Lucene search
+L
UbuntucveMost viewed

71772 matches found

UbuntuCve
UbuntuCve
•added 2016/08/06 12:0 a.m.•47 views

CVE-2016-5696

net/ipv4/tcpinput.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack...

5.8CVSS6.9AI score0.15073EPSS
Exploits3References12
UbuntuCve
UbuntuCve
•added 2016/05/03 12:0 a.m.•47 views

CVE-2016-2107

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability...

5.9CVSS7.1AI score0.89058EPSS
Exploits6References3
UbuntuCve
UbuntuCve
•added 2016/05/02 12:0 a.m.•47 views

CVE-2016-3689

The imspcuparsecdcdata function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service system crash via a USB device without both a master and a slave interface...

4.9CVSS6.8AI score0.00586EPSS
Exploits0References14
UbuntuCve
UbuntuCve
•added 2016/04/29 12:0 a.m.•47 views

CVE-2016-4342

ext/phar/pharobject.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other impact via a crafted 1 TAR, 2 ZIP, or 3 PHAR archive...

8.8CVSS7.1AI score0.05345EPSS
Exploits2References2
UbuntuCve
UbuntuCve
•added 2016/04/07 12:0 a.m.•47 views

CVE-2016-3948

Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers...

7.5CVSS7.2AI score0.35265EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2015/10/22 12:0 a.m.•47 views

CVE-2015-7705

The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests...

9.8CVSS6.8AI score0.12351EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2015/10/01 12:59 a.m.•47 views

CVE-2015-3834

Multiple integer overflows in the BnHDCP::onTransact function in media/libmedia/IHDCP.cpp in libstagefright in Android before 5.1.1 LMY48I allow attackers to execute arbitrary code via a crafted application that uses HDCP encryption, leading to a heap-based buffer overflow, aka internal bug...

10CVSS6.3AI score0.01223EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2015/07/02 12:0 a.m.•47 views

CVE-2015-5364

The 1 udprecvmsg and 2 udpv6recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service system hang via incorrect checksums within a UDP packet flood...

7.8CVSS6.8AI score0.06267EPSS
Exploits0References12
UbuntuCve
UbuntuCve
•added 2015/06/23 12:0 a.m.•47 views

CVE-2015-4601

PHP before 5.6.7 might allow remote attackers to cause a denial of service application crash or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in 1 ext/soap/phpencoding.c, 2 ext/soap/phphttp.c, and 3 ext/soap/soap.c, a different issue than...

10CVSS7.2AI score0.08171EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2015/06/09 6:59 p.m.•47 views

CVE-2015-3307

The pharparsemetadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service heap metadata corruption or possibly have unspecified other impact via a crafted tar archive...

7.5CVSS6.8AI score0.07697EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2015/06/09 12:0 a.m.•47 views

CVE-2015-4148

The dosoapcall function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a...

5CVSS6.8AI score0.19961EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2015/06/09 12:0 a.m.•47 views

CVE-2015-4026

The pcntlexec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument...

7.5CVSS7.2AI score0.1968EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2015/06/07 12:0 a.m.•47 views

CVE-2014-7810

The Expression Language EL implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanis...

5CVSS6.8AI score0.13872EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2015/02/10 5:59 p.m.•47 views

CVE-2015-1432

The messageoptions function in includes/ucp/ucppmoptions.php in phpBB before 3.0.13 does not properly validate the form key, which allows remote attackers to conduct CSRF attacks and change the full folder setting via unspecified vectors...

6.8CVSS5.9AI score0.01114EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2015/01/10 7:59 p.m.•47 views

CVE-2014-9495

Heap-based buffer overflow in the pngcombinerow function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image...

10CVSS7.7AI score0.03889EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2014/12/26 2:59 a.m.•47 views

CVE-2011-3592

Multiple cross-site scripting XSS vulnerabilities in the PMAunInlineEditRow function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a 1 database name, 2 table name, or 3 column name that is not properly handled after an...

3.5CVSS5.9AI score0.01449EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2014/11/24 4:59 p.m.•47 views

CVE-2010-5312

Cross-site scripting XSS vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option...

6.1CVSS6.7AI score0.18351EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2014/07/09 2:55 p.m.•47 views

CVE-2014-4022

The allocdomainstruct function in arch/arm/domain.c in Xen 4.4.x, when running on an ARM platform, does not properly initialize the structure containing the grant table pages for a domain, which allows local guest administrators to obtain sensitive information via the GNTTABOPsetuptable...

2.7CVSS5.9AI score0.00542EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2014/06/05 12:0 p.m.•47 views

CVE-2014-0221

The dtls1getmessagefragment function in d1both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service recursion and client crash via a DTLS hello message in an invalid DTLS handshake...

4.3CVSS7AI score0.87892EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2014/05/05 5:6 p.m.•47 views

CVE-2010-5109

Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service crash via a crafted TNEF file, which triggers a buffer overflow...

4.3CVSS6.2AI score0.02387EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2014/04/15 12:0 a.m.•47 views

CVE-2014-0452

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0458 and CVE-2014-2423...

7.5CVSS7.1AI score0.04976EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2014/04/15 12:0 a.m.•47 views

CVE-2014-2398

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc...

3.5CVSS7AI score0.02575EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2014/04/15 12:0 a.m.•47 views

CVE-2013-5704

The modheaders module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."...

5CVSS6.7AI score0.60205EPSS
Exploits2References5
UbuntuCve
UbuntuCve
•added 2014/03/25 12:0 a.m.•47 views

CVE-2014-0076

The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack...

1.9CVSS6.8AI score0.00942EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2014/03/11 12:0 a.m.•47 views

CVE-2014-0101

The sctpsfdo51Dce function in net/sctp/smstatefuns.c in the Linux kernel through 3.13.6 does not validate certain authenable and authcapable fields before making an sctpsfauthenticate call, which allows remote attackers to cause a denial of service NULL pointer dereference and system crash via an...

7.8CVSS6.5AI score0.07045EPSS
Exploits0References14
UbuntuCve
UbuntuCve
•added 2014/02/05 12:0 a.m.•47 views

CVE-2014-1491

Mozilla Network Security Services NSS before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote...

4.3CVSS6.8AI score0.04664EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2013/11/26 12:0 a.m.•47 views

CVE-2013-6382

Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service memory corruption or possibly have unspecified other impact by leveraging the CAPSYSADMIN capability for a 1 XFSIOCATTRLISTBYHANDLE or 2 XFSIOCATTRLISTBYHANDLE32...

4CVSS6.9AI score0.00575EPSS
Exploits1References15
UbuntuCve
UbuntuCve
•added 2013/10/16 12:0 a.m.•47 views

CVE-2013-5780

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to...

4.3CVSS6.8AI score0.03433EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2013/09/25 12:0 a.m.•47 views

CVE-2013-4343

Use-after-free vulnerability in drivers/net/tun.c in the Linux kernel through 3.11.1 allows local users to gain privileges by leveraging the CAPNETADMIN capability and providing an invalid tuntap interface name in a TUNSETIFF ioctl call...

6.9CVSS6.8AI score0.00355EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2013/06/18 12:0 a.m.•47 views

CVE-2013-2471

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2...

10CVSS7.1AI score0.14749EPSS
Exploits4References6
UbuntuCve
UbuntuCve
•added 2013/02/28 12:0 a.m.•47 views

CVE-2013-1774

The chaseport function in drivers/usb/serial/ioti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service NULL pointer dereference and system crash via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter...

4CVSS6.8AI score0.00388EPSS
Exploits0References13
UbuntuCve
UbuntuCve
•added 2013/02/01 12:0 a.m.•47 views

CVE-2013-0442

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors relat...

10CVSS7.2AI score0.08087EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2013/01/13 10:55 p.m.•47 views

CVE-2013-0156

activesupport/coreext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a...

7.5CVSS7.5AI score0.99449EPSS
Exploits21References3
UbuntuCve
UbuntuCve
•added 2013/01/13 10:55 p.m.•47 views

CVE-2013-0155

Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NU...

6.4CVSS7.1AI score0.08245EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2012/10/01 12:55 a.m.•47 views

CVE-2012-1588

Algorithmic complexity vulnerability in the filterurl function in the text filtering system modules/filter/filter.module in Drupal 7.x before 7.14 allows remote authenticated users with certain roles to cause a denial of service CPU consumption via a long email address...

3.5CVSS5.9AI score0.01234EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2012/08/13 11:55 p.m.•47 views

CVE-2012-2330

The Update method in src/nodehttpparser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information request header contents and possibly spoof HTTP headers via a zero length string...

6.4CVSS5.9AI score0.02595EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2012/08/06 4:55 p.m.•47 views

CVE-2010-5139

Integer overflow in wxBitcoin and bitcoind before 0.3.11 allows remote attackers to bypass intended economic restrictions and create many bitcoins via a crafted Bitcoin transaction...

7.5CVSS5.9AI score0.0262EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2012/06/05 12:0 a.m.•47 views

CVE-2012-2143

The cryptdes aka DES-based crypt function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an...

4.3CVSS7.2AI score0.05734EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2012/04/28 10:6 a.m.•47 views

CVE-2012-2213

Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher is unable to provide a squid.conf file for a vulnerable system, and...

5CVSS6AI score0.12314EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2011/10/19 12:0 a.m.•47 views

CVE-2011-4136

django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that...

5.8CVSS5.9AI score0.02284EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2011/10/04 10:55 a.m.•47 views

CVE-2011-2894

Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by 1 serializing a...

6.8CVSS6.2AI score0.08532EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2011/10/02 8:55 p.m.•47 views

CVE-2011-3973

cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service incorrect write operation and application crash via an invalid bitstream in a Chinese AVS video aka CAVS file, related to the decoderesidualblock, checkforslice, and...

5CVSS7.3AI score0.02502EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2011/06/14 6:55 p.m.•47 views

CVE-2011-0786

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors...

7.6CVSS5.9AI score0.02437EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2011/03/16 12:0 a.m.•47 views

CVE-2011-0411

The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is...

6.8CVSS7.2AI score0.16334EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2011/02/18 12:0 a.m.•47 views

CVE-2011-0712

Multiple buffer overflows in the caiaq Native Instruments USB audio functionality in the Linux kernel before 2.6.38-rc4-next-20110215 might allow attackers to cause a denial of service or possibly have unspecified other impact via a long USB device name, related to 1 the sndusbcaiaqaudioinit...

7.2CVSS7.3AI score0.00435EPSS
Exploits1References9
UbuntuCve
UbuntuCve
•added 2011/02/17 7:0 p.m.•47 views

CVE-2010-4452

Unspecified vulnerability in the Deployment component in Java Runtime Environment JRE in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown...

10CVSS5.9AI score0.8316EPSS
Exploits11References2
UbuntuCve
UbuntuCve
•added 2010/12/23 12:0 a.m.•47 views

CVE-2010-3881

arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via read operations on the /dev/kvm device...

2.1CVSS5.9AI score0.0048EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2010/09/21 12:0 a.m.•47 views

CVE-2010-3067

Integer overflow in the doiosubmit function in fs/aio.c in the Linux kernel before 2.6.36-rc4-next-20100915 allows local users to cause a denial of service or possibly have unspecified other impact via crafted use of the iosubmit system call...

4.9CVSS6.3AI score0.00428EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2010/09/07 12:0 a.m.•47 views

CVE-2010-2764

Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to discover the existence of intranet web...

4.3CVSS7.2AI score0.02001EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2010/07/28 12:0 a.m.•47 views

CVE-2010-1452

The 1 modcache and 2 moddav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service process crash via a request that lacks a path...

5CVSS6.7AI score0.2187EPSS
Exploits2References2
Total number of security vulnerabilities5000