Lucene search
K
UbuntucveMost viewed

68528 matches found

UbuntuCve
UbuntuCve
•added 2022/07/13 9:15 p.m.•46 views

CVE-2022-32117

Jerryscript v2.4.0 was discovered to contain a stack buffer overflow via the function jerryxprintunhandledexception in /util/print.c...

7.8CVSS7.3AI score0.00329EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2022/07/07 12:0 a.m.•46 views

CVE-2022-22677

A logic issue in the handling of concurrent media was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. Video self-preview in a webRTC call may be interrupted if the user answers a phone call...

4.3CVSS6.8AI score0.00633EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/06/28 6:15 p.m.•46 views

CVE-2022-31056

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all assistance forms Ticket/Change/Problem permit sql injection on the actor fields. This issue has been resolved in version 10.0.2 and...

9.8CVSS7AI score0.0858EPSS
Exploits3References2
UbuntuCve
UbuntuCve
•added 2022/06/27 1:15 p.m.•46 views

CVE-2022-2208

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163...

7.8CVSS6.8AI score0.01303EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2022/06/09 8:15 p.m.•46 views

CVE-2022-31033

The Mechanize library is used for automating interaction with websites. Mechanize automatically stores and sends cookies, follows redirects, and can follow links and submit forms. In versions prior to 2.8.5 the Authorization header is leaked after a redirect to a different port on the same site...

7.5CVSS7.1AI score0.01392EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/06/08 1:15 p.m.•46 views

CVE-2022-30790

Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552...

7.8CVSS7AI score0.00554EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2022/06/02 12:0 a.m.•46 views

CVE-2022-1972

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-2078. Reason: This candidate is a reservation duplicate of CVE-2022-2078. Notes: All CVE users should reference CVE-2022-2078 instead of this candidate. All references and descriptions in this candidate have been removed to...

6.8AI score
Exploits1References7
UbuntuCve
UbuntuCve
•added 2022/05/26 5:15 p.m.•46 views

CVE-2022-22577

An XSS Vulnerability in Action Pack = 5.2.0 and 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses...

6.1CVSS6.3AI score0.01594EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/05/24 5:0 p.m.•46 views

CVE-2022-21499

KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7...

6.7CVSS6.8AI score0.00612EPSS
Exploits0References11
UbuntuCve
UbuntuCve
•added 2022/05/20 8:15 p.m.•46 views

CVE-2022-24434

This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the service continuously crashes...

7.5CVSS6.8AI score0.03035EPSS
Exploits2References6
UbuntuCve
UbuntuCve
•added 2022/05/17 12:0 a.m.•46 views

CVE-2022-28184

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape, where an unprivileged regular user can access administrator- privileged registers, which may lead to denial of service, information disclosure, and data...

7.8CVSS7.1AI score0.00293EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/05/17 12:0 a.m.•46 views

CVE-2022-28183

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause an out-of-bounds read, which may lead to denial of service and information disclosure...

7.7CVSS7AI score0.0033EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/05/12 11:15 a.m.•46 views

CVE-2022-1650

Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2...

9.3CVSS7.1AI score0.01799EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2022/05/11 3:15 p.m.•46 views

CVE-2022-1545

It was possible to disclose details of confidential notes created via the API in Gitlab CE/EE affecting all versions from 13.2 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1 if an unauthorised project member was tagged in the note...

4.3CVSS6.2AI score0.00765EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/05/10 8:15 p.m.•46 views

CVE-2022-20008

In mmcblkreadsingle of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for...

4.6CVSS7AI score0.00361EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2022/05/04 8:15 p.m.•46 views

CVE-2022-29155

In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping...

9.8CVSS7.2AI score0.69899EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2022/04/28 1:15 a.m.•46 views

CVE-2022-29869

cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = equal sign characters but is not a valid credentials file...

5.3CVSS6.8AI score0.01804EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/04/27 6:0 a.m.•46 views

CVE-2022-27775

An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead...

7.5CVSS6.8AI score0.02794EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2022/04/15 2:15 p.m.•46 views

CVE-2022-28048

STB v2.27 was discovered to contain an integer shift of invalid size in the component stbijpegdecodeblockprogac...

8.8CVSS7.2AI score0.01557EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2022/04/11 6:15 a.m.•46 views

CVE-2021-32160

A Cross-Site Scripting XSS vulnerability exists in Webmin 1.973 through the Add Users feature...

6.1CVSS6.3AI score0.02001EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2022/04/11 6:15 a.m.•46 views

CVE-2021-32162

A Cross-site request forgery CSRF vulnerability exists in Webmin 1.973 through the File Manager feature...

8.8CVSS7.2AI score0.02562EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2022/04/08 12:0 a.m.•46 views

CVE-2022-22629

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution...

8.8CVSS7.5AI score0.03668EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/04/01 11:15 p.m.•46 views

CVE-2022-22950

n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition...

6.5CVSS7AI score0.35834EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/03/16 3:15 p.m.•46 views

CVE-2021-39698

In aiopollcompletework of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

7.8CVSS7AI score0.00232EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2022/03/10 5:42 p.m.•46 views

CVE-2021-3660

Cockpit and its plugins do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an HTML entry. This may be used by a malicious website in clickjacking or similar attacks...

4.3CVSS6.2AI score0.01242EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/02/24 4:15 p.m.•46 views

CVE-2022-24687

HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.10.7, and 1.11.2 clusters with at least one Ingress Gateway allow a user with service:write to register a specifically-defined service that can cause Consul servers to panic. Fixed in 1.9.15, 1.10.8, and 1.11.3...

6.5CVSS6.8AI score0.01366EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/02/20 6:15 p.m.•46 views

CVE-2021-45083

An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobble...

7.1CVSS7.1AI score0.00311EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2022/02/14 7:15 p.m.•46 views

CVE-2021-45346

A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries made via editing the Database File, it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain...

4.3CVSS6.8AI score0.01614EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2022/02/11 5:15 p.m.•46 views

CVE-2021-45386

tcpreplay 4.3.4 has a Reachable Assertion in addtreeipv6 at tree.c...

5.5CVSS6.4AI score0.00712EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2022/02/04 11:15 p.m.•46 views

CVE-2021-4154

A use-after-free flaw was found in cgroup1parseparam in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service ...

8.8CVSS6.7AI score0.01206EPSS
Exploits2References2
UbuntuCve
UbuntuCve
•added 2022/02/01 2:15 a.m.•46 views

CVE-2021-46668

MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures...

5.5CVSS6.8AI score0.004EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2022/01/28 10:15 p.m.•46 views

CVE-2021-4160

There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis...

5.9CVSS6.7AI score0.03803EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2022/01/19 12:15 p.m.•46 views

CVE-2022-21282

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

5.3CVSS6.5AI score0.02877EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2022/01/19 12:15 p.m.•46 views

CVE-2022-21341

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability...

5.3CVSS6.6AI score0.03765EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2021/12/08 12:0 a.m.•46 views

CVE-2021-43537

An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...

8.8CVSS7.2AI score0.0202EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2021/11/17 7:15 p.m.•46 views

CVE-2021-41164

CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result ...

8.2CVSS6.6AI score0.01257EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2021/11/02 10:15 p.m.•46 views

CVE-2021-37983

Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS7.2AI score0.00875EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2021/10/27 1:15 a.m.•46 views

CVE-2011-4124

Input validation issues were found in Calibre at devices/linuxmounthelper.c which can lead to argument injection and elevation of privileges...

10CVSS7.2AI score0.02235EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2021/10/20 11:16 a.m.•46 views

CVE-2021-35588

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Java SE: 7u311, 8u301; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker wi...

3.1CVSS6.8AI score0.03599EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2021/10/04 6:15 p.m.•46 views

CVE-2021-32672

Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support 3.2 or newer...

5.3CVSS6.7AI score0.01702EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2021/10/04 12:0 a.m.•46 views

CVE-2021-41103

containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory...

7.8CVSS6.6AI score0.00482EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2021/09/20 2:15 p.m.•46 views

CVE-2020-21913

International Components for Unicode ICU-20850 v66.1 was discovered to contain a use after free bug in the pkgcreateWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp...

5.5CVSS6.8AI score0.01133EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2021/09/03 1:15 a.m.•46 views

CVE-2021-40490

A race condition was discovered in ext4writeinlinedataend in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13...

7CVSS6.8AI score0.00303EPSS
Exploits0References11
UbuntuCve
UbuntuCve
•added 2021/08/23 9:15 p.m.•46 views

CVE-2020-18734

A stack buffer overflow in /ddsi/qbitset.h of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash...

7.5CVSS7.3AI score0.01862EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2021/08/11 12:0 a.m.•46 views

CVE-2021-29989

Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird 78.13,...

8.8CVSS7.3AI score0.01268EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2021/08/10 5:15 p.m.•46 views

CVE-2020-23171

A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash characters included in the name of the crafted file...

5.5CVSS6.2AI score0.00656EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2021/08/08 8:15 p.m.•46 views

CVE-2021-38198

arch/x86/kvm/mmu/pagingtmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault...

5.5CVSS6.8AI score0.00469EPSS
Exploits1References8
UbuntuCve
UbuntuCve
•added 2021/07/09 11:15 a.m.•46 views

CVE-2021-3612

An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from th...

7.8CVSS6.7AI score0.00687EPSS
Exploits0References14
UbuntuCve
UbuntuCve
•added 2021/07/01 3:15 a.m.•46 views

CVE-2021-36084

The CIL compiler in SELinux 3.2 has a use-after-free in cilverifyclassperms called from cilverifyclasspermission and cilpreverifyhelper...

3.3CVSS6.8AI score0.00481EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2021/06/21 5:15 p.m.•46 views

CVE-2021-0512

In hidinputchangeresolutionmultipliers of hid-input.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

7.8CVSS7.2AI score0.00282EPSS
Exploits0References2
Total number of security vulnerabilities5000