Lucene search
+L
UbuntucveMost viewed

71772 matches found

UbuntuCve
UbuntuCve
•added 2020/05/27 12:15 a.m.•46 views

CVE-2020-13623

JerryScript 2.2.0 allows attackers to cause a denial of service stack consumption via a proxy operation...

7.5CVSS7.1AI score0.01151EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2020/05/14 6:15 p.m.•46 views

CVE-2020-5408

Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has...

6.5CVSS6.7AI score0.01594EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2020/05/08 1:15 a.m.•46 views

CVE-2012-0953

A race condition was discovered in the Linux drivers for Nvidia graphics which allowed an attacker to exfiltrate kernel memory to userspace. This issue was fixed in version 295.53...

5CVSS6AI score0.00246EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2020/04/30 11:15 p.m.•46 views

CVE-2020-11027

In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. Access would be needed to the email account of the user by a malicious party for successful execution. This has been patched in version 5.4.1, along with all the previously...

8.1CVSS7AI score0.13625EPSS
Exploits3References3
UbuntuCve
UbuntuCve
•added 2020/04/01 6:15 p.m.•46 views

CVE-2020-9770

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4. An attacker in a privileged network position may be able to intercept Bluetooth traffic...

6.5CVSS6.9AI score0.01188EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2020/03/02 4:15 a.m.•46 views

CVE-2020-9546

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig aka shaded hikari-config...

9.8CVSS7.1AI score0.04613EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2020/02/12 5:15 p.m.•46 views

CVE-2012-0951

A Memory Corruption Vulnerability exists in NVIDIA Graphics Drivers 29549 due to an unknown function in the file proc/driver/nvidia/registry...

7.8CVSS7AI score0.00376EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2020/01/27 5:15 a.m.•46 views

CVE-2019-20429

In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic via a modified lmbufcount field due to the lack of validation for specific fields of packets sent by a client. This is caused by interaction between sptlrpcsvcunwraprequest and lustremsghdrsizev2...

7.8CVSS7AI score0.01896EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2020/01/23 5:15 p.m.•46 views

CVE-2019-14888

A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service DOS to make the service unavailable on SSL...

7.5CVSS7.1AI score0.02137EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2019/12/12 8:15 p.m.•46 views

CVE-2019-19770

In the Linux kernel 4.19.83, there is a use-after-free read in the debugfsremove function in fs/debugfs/inode.c which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfscreatefile. NOTE: Linux kernel developers dispu...

8.2CVSS6.7AI score0.02447EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2019/11/27 4:15 p.m.•46 views

CVE-2019-10220

Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists...

9.3CVSS7.1AI score0.05123EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2019/11/26 12:15 a.m.•46 views

CVE-2011-3374

It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack...

4.3CVSS6.6AI score0.01191EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2019/10/07 12:15 a.m.•46 views

CVE-2019-17267

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup...

9.8CVSS6.9AI score0.04628EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2019/10/01 2:15 p.m.•46 views

CVE-2019-17056

llcpsockcreate in net/nfc/llcpsock.c in the AFNFC network module in the Linux kernel through 5.3.2 does not enforce CAPNETRAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176...

3.3CVSS6.8AI score0.00567EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2019/09/28 2:15 a.m.•46 views

CVE-2019-16935

The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the servertitle field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If setservertitle is called with untrusted input, arbitrary...

6.1CVSS6.8AI score0.04698EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2019/09/24 8:15 p.m.•46 views

CVE-2019-16411

An issue was discovered in Suricata 4.1.4. By sending multiple IPv4 packets that have invalid IPv4Options, the function IPV4OptValidateTimestamp in decode-ipv4.c tries to access a memory region that is not allocated. There is a check for o-len data + 3" places one beyond the 3 bytes, because the...

9.8CVSS7.2AI score0.02027EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2019/09/17 12:0 a.m.•46 views

CVE-2019-14835

A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when...

7.8CVSS7.2AI score0.00627EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2019/08/16 2:15 p.m.•46 views

CVE-2019-15117

parseaudiomixerunit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access...

7.8CVSS7.1AI score0.00613EPSS
Exploits0References8
UbuntuCve
UbuntuCve
•added 2019/08/16 2:15 a.m.•46 views

CVE-2019-15098

drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor...

4.9CVSS6.7AI score0.00721EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2019/07/25 2:15 p.m.•46 views

CVE-2019-1010161

perl-CRYPT-JWT 0.022 and earlier is affected by: Incorrect Access Control. The impact is: bypass authentication. The component is: JWT.pm for JWT security token, line 614 in decodejws. The attack vector is: network connectivitycrafting user-controlled input to bypass authentication. The fixed...

9.8CVSS7.2AI score0.01103EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2019/07/03 2:15 p.m.•46 views

CVE-2019-13164

qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name obtained from bridge.conf or a --br=bridge option is limited to the IFNAMSIZ size, which can lead to an ACL bypass...

7.8CVSS6.8AI score0.00524EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2019/05/09 2:29 p.m.•46 views

CVE-2019-11323

HAProxy before 1.9.7 mishandles a reload with rotated keys, which triggers use of uninitialized, and very predictable, HMAC keys. This is related to an include/types/sslsock.h error...

5.9CVSS6.6AI score0.0125EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2019/03/27 2:29 p.m.•46 views

CVE-2019-5418

There is a File Content Disclosure vulnerability in Action View 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed...

7.5CVSS7.1AI score0.98507EPSS
Exploits18References4
UbuntuCve
UbuntuCve
•added 2019/03/20 12:0 a.m.•46 views

CVE-2019-9791

The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time JIT compiler and when the constructor function is entered through on-stack replacement OSR. This allows for possible arbitrary...

9.8CVSS7.2AI score0.19762EPSS
Exploits6References7
UbuntuCve
UbuntuCve
•added 2019/01/16 8:29 p.m.•46 views

CVE-2017-3141

The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this. Affects BIND 9.2.6-P2-9.2.9, 9.3.2-P1-9.3.6, 9.4.0-9.8.8, 9.9.0-9.9.10, 9.10.0-9.10.5, 9.11.0-9.11.1, 9.9.3-S1-9.9.10-S1,...

7.8CVSS7.1AI score0.01413EPSS
Exploits5References2
UbuntuCve
UbuntuCve
•added 2018/12/12 12:0 a.m.•46 views

CVE-2018-20103

An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaustion...

7.5CVSS6.7AI score0.06593EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2018/11/20 9:29 p.m.•46 views

CVE-2018-19395

ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service NULL pointer dereference and application crash because com and comsafearrayproxy return NULL in compropertiesget in ext/comdotnet/comhandlers.c, as demonstrated by a serialize call on...

7.5CVSS7.1AI score0.04327EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2018/08/25 7:29 p.m.•46 views

CVE-2018-15870

An invalid memory address dereference was discovered in decompileGETVARIABLE in libming 0.4.8 before 2018-03-12. The vulnerability causes a segmentation fault and application crash, which leads to denial of service...

6.5CVSS6.6AI score0.01163EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2018/08/19 12:0 a.m.•46 views

CVE-2018-15572

The spectrev2selectmitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks...

6.5CVSS6.7AI score0.00511EPSS
Exploits0References12
UbuntuCve
UbuntuCve
•added 2018/08/03 12:29 a.m.•46 views

CVE-2018-14876

An issue was discovered in imagesavepng in image/image-png.cpp in Free Lossless Image Format FLIF 0.3. Attackers can trigger a longjmp that leads to an uninitialized stack frame after a libpng error concerning the IHDR image width...

5.5CVSS6.1AI score0.00867EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2018/07/18 2:29 p.m.•46 views

CVE-2018-8011

By specially crafting HTTP requests, the modmd challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 Affected 2.4.33...

7.5CVSS6.8AI score0.51714EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2018/05/08 12:0 a.m.•46 views

CVE-2018-10805

ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c...

6.5CVSS6.8AI score0.01844EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2018/04/16 12:0 a.m.•46 views

CVE-2018-0737

The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev Affected 1.1.0-1.1.0h...

5.9CVSS6.3AI score0.12046EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2018/02/06 9:29 p.m.•46 views

CVE-2018-4878

A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the...

7.8CVSS7.4AI score0.89618EPSS
Exploits19References6
UbuntuCve
UbuntuCve
•added 2018/01/03 12:0 a.m.•46 views

CVE-2017-18017

The tcpmssmanglepacket function in net/netfilter/xtTCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service use-after-free and memory corruption or possibly have unspecified other impact by leveraging the presence of xtTCPMSS in an...

10CVSS6.8AI score0.52841EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2017/12/29 4:29 p.m.•46 views

CVE-2017-17917

SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted inpu...

8.1CVSS7.5AI score0.02283EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2017/12/16 2:29 a.m.•46 views

CVE-2017-10904

Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors...

9.8CVSS7.4AI score0.01958EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2017/12/07 12:0 a.m.•46 views

CVE-2017-15412

Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS7.2AI score0.02963EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2017/12/06 12:0 a.m.•46 views

CVE-2017-17448

net/netfilter/nfnetlinkcthelper.c in the Linux kernel through 4.14.4 does not require the CAPNETADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnlcthelperlist data structure is shared across all net namespaces...

7.8CVSS6.8AI score0.00372EPSS
Exploits0References11
UbuntuCve
UbuntuCve
•added 2017/12/04 8:29 a.m.•46 views

CVE-2017-17121

The Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service memory access violation or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the...

7.8CVSS7AI score0.01702EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2017/11/03 12:0 a.m.•46 views

CVE-2017-16538

drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service general protection fault and system crash or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timin...

7.2CVSS6.7AI score0.00397EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2017/10/19 12:0 a.m.•46 views

CVE-2017-10355

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker...

5.3CVSS6.7AI score0.16181EPSS
Exploits2References6
UbuntuCve
UbuntuCve
•added 2017/10/18 12:0 a.m.•46 views

CVE-2017-10379

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client programs. Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple...

6.5CVSS6.9AI score0.0228EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2017/10/11 1:32 a.m.•46 views

CVE-2017-15215

Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can for example take over the admin session or change global settings or add/delete links. It is also...

6.1CVSS6.5AI score0.01485EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2017/09/11 9:29 a.m.•46 views

CVE-2017-14251

Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code...

8.8CVSS7.5AI score0.02312EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2017/08/31 12:0 a.m.•46 views

CVE-2017-0899

RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences...

9.8CVSS6.9AI score0.1081EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2017/08/29 6:29 a.m.•46 views

CVE-2017-13733

There is an illegal address access in the fmtentry function in progs/dumpentry.c in ncurses 6.0 that might lead to a remote denial of service attack...

6.5CVSS6.9AI score0.02734EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2017/07/20 12:0 a.m.•46 views

CVE-2017-10089

Vulnerability in the Java SE component of Oracle Java SE subcomponent: ImageIO. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

9.6CVSS6.9AI score0.02415EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2017/07/20 12:0 a.m.•46 views

CVE-2017-10118

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JCE. Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network acces...

7.5CVSS6.8AI score0.02972EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2017/07/18 7:29 p.m.•46 views

CVE-2017-11421

gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection when generating thumbnails for MSI files, aka the "Bad Taste" issue. There is a local attack if the victim uses the GNOME Files file manager, and navigates to a directory containing a .msi file with VBScript code in its filename...

7.8CVSS7.3AI score0.00628EPSS
Exploits0References4
Total number of security vulnerabilities5000