assertion failure because a property key query for a Proxy object returns unintended data...

7.5CVSS7.1AI score0.01252EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2020/05/05 6:15 a.m.•47 views

CVE-2020-12653

An issue was found in Linux kernel before 5.5.4. The mwifiexcmdappendvsietlv function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea...

7.8CVSS6.7AI score0.00435EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2020/04/15 2:15 p.m.•47 views

CVE-2020-2812

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Stored Procedure. Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

4.9CVSS6.6AI score0.02981EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2020/04/01 6:15 p.m.•47 views

CVE-2020-3897

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution...

9.3CVSS6.9AI score0.04369EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2020/03/31 5:15 a.m.•47 views

CVE-2020-11113

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime aka openjpa...

8.8CVSS7.1AI score0.06278EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2020/03/25 4:15 p.m.•47 views

CVE-2020-1957

Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass...

9.8CVSS7.2AI score0.24163EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2020/03/02 4:15 a.m.•47 views

CVE-2020-9548

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig aka anteros-core...

9.8CVSS7.1AI score0.18345EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2020/02/11 12:0 a.m.•47 views

CVE-2020-6798

If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this flaw cannot be...

6.1CVSS7AI score0.02056EPSS
Exploits0References8
UbuntuCve
UbuntuCve
•added 2019/12/31 12:15 a.m.•47 views

CVE-2019-20160

An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a stack-based buffer overflow in the function av1parsetilegroup in mediatools/avparsers.c...

5.5CVSS6.4AI score0.007EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2019/12/23 3:15 a.m.•47 views

CVE-2019-11049

In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory locations...

9.8CVSS7.1AI score0.04371EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2019/12/10 6:0 p.m.•47 views

CVE-2019-1349

A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387...

9.3CVSS7.7AI score0.34007EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2019/12/08 1:15 a.m.•47 views

CVE-2019-19447

In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4putsuper in fs/ext4/super.c, related to dumporphanlist in fs/ext4/super.c...

7.8CVSS6.8AI score0.03539EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2019/12/03 10:15 p.m.•47 views

CVE-2016-1000104

A security Bypass vulnerability exists in the FcgidPassHeader Proxy in modfcgid through 2016-07-07...

8.8CVSS6.8AI score0.02228EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2019/11/25 3:0 p.m.•47 views

CVE-2019-14896

A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service system crash or, possibly execute arbitrary code, when the lbsibssjoinexisting function is called after a STA connects to...

10CVSS7.3AI score0.08667EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2019/11/15 4:15 p.m.•47 views

CVE-2009-5047

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-4611. Reason: This candidate is a duplicate of CVE-2009-4611. Notes: All CVE users should reference CVE-2009-4611 rather than this candidate. All references and descriptions in this candidate have been removed to prevent...

7AI score
Exploits0References1
UbuntuCve
UbuntuCve
•added 2019/11/12 10:15 p.m.•47 views

CVE-2010-3440

babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and unpacking dictionary files, allowing a local attacker to overwrite arbitrary files...

5.5CVSS6.2AI score0.00256EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2019/11/01 1:15 p.m.•47 views

CVE-2005-3056

TWiki allows arbitrary shell command execution via the Include function...

9.8CVSS6.2AI score0.03482EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2019/10/03 8:15 p.m.•47 views

CVE-2019-16328

In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings...

7.5CVSS7.2AI score0.13049EPSS
Exploits2References1
UbuntuCve
UbuntuCve
•added 2019/08/19 12:0 a.m.•47 views

CVE-2019-15220

An issue was discovered in the Linux kernel before 5.2.1. There is a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver...

4.9CVSS6.7AI score0.00756EPSS
Exploits1References9
UbuntuCve
UbuntuCve
•added 2019/08/15 12:0 a.m.•47 views

CVE-2019-9851

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers...

9.8CVSS7.2AI score0.78347EPSS
Exploits4References5
UbuntuCve
UbuntuCve
•added 2019/07/13 12:0 a.m.•47 views

CVE-2018-20852

http.cookiejar.DefaultPolicy.domainreturnok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostnam...

5.3CVSS6.8AI score0.04021EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2019/07/11 1:15 p.m.•47 views

CVE-2019-12838

SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection...

9.8CVSS6.9AI score0.0268EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2019/07/11 12:0 a.m.•47 views

CVE-2019-11716

Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such as Object.getOwnPropertyNameswindow. Sites that deploy a sandboxing that depends on enumerating and freezing access to the window object may miss this, allowing their sandboxes t...

8.3CVSS7.2AI score0.01354EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2019/07/10 12:0 a.m.•47 views

CVE-2019-13224

A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte...

9.8CVSS7.3AI score0.04047EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2019/05/14 5:0 p.m.•47 views

CVE-2018-12127

Microarchitectural Load Port Data Sampling MLPDS: Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here:...

5.6CVSS6.8AI score0.01497EPSS
Exploits0References17
UbuntuCve
UbuntuCve
•added 2019/04/23 12:0 a.m.•47 views

CVE-2019-2684

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: RMI. Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

5.9CVSS6.8AI score0.37618EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2019/02/22 12:0 a.m.•47 views

CVE-2019-9020

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpcdecode can lead to an invalid memory access heap out of bounds read or read after free. This is related to xmlelemparsebuf in...

9.8CVSS6.8AI score0.10059EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2019/01/30 10:29 p.m.•47 views

CVE-2019-0190

A bug exists in the way modssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause modssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or...

7.5CVSS6.8AI score0.59942EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2018/12/18 12:0 a.m.•47 views

CVE-2018-16884

A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bcsvcprocess use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and ...

8CVSS6.8AI score0.01455EPSS
Exploits0References8
UbuntuCve
UbuntuCve
•added 2018/11/26 12:0 a.m.•47 views

CVE-2018-16862

A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation removal. The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one...

5.5CVSS6.7AI score0.0053EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2018/11/06 5:29 p.m.•47 views

CVE-2018-9385

In driveroverridestore of bus.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android I...

7.8CVSS7AI score0.00255EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2018/10/16 12:0 a.m.•47 views

CVE-2018-3149

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JNDI. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with...

8.3CVSS6.8AI score0.07215EPSS
Exploits2References4
UbuntuCve
UbuntuCve
•added 2018/10/08 6:29 p.m.•47 views

CVE-2018-18066

snmpoidcompare in snmplib/snmpapi.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service...

7.5CVSS7.1AI score0.04298EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2018/09/26 9:29 p.m.•47 views

CVE-2018-15836

In verifysignedhash in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implementation does not verify the value of padding string during PKCS1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used. IKEv2...

7.5CVSS7.1AI score0.01493EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2018/08/20 12:0 a.m.•47 views

CVE-2018-15594

arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests...

5.5CVSS6.8AI score0.00551EPSS
Exploits0References12
UbuntuCve
UbuntuCve
•added 2018/08/06 5:0 p.m.•47 views

CVE-2018-5390

Linux kernel versions 4.9+ can be forced to make very expensive calls to tcpcollapseofoqueue and tcppruneofoqueue for every incoming packet which can lead to a denial of service...

7.8CVSS6.8AI score0.7354EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2018/08/01 3:29 p.m.•47 views

CVE-2018-12466

openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links...

6.5CVSS6.5AI score0.00805EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2018/07/27 2:29 p.m.•47 views

CVE-2017-2666

It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating t...

6.5CVSS6.7AI score0.02712EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2018/07/26 12:0 a.m.•47 views

CVE-2015-9261

huftbuild in archival/libarchive/decompressgunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file...

5.5CVSS6.8AI score0.02368EPSS
Exploits6References3
Total number of security vulnerabilities5000