Lucene search
+L
UbuntucveMost viewed

71772 matches found

ubuntucve
ubuntucve
•added 2022/07/27 12:0 a.m.•46 views

CVE-2022-36318

When visiting directory listings for chrome:// URLs as source text, some parameters were reflected. This vulnerability affects Firefox ESR 102.1, Firefox ESR 91.12, Firefox 103, Thunderbird 102.1, and Thunderbird 91.12...

5.3CVSS6.8AI score0.00493EPSS
Exploits0References5
ubuntucve
ubuntucve
•added 2022/07/26 10:15 p.m.•46 views

CVE-2022-1364

Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS7.4AI score0.1372EPSS
Exploits2References2
ubuntucve
ubuntucve
•added 2022/07/18 3:15 p.m.•46 views

CVE-2021-33656

When setting font with malicous data by ioctl cmd PIOFONT,kernel will write memory out of bounds...

6.8CVSS6.8AI score0.00573EPSS
Exploits0References17
ubuntucve
ubuntucve
•added 2022/07/13 9:15 p.m.•46 views

CVE-2022-32117

Jerryscript v2.4.0 was discovered to contain a stack buffer overflow via the function jerryxprintunhandledexception in /util/print.c...

7.8CVSS7.3AI score0.00329EPSS
Exploits1References1
ubuntucve
ubuntucve
•added 2022/07/07 12:0 a.m.•46 views

CVE-2022-22677

A logic issue in the handling of concurrent media was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. Video self-preview in a webRTC call may be interrupted if the user answers a phone call...

4.3CVSS6.8AI score0.00633EPSS
Exploits0References3
ubuntucve
ubuntucve
•added 2022/06/28 6:15 p.m.•46 views

CVE-2022-31056

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all assistance forms Ticket/Change/Problem permit sql injection on the actor fields. This issue has been resolved in version 10.0.2 and...

9.8CVSS7AI score0.08637EPSS
Exploits3References2
ubuntucve
ubuntucve
•added 2022/06/27 1:15 p.m.•46 views

CVE-2022-2208

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163...

7.8CVSS6.8AI score0.01312EPSS
Exploits1References4
ubuntucve
ubuntucve
•added 2022/06/09 8:15 p.m.•46 views

CVE-2022-31033

The Mechanize library is used for automating interaction with websites. Mechanize automatically stores and sends cookies, follows redirects, and can follow links and submit forms. In versions prior to 2.8.5 the Authorization header is leaked after a redirect to a different port on the same site...

7.5CVSS7.1AI score0.01392EPSS
Exploits0References3
ubuntucve
ubuntucve
•added 2022/06/08 1:15 p.m.•46 views

CVE-2022-30790

Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552...

7.8CVSS7AI score0.00554EPSS
Exploits1References5
ubuntucve
ubuntucve
•added 2022/06/06 5:15 p.m.•46 views

CVE-2022-1940

A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf via specially crafted Jira Issues...

7.7CVSS6.2AI score0.06334EPSS
Exploits0References2
ubuntucve
ubuntucve
•added 2022/06/02 12:0 a.m.•46 views

CVE-2022-1972

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-2078. Reason: This candidate is a reservation duplicate of CVE-2022-2078. Notes: All CVE users should reference CVE-2022-2078 instead of this candidate. All references and descriptions in this candidate have been removed to...

6.8AI score
Exploits1References7
ubuntucve
ubuntucve
•added 2022/05/26 5:15 p.m.•46 views

CVE-2022-22577

An XSS Vulnerability in Action Pack = 5.2.0 and 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses...

6.1CVSS6.3AI score0.01594EPSS
Exploits0References2
ubuntucve
ubuntucve
•added 2022/05/24 5:0 p.m.•46 views

CVE-2022-21499

KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7...

6.7CVSS6.8AI score0.00612EPSS
Exploits0References11
ubuntucve
ubuntucve
•added 2022/05/20 8:15 p.m.•46 views

CVE-2022-24434

This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the service continuously crashes...

7.5CVSS6.8AI score0.03237EPSS
Exploits2References6
ubuntucve
ubuntucve
•added 2022/05/17 12:0 a.m.•46 views

CVE-2022-28184

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape, where an unprivileged regular user can access administrator- privileged registers, which may lead to denial of service, information disclosure, and data...

7.8CVSS7.1AI score0.00293EPSS
Exploits0References2
ubuntucve
ubuntucve
•added 2022/05/12 11:15 a.m.•46 views

CVE-2022-1650

Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2...

9.3CVSS7.1AI score0.01799EPSS
Exploits1References6
ubuntucve
ubuntucve
•added 2022/05/11 3:15 p.m.•46 views

CVE-2022-1545

It was possible to disclose details of confidential notes created via the API in Gitlab CE/EE affecting all versions from 13.2 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1 if an unauthorised project member was tagged in the note...

4.3CVSS6.2AI score0.00765EPSS
Exploits0References3
ubuntucve
ubuntucve
•added 2022/05/04 8:15 p.m.•46 views

CVE-2022-29155

In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping...

9.8CVSS7.2AI score0.69899EPSS
Exploits1References3
ubuntucve
ubuntucve
•added 2022/04/28 1:15 a.m.•46 views

CVE-2022-29869

cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = equal sign characters but is not a valid credentials file...

5.3CVSS6.8AI score0.01866EPSS
Exploits0References3
ubuntucve
ubuntucve
•added 2022/04/27 6:0 a.m.•46 views

CVE-2022-27775

An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead...

7.5CVSS6.8AI score0.02794EPSS
Exploits1References2
ubuntucve
ubuntucve
•added 2022/04/19 9:15 p.m.•46 views

CVE-2022-21457

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PAM Auth Plugin. Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server...

5.9CVSS6.7AI score0.02092EPSS
Exploits0References3
ubuntucve
ubuntucve
•added 2022/04/15 2:15 p.m.•46 views

CVE-2022-28048

STB v2.27 was discovered to contain an integer shift of invalid size in the component stbijpegdecodeblockprogac...

8.8CVSS7.2AI score0.01557EPSS
Exploits1References3
ubuntucve
ubuntucve
•added 2022/04/11 6:15 a.m.•46 views

CVE-2021-32162

A Cross-site request forgery CSRF vulnerability exists in Webmin 1.973 through the File Manager feature...

8.8CVSS7.2AI score0.02562EPSS
Exploits1References2
ubuntucve
ubuntucve
•added 2022/04/08 12:0 a.m.•46 views

CVE-2022-22629

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution...

8.8CVSS7.5AI score0.03668EPSS
Exploits0References3
ubuntucve
ubuntucve
•added 2022/04/01 11:15 p.m.•46 views

CVE-2022-22950

n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition...

6.5CVSS7AI score0.35834EPSS
Exploits0References2
ubuntucve
ubuntucve
•added 2022/03/16 3:15 p.m.•46 views

CVE-2021-39698

In aiopollcompletework of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

7.8CVSS7AI score0.00238EPSS
Exploits0References9
ubuntucve
ubuntucve
•added 2022/03/11 7:15 a.m.•46 views

CVE-2020-36518

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects...

7.5CVSS6.8AI score0.0486EPSS
Exploits1References2
ubuntucve
ubuntucve
•added 2022/02/24 4:15 p.m.•46 views

CVE-2022-24687

HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.10.7, and 1.11.2 clusters with at least one Ingress Gateway allow a user with service:write to register a specifically-defined service that can cause Consul servers to panic. Fixed in 1.9.15, 1.10.8, and 1.11.3...

6.5CVSS6.8AI score0.01387EPSS
Exploits0References2
ubuntucve
ubuntucve
•added 2022/02/20 6:15 p.m.•46 views

CVE-2021-45083

An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobble...

7.1CVSS7.1AI score0.00311EPSS
Exploits0References4
ubuntucve
ubuntucve
•added 2022/02/11 5:15 p.m.•46 views

CVE-2021-45386

tcpreplay 4.3.4 has a Reachable Assertion in addtreeipv6 at tree.c...

5.5CVSS6.4AI score0.00712EPSS
Exploits1References3
ubuntucve
ubuntucve
•added 2022/02/04 11:15 p.m.•46 views

CVE-2021-4154

A use-after-free flaw was found in cgroup1parseparam in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service ...

8.8CVSS6.7AI score0.01206EPSS
Exploits2References2
ubuntucve
ubuntucve
•added 2022/02/01 2:15 a.m.•46 views

CVE-2021-46668

MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures...

5.5CVSS6.8AI score0.004EPSS
Exploits1References3
ubuntucve
ubuntucve
•added 2022/01/28 10:15 p.m.•46 views

CVE-2021-4160

There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis...

5.9CVSS6.7AI score0.03803EPSS
Exploits0References7
ubuntucve
ubuntucve
•added 2022/01/19 5:15 p.m.•46 views

CVE-2022-23221

H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNOREUNKNOWNSETTINGS=TRUE;FORBIDCREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392...

10CVSS7.4AI score0.64766EPSS
Exploits4References6
ubuntucve
ubuntucve
•added 2022/01/19 12:15 p.m.•46 views

CVE-2022-21341

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability...

5.3CVSS6.6AI score0.03765EPSS
Exploits0References4
ubuntucve
ubuntucve
•added 2022/01/19 12:15 p.m.•46 views

CVE-2022-21282

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

5.3CVSS6.5AI score0.02877EPSS
Exploits0References4
ubuntucve
ubuntucve
•added 2021/11/17 7:15 p.m.•46 views

CVE-2021-41164

CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result ...

8.2CVSS6.6AI score0.01257EPSS
Exploits0References5
ubuntucve
ubuntucve
•added 2021/11/02 10:15 p.m.•46 views

CVE-2021-37983

Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS7.2AI score0.00875EPSS
Exploits0References1
ubuntucve
ubuntucve
•added 2021/10/27 1:15 a.m.•46 views

CVE-2011-4124

Input validation issues were found in Calibre at devices/linuxmounthelper.c which can lead to argument injection and elevation of privileges...

10CVSS7.2AI score0.02235EPSS
Exploits1References1
ubuntucve
ubuntucve
•added 2021/10/20 11:16 a.m.•46 views

CVE-2021-35588

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Java SE: 7u311, 8u301; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker wi...

3.1CVSS6.8AI score0.03599EPSS
Exploits0References3
ubuntucve
ubuntucve
•added 2021/10/04 6:15 p.m.•46 views

CVE-2021-32672

Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support 3.2 or newer...

5.3CVSS6.7AI score0.01702EPSS
Exploits0References4
ubuntucve
ubuntucve
•added 2021/10/04 12:0 a.m.•46 views

CVE-2021-41103

containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory...

7.8CVSS6.6AI score0.00482EPSS
Exploits0References4
ubuntucve
ubuntucve
•added 2021/09/20 2:15 p.m.•46 views

CVE-2020-21913

International Components for Unicode ICU-20850 v66.1 was discovered to contain a use after free bug in the pkgcreateWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp...

5.5CVSS6.8AI score0.01219EPSS
Exploits1References4
ubuntucve
ubuntucve
•added 2021/09/03 1:15 a.m.•46 views

CVE-2021-40490

A race condition was discovered in ext4writeinlinedataend in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13...

7CVSS6.8AI score0.00303EPSS
Exploits0References11
ubuntucve
ubuntucve
•added 2021/08/23 9:15 p.m.•46 views

CVE-2020-18734

A stack buffer overflow in /ddsi/qbitset.h of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash...

7.5CVSS7.3AI score0.01862EPSS
Exploits1References4
ubuntucve
ubuntucve
•added 2021/08/10 5:15 p.m.•46 views

CVE-2020-23171

A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash characters included in the name of the crafted file...

5.5CVSS6.2AI score0.00656EPSS
Exploits1References2
ubuntucve
ubuntucve
•added 2021/08/08 8:15 p.m.•46 views

CVE-2021-38198

arch/x86/kvm/mmu/pagingtmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault...

5.5CVSS6.8AI score0.00469EPSS
Exploits1References8
ubuntucve
ubuntucve
•added 2021/08/05 9:15 p.m.•46 views

CVE-2021-3655

A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory...

3.3CVSS6.7AI score0.00308EPSS
Exploits0References9
ubuntucve
ubuntucve
•added 2021/07/09 11:15 a.m.•46 views

CVE-2021-3612

An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from th...

7.8CVSS6.7AI score0.00687EPSS
Exploits0References14
ubuntucve
ubuntucve
•added 2021/06/21 5:15 p.m.•46 views

CVE-2021-0512

In hidinputchangeresolutionmultipliers of hid-input.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

7.8CVSS7.2AI score0.00282EPSS
Exploits0References2
Total number of security vulnerabilities5000