Lucene search
+L
UbuntucveMost viewed

68528 matches found

UbuntuCve
UbuntuCve
•added 2020/11/05 9:15 p.m.•46 views

CVE-2020-25661

A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled L2CAP packets with A2MP CID. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or potentially executing arbitrary code on...

8.8CVSS7.2AI score0.07693EPSS
Exploits5References2
UbuntuCve
UbuntuCve
•added 2020/10/20 12:0 a.m.•46 views

CVE-2020-15999

Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

9.6CVSS7.3AI score0.5063EPSS
Exploits2References7
UbuntuCve
UbuntuCve
•added 2020/10/16 9:15 p.m.•46 views

CVE-2020-27194

An issue was discovered in the Linux kernel before 5.8.15. scalar32minmaxor in kernel/bpf/verifier.c mishandles bounds tracking during use of 64-bit values, aka CID-5b9fbeb75b6a...

5.5CVSS6.8AI score0.02018EPSS
Exploits5References6
UbuntuCve
UbuntuCve
•added 2020/09/17 7:15 p.m.•46 views

CVE-2020-0427

In createpinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-1405501...

5.5CVSS7AI score0.00492EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2020/09/15 7:15 p.m.•46 views

CVE-2020-14331

A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VTRESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the...

7.2CVSS6.7AI score0.00563EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2020/06/10 5:15 p.m.•46 views

CVE-2020-10755

An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions before openstack-cinder 16.1.0. When using openstack-cinder with the Dell EMC ScaleI...

6.5CVSS6.7AI score0.01203EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2020/06/10 12:0 a.m.•46 views

CVE-2020-10768

A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threa...

5.5CVSS6.5AI score0.00397EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2020/05/28 12:15 p.m.•46 views

CVE-2020-13645

In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate...

6.5CVSS6.8AI score0.01933EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2020/05/27 12:15 a.m.•46 views

CVE-2020-13623

JerryScript 2.2.0 allows attackers to cause a denial of service stack consumption via a proxy operation...

7.5CVSS7.1AI score0.01151EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2020/05/14 6:15 p.m.•46 views

CVE-2020-5408

Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has...

6.5CVSS6.7AI score0.01594EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2020/05/08 1:15 a.m.•46 views

CVE-2012-0953

A race condition was discovered in the Linux drivers for Nvidia graphics which allowed an attacker to exfiltrate kernel memory to userspace. This issue was fixed in version 295.53...

5CVSS6AI score0.00246EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2020/05/06 12:0 a.m.•46 views

CVE-2020-12387

A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR 68.8, Firefox 76, and Thunderbird 68.8.0...

8.1CVSS7.2AI score0.01403EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2020/05/05 6:15 a.m.•46 views

CVE-2020-12653

An issue was found in Linux kernel before 5.5.4. The mwifiexcmdappendvsietlv function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea...

7.8CVSS6.7AI score0.00435EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2020/04/15 2:15 p.m.•46 views

CVE-2020-2812

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Stored Procedure. Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

4.9CVSS6.6AI score0.02981EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2020/04/01 6:15 p.m.•46 views

CVE-2020-9770

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4. An attacker in a privileged network position may be able to intercept Bluetooth traffic...

6.5CVSS6.9AI score0.01188EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2020/03/02 4:15 a.m.•46 views

CVE-2020-9546

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig aka shaded hikari-config...

9.8CVSS7.1AI score0.04613EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2020/02/12 5:15 p.m.•46 views

CVE-2012-0951

A Memory Corruption Vulnerability exists in NVIDIA Graphics Drivers 29549 due to an unknown function in the file proc/driver/nvidia/registry...

7.8CVSS7AI score0.00376EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2020/01/27 5:15 a.m.•46 views

CVE-2019-20429

In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic via a modified lmbufcount field due to the lack of validation for specific fields of packets sent by a client. This is caused by interaction between sptlrpcsvcunwraprequest and lustremsghdrsizev2...

7.8CVSS7AI score0.01896EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2020/01/23 5:15 p.m.•46 views

CVE-2019-14888

A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service DOS to make the service unavailable on SSL...

7.5CVSS7.1AI score0.02137EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2019/12/12 8:15 p.m.•46 views

CVE-2019-19770

In the Linux kernel 4.19.83, there is a use-after-free read in the debugfsremove function in fs/debugfs/inode.c which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfscreatefile. NOTE: Linux kernel developers dispu...

8.2CVSS6.7AI score0.02447EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2019/11/27 4:15 p.m.•46 views

CVE-2019-10220

Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists...

9.3CVSS7.1AI score0.05123EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2019/11/26 12:15 a.m.•46 views

CVE-2011-3374

It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack...

4.3CVSS6.6AI score0.01191EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2019/11/15 4:15 p.m.•46 views

CVE-2009-5047

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-4611. Reason: This candidate is a duplicate of CVE-2009-4611. Notes: All CVE users should reference CVE-2009-4611 rather than this candidate. All references and descriptions in this candidate have been removed to prevent...

7AI score
Exploits0References1
UbuntuCve
UbuntuCve
•added 2019/10/07 12:15 a.m.•46 views

CVE-2019-17267

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup...

9.8CVSS6.9AI score0.04628EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2019/10/03 8:15 p.m.•46 views

CVE-2019-16328

In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings...

7.5CVSS7.2AI score0.13049EPSS
Exploits2References1
UbuntuCve
UbuntuCve
•added 2019/10/01 2:15 p.m.•46 views

CVE-2019-17056

llcpsockcreate in net/nfc/llcpsock.c in the AFNFC network module in the Linux kernel through 5.3.2 does not enforce CAPNETRAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176...

3.3CVSS6.8AI score0.00567EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2019/09/28 2:15 a.m.•46 views

CVE-2019-16935

The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the servertitle field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If setservertitle is called with untrusted input, arbitrary...

6.1CVSS6.8AI score0.04698EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2019/09/24 8:15 p.m.•46 views

CVE-2019-16411

An issue was discovered in Suricata 4.1.4. By sending multiple IPv4 packets that have invalid IPv4Options, the function IPV4OptValidateTimestamp in decode-ipv4.c tries to access a memory region that is not allocated. There is a check for o-len data + 3" places one beyond the 3 bytes, because the...

9.8CVSS7.2AI score0.02027EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2019/09/17 12:0 a.m.•46 views

CVE-2019-14835

A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when...

7.8CVSS7.2AI score0.00627EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2019/08/16 2:15 p.m.•46 views

CVE-2019-15117

parseaudiomixerunit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access...

7.8CVSS7.1AI score0.00613EPSS
Exploits0References8
UbuntuCve
UbuntuCve
•added 2019/08/16 2:15 a.m.•46 views

CVE-2019-15098

drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor...

4.9CVSS6.7AI score0.00721EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2019/07/25 2:15 p.m.•46 views

CVE-2019-1010161

perl-CRYPT-JWT 0.022 and earlier is affected by: Incorrect Access Control. The impact is: bypass authentication. The component is: JWT.pm for JWT security token, line 614 in decodejws. The attack vector is: network connectivitycrafting user-controlled input to bypass authentication. The fixed...

9.8CVSS7.2AI score0.01103EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2019/07/03 2:15 p.m.•46 views

CVE-2019-13164

qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name obtained from bridge.conf or a --br=bridge option is limited to the IFNAMSIZ size, which can lead to an ACL bypass...

7.8CVSS6.8AI score0.00524EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2019/05/09 2:29 p.m.•46 views

CVE-2019-11323

HAProxy before 1.9.7 mishandles a reload with rotated keys, which triggers use of uninitialized, and very predictable, HMAC keys. This is related to an include/types/sslsock.h error...

5.9CVSS6.6AI score0.0125EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2019/04/23 12:0 a.m.•46 views

CVE-2019-2684

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: RMI. Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

5.9CVSS6.8AI score0.37618EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2019/03/27 2:29 p.m.•46 views

CVE-2019-5418

There is a File Content Disclosure vulnerability in Action View 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed...

7.5CVSS7.1AI score0.98507EPSS
Exploits18References4
UbuntuCve
UbuntuCve
•added 2019/03/20 12:0 a.m.•46 views

CVE-2019-9791

The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time JIT compiler and when the constructor function is entered through on-stack replacement OSR. This allows for possible arbitrary...

9.8CVSS7.2AI score0.19762EPSS
Exploits6References7
UbuntuCve
UbuntuCve
•added 2018/12/12 12:0 a.m.•46 views

CVE-2018-20103

An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaustion...

7.5CVSS6.7AI score0.06593EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2018/11/26 12:0 a.m.•46 views

CVE-2018-16862

A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation removal. The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one...

5.5CVSS6.7AI score0.0053EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2018/11/20 9:29 p.m.•46 views

CVE-2018-19395

ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service NULL pointer dereference and application crash because com and comsafearrayproxy return NULL in compropertiesget in ext/comdotnet/comhandlers.c, as demonstrated by a serialize call on...

7.5CVSS7.1AI score0.04327EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2018/10/16 12:0 a.m.•46 views

CVE-2018-3149

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JNDI. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with...

8.3CVSS6.8AI score0.07215EPSS
Exploits2References4
UbuntuCve
UbuntuCve
•added 2018/08/19 12:0 a.m.•46 views

CVE-2018-15572

The spectrev2selectmitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks...

6.5CVSS6.7AI score0.00511EPSS
Exploits0References12
UbuntuCve
UbuntuCve
•added 2018/07/18 2:29 p.m.•46 views

CVE-2018-8011

By specially crafting HTTP requests, the modmd challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 Affected 2.4.33...

7.5CVSS6.8AI score0.51714EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2018/07/03 10:29 a.m.•46 views

CVE-2018-13095

An issue was discovered in fs/xfs/libxfs/xfsinodebuf.c in the Linux kernel through 4.17.3. A denial of service memory corruption and BUG can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork...

5.5CVSS6.8AI score0.01534EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2018/06/26 12:0 a.m.•46 views

CVE-2018-1000517

BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been...

9.8CVSS7AI score0.32919EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2018/05/10 12:0 a.m.•46 views

CVE-2018-1130

Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccpwritexmit function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls...

5.5CVSS6.8AI score0.00495EPSS
Exploits0References12
UbuntuCve
UbuntuCve
•added 2018/05/08 12:0 a.m.•46 views

CVE-2018-10805

ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c...

6.5CVSS6.8AI score0.01844EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2018/04/24 7:29 p.m.•46 views

CVE-2017-12103

An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts text rendered as a font into a curve. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context ...

8.8CVSS7.7AI score0.01861EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2018/04/17 6:29 p.m.•46 views

CVE-2018-5429

A vulnerability in the report scripting component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports...

8.8CVSS7.3AI score0.01554EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2018/04/16 12:0 a.m.•46 views

CVE-2018-0737

The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev Affected 1.1.0-1.1.0h...

5.9CVSS6.3AI score0.12046EPSS
Exploits0References6
Total number of security vulnerabilities5000