Lucene search
+L
UbuntucveMost viewed

71772 matches found

UbuntuCve
UbuntuCve
•added 2015/10/22 12:0 a.m.•47 views

CVE-2015-7705

The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests...

9.8CVSS6.8AI score0.12351EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2015/10/21 12:0 a.m.•47 views

CVE-2015-4844

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D...

10CVSS6.8AI score0.07514EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2015/10/01 12:59 a.m.•47 views

CVE-2015-3834

Multiple integer overflows in the BnHDCP::onTransact function in media/libmedia/IHDCP.cpp in libstagefright in Android before 5.1.1 LMY48I allow attackers to execute arbitrary code via a crafted application that uses HDCP encryption, leading to a heap-based buffer overflow, aka internal bug...

10CVSS6.3AI score0.01223EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2015/09/03 10:59 p.m.•47 views

CVE-2015-1296

The UnescapeURLWithAdjustmentsImpl implementation in net/base/escape.cc in Google Chrome before 45.0.2454.85 does not prevent display of Unicode LOCK characters in the omnibox, which makes it easier for remote attackers to spoof the SSL lock icon by placing one of these characters at the end of a...

5CVSS7.3AI score0.01472EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2015/07/16 12:0 a.m.•47 views

CVE-2015-4733

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI...

10CVSS6.3AI score0.05766EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2015/07/16 12:0 a.m.•47 views

CVE-2015-4760

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D...

10CVSS6.3AI score0.07031EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2015/07/02 12:0 a.m.•47 views

CVE-2015-5364

The 1 udprecvmsg and 2 udpv6recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service system hang via incorrect checksums within a UDP packet flood...

7.8CVSS6.8AI score0.06267EPSS
Exploits0References12
UbuntuCve
UbuntuCve
•added 2015/06/09 6:59 p.m.•47 views

CVE-2015-3307

The pharparsemetadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service heap metadata corruption or possibly have unspecified other impact via a crafted tar archive...

7.5CVSS6.8AI score0.07697EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2015/06/09 12:0 a.m.•47 views

CVE-2015-4026

The pcntlexec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument...

7.5CVSS7.2AI score0.1968EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2015/06/07 12:0 a.m.•47 views

CVE-2014-7810

The Expression Language EL implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanis...

5CVSS6.8AI score0.13872EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2015/06/02 12:0 a.m.•47 views

CVE-2015-1791

Race condition in the ssl3getnewsessionticket function in ssl/s3clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service double free and application crash or...

6.8CVSS7.1AI score0.15968EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2015/02/10 5:59 p.m.•47 views

CVE-2015-1432

The messageoptions function in includes/ucp/ucppmoptions.php in phpBB before 3.0.13 does not properly validate the form key, which allows remote attackers to conduct CSRF attacks and change the full folder setting via unspecified vectors...

6.8CVSS5.9AI score0.01114EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2015/01/10 7:59 p.m.•47 views

CVE-2014-9495

Heap-based buffer overflow in the pngcombinerow function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image...

10CVSS7.7AI score0.03889EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2014/12/31 2:59 a.m.•47 views

CVE-2014-9425

Double free vulnerability in the zendtshashgracefuldestroy function in zendtshash.c in the Zend Engine in PHP through 5.5.20 and 5.6.x through 5.6.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...

7.5CVSS6.8AI score0.03664EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2014/11/24 4:59 p.m.•47 views

CVE-2010-5312

Cross-site scripting XSS vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option...

6.1CVSS6.7AI score0.18351EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2014/08/01 11:13 a.m.•47 views

CVE-2014-3534

arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACEPOKEUSRAREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a...

7.2CVSS6.8AI score0.00469EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2014/07/22 12:0 a.m.•47 views

CVE-2014-1544

Use-after-free vulnerability in the CERTDestroyCertificate function in libnss3.so in Mozilla Network Security Services NSS 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger...

10CVSS7.3AI score0.06109EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2014/07/09 2:55 p.m.•47 views

CVE-2014-4022

The allocdomainstruct function in arch/arm/domain.c in Xen 4.4.x, when running on an ARM platform, does not properly initialize the structure containing the grant table pages for a domain, which allows local guest administrators to obtain sensitive information via the GNTTABOPsetuptable...

2.7CVSS5.9AI score0.00542EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2014/05/08 10:55 a.m.•48 views

CVE-2014-0116

CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists...

5.8CVSS6.9AI score0.06516EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2014/05/05 5:6 p.m.•47 views

CVE-2010-5109

Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service crash via a crafted TNEF file, which triggers a buffer overflow...

4.3CVSS6.2AI score0.02387EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2014/03/25 12:0 a.m.•47 views

CVE-2014-0076

The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack...

1.9CVSS6.8AI score0.00942EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2014/03/11 12:0 a.m.•47 views

CVE-2014-0101

The sctpsfdo51Dce function in net/sctp/smstatefuns.c in the Linux kernel through 3.13.6 does not validate certain authenable and authcapable fields before making an sctpsfauthenticate call, which allows remote attackers to cause a denial of service NULL pointer dereference and system crash via an...

7.8CVSS6.5AI score0.07045EPSS
Exploits0References14
UbuntuCve
UbuntuCve
•added 2014/01/18 12:0 a.m.•47 views

CVE-2014-1446

The yamioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAPNETADMIN capability for an SIOCYAMGCFG ioctl call...

1.9CVSS6.8AI score0.00649EPSS
Exploits1References13
UbuntuCve
UbuntuCve
•added 2013/11/26 12:0 a.m.•47 views

CVE-2013-6382

Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service memory corruption or possibly have unspecified other impact by leveraging the CAPSYSADMIN capability for a 1 XFSIOCATTRLISTBYHANDLE or 2 XFSIOCATTRLISTBYHANDLE32...

4CVSS6.9AI score0.00575EPSS
Exploits1References15
UbuntuCve
UbuntuCve
•added 2013/11/23 6:55 p.m.•47 views

CVE-2013-6384

1 impldb2.py and 2 implmongodb.py in OpenStack Ceilometer 2013.2 and earlier, when the logging level is set to INFO, logs the connection string from ceilometer.conf, which allows local users to obtain sensitive information the DB2 or MongoDB password by reading the log file...

1.9CVSS5.9AI score0.0041EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2013/09/25 12:0 a.m.•47 views

CVE-2013-4343

Use-after-free vulnerability in drivers/net/tun.c in the Linux kernel through 3.11.1 allows local users to gain privileges by leveraging the CAPNETADMIN capability and providing an invalid tuntap interface name in a TUNSETIFF ioctl call...

6.9CVSS6.8AI score0.00355EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2013/09/16 1:2 p.m.•47 views

CVE-2013-4313

Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not prevent use of '\0' characters in query strings, which might allow remote attackers to conduct SQL injection attacks against Microsoft SQL Server via a crafted string...

7.5CVSS6AI score0.01206EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2013/08/17 12:0 a.m.•47 views

CVE-2013-4238

The ssl.matchhostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate...

4.3CVSS7AI score0.05347EPSS
Exploits1References7
UbuntuCve
UbuntuCve
•added 2013/06/18 12:0 a.m.•47 views

CVE-2013-2471

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2...

10CVSS7.1AI score0.14749EPSS
Exploits4References6
UbuntuCve
UbuntuCve
•added 2013/02/01 12:0 a.m.•47 views

CVE-2013-0442

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors relat...

10CVSS7.2AI score0.08087EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2012/10/01 12:55 a.m.•47 views

CVE-2012-1588

Algorithmic complexity vulnerability in the filterurl function in the text filtering system modules/filter/filter.module in Drupal 7.x before 7.14 allows remote authenticated users with certain roles to cause a denial of service CPU consumption via a long email address...

3.5CVSS5.9AI score0.01234EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2012/08/06 4:55 p.m.•47 views

CVE-2010-5139

Integer overflow in wxBitcoin and bitcoind before 0.3.11 allows remote attackers to bypass intended economic restrictions and create many bitcoins via a crafted Bitcoin transaction...

7.5CVSS5.9AI score0.0262EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2012/06/18 7:55 p.m.•47 views

CVE-2011-3671

Use-after-free vulnerability in the nsHTMLSelectElement function in nsHTMLSelectElement.cpp in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allows remote attackers to execute arbitrary code via vectors involving removal of the parent node of an element...

7.5CVSS6AI score0.01846EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2012/06/05 12:0 a.m.•47 views

CVE-2012-2143

The cryptdes aka DES-based crypt function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an...

4.3CVSS7.2AI score0.05734EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2011/10/19 12:0 a.m.•47 views

CVE-2011-4136

django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that...

5.8CVSS5.9AI score0.02284EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2011/10/02 8:55 p.m.•47 views

CVE-2011-3973

cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service incorrect write operation and application crash via an invalid bitstream in a Chinese AVS video aka CAVS file, related to the decoderesidualblock, checkforslice, and...

5CVSS7.3AI score0.02502EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2011/06/14 6:55 p.m.•47 views

CVE-2011-0786

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors...

7.6CVSS5.9AI score0.02437EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2011/02/18 12:0 a.m.•47 views

CVE-2011-0712

Multiple buffer overflows in the caiaq Native Instruments USB audio functionality in the Linux kernel before 2.6.38-rc4-next-20110215 might allow attackers to cause a denial of service or possibly have unspecified other impact via a long USB device name, related to 1 the sndusbcaiaqaudioinit...

7.2CVSS7.3AI score0.00435EPSS
Exploits1References9
UbuntuCve
UbuntuCve
•added 2011/02/17 7:0 p.m.•47 views

CVE-2010-4452

Unspecified vulnerability in the Deployment component in Java Runtime Environment JRE in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown...

10CVSS5.9AI score0.8316EPSS
Exploits11References2
UbuntuCve
UbuntuCve
•added 2010/12/23 12:0 a.m.•47 views

CVE-2010-3881

arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via read operations on the /dev/kvm device...

2.1CVSS5.9AI score0.0048EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2010/09/07 12:0 a.m.•47 views

CVE-2010-2764

Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to discover the existence of intranet web...

4.3CVSS7.2AI score0.02001EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2010/06/07 12:0 a.m.•47 views

CVE-2010-2024

transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/...

4.4CVSS7.1AI score0.0028EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2009/09/02 5:30 p.m.•47 views

CVE-2009-3043

The ttyldischangup function in drivers/char/ttyldisc.c in the Linux kernel 2.6.31-rc before 2.6.31-rc8 allows local users to cause a denial of service system crash, sometimes preceded by a NULL pointer dereference or possibly gain privileges via certain pseudo-terminal I/O activity, as demonstrat...

4.9CVSS5.9AI score0.00852EPSS
Exploits2References1
UbuntuCve
UbuntuCve
•added 2009/09/01 6:30 p.m.•47 views

CVE-2009-3042

SQL injection vulnerability in machine.php in Open Computer and Software OCS Inventory NG 1.02.1 allows remote attackers to execute arbitrary SQL commands via the systemid parameter, a different vector than CVE-2009-3040...

7.5CVSS6.2AI score0.02958EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2009/07/23 8:30 p.m.•47 views

CVE-2009-2584

Off-by-one error in the optionswrite function in drivers/misc/sgi-gru/gruprocfs.c in the SGI GRU driver in the Linux kernel 2.6.30.2 and earlier on ia64 and x86 platforms might allow local users to overwrite arbitrary memory locations and gain privileges via a crafted count argument, which trigge...

7.2CVSS6.4AI score0.0052EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2009/06/12 12:0 a.m.•47 views

CVE-2009-1836

Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying...

6.8CVSS6.1AI score0.02032EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2009/06/05 12:0 a.m.•47 views

CVE-2009-0580

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /jsecuritycheck with malformed URL encoding of passwords, related to improper error checking in the 1...

4.3CVSS6.3AI score0.9444EPSS
Exploits4References3
UbuntuCve
UbuntuCve
•added 2009/03/25 12:0 a.m.•47 views

CVE-2009-1095

Integer overflow in unpack200 in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers...

10CVSS6.6AI score0.07099EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2009/02/19 6:30 p.m.•47 views

CVE-2008-6189

SQL injection vulnerability in GForge 4.5.19 allows remote attackers to execute arbitrary SQL commands via the offset parameter to 1 new/index.php, 2 news/index.php, and 3 top/topusers.php, which is not properly handled in database-pgsql.php...

7.5CVSS6.1AI score0.02321EPSS
Exploits2References1
UbuntuCve
UbuntuCve
•added 2008/10/31 12:0 a.m.•47 views

CVE-2008-4866

Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 before r14715, as used by MPlayer, allow context-dependent attackers to have an unknown impact via vectors related to execution of DTS generation code with a delay greater than MAXREORDERDELAY...

10CVSS6.3AI score0.04685EPSS
Exploits1References2
Total number of security vulnerabilities5000