Lucene search
+L
UbuntucveMost viewed

71772 matches found

UbuntuCve
UbuntuCve
•added 2017/08/31 12:0 a.m.•46 views

CVE-2017-0899

RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences...

9.8CVSS6.9AI score0.1081EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2017/08/29 6:29 a.m.•46 views

CVE-2017-13733

There is an illegal address access in the fmtentry function in progs/dumpentry.c in ncurses 6.0 that might lead to a remote denial of service attack...

6.5CVSS6.9AI score0.02734EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2017/07/20 12:0 a.m.•46 views

CVE-2017-10089

Vulnerability in the Java SE component of Oracle Java SE subcomponent: ImageIO. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

9.6CVSS6.9AI score0.02415EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2017/07/20 12:0 a.m.•46 views

CVE-2017-10118

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JCE. Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network acces...

7.5CVSS6.8AI score0.02972EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2017/07/18 7:29 p.m.•46 views

CVE-2017-11421

gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection when generating thumbnails for MSI files, aka the "Bad Taste" issue. There is a local attack if the victim uses the GNOME Files file manager, and navigates to a directory containing a .msi file with VBScript code in its filename...

7.8CVSS7.3AI score0.00628EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2017/06/19 3:0 p.m.•46 views

CVE-2017-1000371

The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMITSTACK is set to RLIMINFINITY and 1 Gigabyte of memory is allocated the maximum under the 1/4 restriction then the stack will be grown down to 0x80000000, and as the PIE binary is mapped above 0x80000000 the minimu...

7.8CVSS6.7AI score0.02428EPSS
Exploits6References2
UbuntuCve
UbuntuCve
•added 2017/06/14 12:0 a.m.•46 views

CVE-2017-7777

Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::readglyph function...

8.8CVSS6.9AI score0.01199EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2017/05/03 12:0 a.m.•46 views

CVE-2017-8379

Memory leak in the keyboard input event handlers support in QEMU aka Quick Emulator allows local guest OS privileged users to cause a denial of service host memory consumption by rapidly generating large keyboard events...

6.5CVSS6.8AI score0.00413EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2017/04/07 10:59 p.m.•46 views

CVE-2017-0550

A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1...

7.1CVSS6.5AI score0.00712EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2017/04/07 10:59 p.m.•46 views

CVE-2017-0552

A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1...

7.1CVSS6.5AI score0.00712EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2017/03/31 4:59 p.m.•46 views

CVE-2014-5009

Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008...

9.8CVSS7.5AI score0.04707EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2017/03/08 1:59 a.m.•46 views

CVE-2017-0528

An elevation of privilege vulnerability in the kernel security subsystem could enable a local malicious application to to execute code in the context of a privileged process. This issue is rated as High because it is a general bypass for a kernel level defense in depth or exploit mitigation...

9.3CVSS7.2AI score0.01823EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2017/01/18 12:0 a.m.•46 views

CVE-2016-10147

crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service NULL pointer dereference and system crash by using an AFALG socket with an incompatible algorithm, as demonstrated by mcryptdmd5...

5.5CVSS6.8AI score0.00434EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2017/01/04 12:0 a.m.•46 views

CVE-2016-9137

Use-after-free vulnerability in the CURLFile implementation in ext/curl/curlfile.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during wakeup processing...

9.8CVSS7.1AI score0.05363EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2016/12/31 12:0 a.m.•46 views

CVE-2016-5552

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with...

5.3CVSS6.8AI score0.02729EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2016/12/13 10:59 p.m.•47 views

CVE-2016-2334

Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image...

9.3CVSS7.4AI score0.14742EPSS
Exploits3References3
UbuntuCve
UbuntuCve
•added 2016/10/05 12:0 a.m.•46 views

CVE-2016-7966

Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign = or a space into the injected HTML, which greatly reduces the available HTML functionality...

7.5CVSS7.2AI score0.02345EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2016/07/25 12:0 a.m.•46 views

CVE-2016-6295

ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service use-after-free and application crash or possibly have unspecified other impac...

9.8CVSS7.2AI score0.05417EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2016/07/25 12:0 a.m.•46 views

CVE-2016-6296

Integer signedness error in the simplestringaddn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other...

9.8CVSS7.3AI score0.06271EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2016/07/18 2:0 p.m.•46 views

CVE-2016-5388

Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...

8.1CVSS6.9AI score0.50896EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2016/05/31 12:0 a.m.•46 views

CVE-2016-4450

os/unix/ngxfiles.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service NULL pointer dereference and worker process crash via a crafted request, involving writing a client request body to a temporary file...

7.5CVSS7.1AI score0.16376EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2016/05/23 12:0 a.m.•46 views

CVE-2016-4486

The rtnlfilllinkifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message...

3.3CVSS6.8AI score0.0171EPSS
Exploits4References15
UbuntuCve
UbuntuCve
•added 2016/05/09 10:59 a.m.•46 views

CVE-2016-2459

mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, related to IGraphicBufferConsumer.cpp and...

5.5CVSS6.4AI score0.00414EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2016/05/02 12:0 a.m.•46 views

CVE-2016-2117

The atl2probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data...

7.5CVSS7.1AI score0.06386EPSS
Exploits0References12
UbuntuCve
UbuntuCve
•added 2016/03/31 12:0 a.m.•46 views

CVE-2016-3075

Stack-based buffer overflow in the nssdns implementation of the getnetbyname function in GNU C Library aka glibc before 2.24 allows context-dependent attackers to cause a denial of service stack consumption and application crash via a long name...

7.5CVSS7.3AI score0.07629EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2016/02/15 12:0 a.m.•46 views

CVE-2016-2384

Double free vulnerability in the sndusbmidicreate function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service panic or possibly have unspecified other impact via vectors involving an invalid USB descriptor...

4.9CVSS6.8AI score0.03723EPSS
Exploits10References12
UbuntuCve
UbuntuCve
•added 2015/12/28 12:0 a.m.•46 views

CVE-2015-7990

Race condition in the rdssendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact by using a socket that was not properly bound. NOTE: this vulnerabili...

5.9CVSS6.5AI score0.00348EPSS
Exploits0References13
UbuntuCve
UbuntuCve
•added 2015/10/21 12:0 a.m.•46 views

CVE-2015-4844

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D...

10CVSS6.8AI score0.07514EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2015/09/03 10:59 p.m.•46 views

CVE-2015-1296

The UnescapeURLWithAdjustmentsImpl implementation in net/base/escape.cc in Google Chrome before 45.0.2454.85 does not prevent display of Unicode LOCK characters in the omnibox, which makes it easier for remote attackers to spoof the SSL lock icon by placing one of these characters at the end of a...

5CVSS7.3AI score0.01472EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2015/08/31 12:0 a.m.•46 views

CVE-2015-6526

The perfcallchainuser64 function in arch/powerpc/perf/callchain.c in the Linux kernel before 4.0.2 on ppc64 platforms allows local users to cause a denial of service infinite loop via a deep 64-bit userspace backtrace...

4.9CVSS6.8AI score0.00393EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2015/07/16 12:0 a.m.•46 views

CVE-2015-4733

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI...

10CVSS6.3AI score0.05766EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2015/07/16 12:0 a.m.•46 views

CVE-2015-4760

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D...

10CVSS6.3AI score0.07031EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2015/06/02 12:0 a.m.•46 views

CVE-2015-1791

Race condition in the ssl3getnewsessionticket function in ssl/s3clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service double free and application crash or...

6.8CVSS7.1AI score0.15968EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2015/03/30 12:0 a.m.•46 views

CVE-2014-9653

readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service uninitialized memor...

7.5CVSS7.2AI score0.04648EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2015/02/02 4:59 p.m.•46 views

CVE-2014-8612

Multiple array index errors in the Stream Control Transmission Protocol SCTP module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allow local users to 1 gain privileges via the stream id to the setsockopt function, when setting the SCTIPSSVALUE option, or 2 read...

4.6CVSS6AI score0.00896EPSS
Exploits5References2
UbuntuCve
UbuntuCve
•added 2014/11/18 12:0 a.m.•46 views

CVE-2014-1421

mountall 1.54, as used in Ubuntu 14.10, does not properly handle the umask when using the mount utility, which allows local users to bypass intended access restrictions via unspecified vectors...

7.2CVSS5.9AI score0.00507EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2014/10/15 2:55 p.m.•46 views

CVE-2014-3681

Cross-site scripting XSS vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS7.3AI score0.02132EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2014/08/01 11:13 a.m.•46 views

CVE-2014-3534

arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACEPOKEUSRAREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a...

7.2CVSS6.8AI score0.00469EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2014/07/22 12:0 a.m.•46 views

CVE-2014-1544

Use-after-free vulnerability in the CERTDestroyCertificate function in libnss3.so in Mozilla Network Security Services NSS 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger...

10CVSS7.3AI score0.06109EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2014/07/03 12:0 a.m.•46 views

CVE-2014-4656

Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to 1 index values in the sndctladd function and 2 numid values in the...

4.6CVSS6.8AI score0.005EPSS
Exploits0References14
UbuntuCve
UbuntuCve
•added 2014/06/23 12:0 a.m.•46 views

CVE-2014-4508

arch/x86/kernel/entry32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service OOPS and system crash via an invalid syscall number, as demonstrated by number 1000...

4.7CVSS6.8AI score0.00413EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2014/05/19 2:55 p.m.•46 views

CVE-2014-3717

Xen 4.4.x does not properly validate the load address for 64-bit ARM guest kernels, which allows local users to read system memory or cause a denial of service crash via a crafted kernel, which triggers a buffer overflow...

3.3CVSS6.2AI score0.00411EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2014/05/11 12:0 a.m.•46 views

CVE-2014-3144

The 1 BPFSANCNLATTR and 2 BPFSANCNLATTRNEST extension implementations in the skrunfilter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service integer underflow and...

4.9CVSS6.7AI score0.00602EPSS
Exploits1References15
UbuntuCve
UbuntuCve
•added 2014/05/08 10:55 a.m.•47 views

CVE-2014-0116

CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists...

5.8CVSS6.9AI score0.06516EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2014/04/26 12:0 a.m.•46 views

CVE-2014-0181

The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the 1 stdou...

2.1CVSS6.8AI score0.00538EPSS
Exploits1References7
UbuntuCve
UbuntuCve
•added 2014/04/24 2:55 p.m.•46 views

CVE-2014-2915

Xen 4.4.x, when running on ARM systems, does not properly restrict access to hardware features, which allows local guest users to cause a denial of service host or guest crash via unspecified vectors, related to 1 cache control, 2 coprocessors, 3 debug registers, and 4 other unspecified registers...

5.5CVSS5.9AI score0.00616EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2014/04/15 12:0 a.m.•46 views

CVE-2014-2421

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D...

10CVSS7.1AI score0.06638EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2014/04/14 12:0 a.m.•46 views

CVE-2010-5298

Race condition in the ssl3readbytes function in s3pkt.c in OpenSSL through 1.0.1g, when SSLMODERELEASEBUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service use-after-free and parsing error via an SSL connection in a multithreaded environment...

4CVSS7AI score0.34132EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2014/01/18 12:0 a.m.•46 views

CVE-2014-1446

The yamioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAPNETADMIN capability for an SIOCYAMGCFG ioctl call...

1.9CVSS6.8AI score0.00649EPSS
Exploits1References13
UbuntuCve
UbuntuCve
•added 2013/09/16 1:2 p.m.•46 views

CVE-2013-4313

Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not prevent use of '\0' characters in query strings, which might allow remote attackers to conduct SQL injection attacks against Microsoft SQL Server via a crafted string...

7.5CVSS6AI score0.01206EPSS
Exploits0References3
Total number of security vulnerabilities5000