Lucene search
+L
UbuntucveMost viewed

71772 matches found

UbuntuCve
UbuntuCve
•added 2022/05/02 11:15 p.m.•45 views

CVE-2021-42532

XMP Toolkit SDK version 2021.07 and earlier is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file...

9.3CVSS7.2AI score0.036EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2022/04/22 2:15 p.m.•45 views

CVE-2022-27404

FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfntinitface...

9.8CVSS7.1AI score0.02789EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2022/04/19 9:15 p.m.•45 views

CVE-2022-21465

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.34. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

6.7CVSS6.8AI score0.00358EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/04/18 5:15 p.m.•45 views

CVE-2021-42782

Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library...

5.3CVSS6.9AI score0.02675EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2022/04/06 2:15 p.m.•45 views

CVE-2022-24793

PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.12 and prior affects applications that use PJSIP DNS resolution. It doesn't affect PJSIP users who utilize an external resolver. This vulnerability is related to...

7.5CVSS7.3AI score0.02108EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2022/04/05 1:15 a.m.•45 views

CVE-2022-0463

Use after free in Accessibility in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction...

8.8CVSS7AI score0.00685EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2022/03/30 12:15 p.m.•45 views

CVE-2022-1154

Use after free in utfptr2char in GitHub repository vim/vim prior to 8.2.4646...

7.8CVSS7.1AI score0.01462EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2022/03/21 8:36 a.m.•45 views

CVE-2022-23123

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue results from the lack of proper validation of...

9.8CVSS6.4AI score0.03848EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2022/03/16 3:15 p.m.•45 views

CVE-2021-39714

In ionbufferkmapget of ion.c, there is a possible use-after-free due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

7.8CVSS7.1AI score0.0022EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2022/03/16 3:15 p.m.•45 views

CVE-2022-26354

A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions = 6.2.0...

3.2CVSS6.7AI score0.00391EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/03/14 11:15 a.m.•45 views

CVE-2022-22721

If LimitXMLRequestBody is set to allow request bodies larger than 350MB defaults to 1M on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier...

9.1CVSS7.3AI score0.41861EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2022/03/10 5:43 p.m.•45 views

CVE-2021-40049

There is a permission control vulnerability in the PMS module. Successful exploitation of this vulnerability can lead to sensitive system information being obtained without authorization...

7.5CVSS7.1AI score0.00759EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2022/03/08 6:0 p.m.•45 views

CVE-2022-0002

Non-transparent sharing of branch predictor within a context in some IntelR Processors may allow an authorized user to potentially enable information disclosure via local access...

6.5CVSS6.7AI score0.00447EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2022/03/04 6:15 p.m.•45 views

CVE-2021-20302

A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability...

7.1CVSS6.8AI score0.00896EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/03/02 12:15 p.m.•45 views

CVE-2022-0829

Improper Authorization in GitHub repository webmin/webmin prior to 1.990...

8.1CVSS6.8AI score0.01275EPSS
Exploits4References3
UbuntuCve
UbuntuCve
•added 2022/02/23 2:15 p.m.•45 views

CVE-2022-0729

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440...

8.8CVSS7.1AI score0.01622EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2022/02/17 1:15 p.m.•45 views

CVE-2022-23318

A heap-buffer-overflow in pcf2bdf, versions = 1.05 allows an attacker to trigger unsafe memory access via a specially crafted PCF font file. This out-of-bound read may lead to an application crash, information disclosure via program memory or other context-dependent impact...

7.1CVSS7AI score0.0079EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2022/02/11 12:0 a.m.•45 views

CVE-2022-22590

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may lead to arbitrary code execution...

8.8CVSS7.2AI score0.01451EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/02/09 11:15 p.m.•45 views

CVE-2022-0529

A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution...

5.5CVSS6.4AI score0.02421EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2022/01/28 10:15 p.m.•45 views

CVE-2022-0392

Heap-based Buffer Overflow in GitHub repository vim prior to 8.2...

7.8CVSS6.9AI score0.01514EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2022/01/26 12:15 p.m.•45 views

CVE-2022-0359

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2...

7.8CVSS6.9AI score0.01339EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2022/01/20 10:15 p.m.•45 views

CVE-2021-46344

There is an Assertion 'flags & PARSERPATTERNHASRESTELEMENT' failed at /jerry-core/parser/js/js-parser-expr.c in JerryScript 3.0.0...

5.5CVSS6.1AI score0.00621EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2022/01/19 12:15 p.m.•45 views

CVE-2022-21295

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.32. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

3.8CVSS6.6AI score0.00369EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/01/14 8:15 p.m.•45 views

CVE-2021-39633

In grehandleoffloads of ipgre.c, there is a possible page fault due to an invalid memory access. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

5.5CVSS6.3AI score0.0018EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/01/10 2:12 p.m.•45 views

CVE-2022-22822

addBinding in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow...

9.8CVSS7AI score0.04829EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2022/01/06 2:15 p.m.•45 views

CVE-2021-44591

In libming 0.4.8, the parseSWFDEFINELOSSLESS2 function in util/parser.c lacks a boundary check that would lead to denial-of-service attacks via a crafted SWF file...

6.5CVSS6.6AI score0.01019EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2021/12/31 12:0 a.m.•45 views

CVE-2021-4140

It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

10CVSS7.2AI score0.0134EPSS
Exploits1References7
UbuntuCve
UbuntuCve
•added 2021/12/25 7:15 p.m.•45 views

CVE-2021-4166

vim is vulnerable to Out-of-bounds Read...

7.1CVSS7.1AI score0.01586EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2021/12/13 12:0 a.m.•45 views

CVE-2021-4090

An out-of-bounds OOB memory write flaw was found in the NFSD in the Linux kernel. Missing sanity may lead to a write beyond bmvalbmlen-1 in nfsd4decodebitmap4 in fs/nfsd/nfs4xdr.c. In this flaw, a local attacker with user privilege may gain access to out-of-bounds memory, leading to a system...

7.1CVSS6.8AI score0.00339EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2021/12/08 12:0 a.m.•45 views

CVE-2021-43536

Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...

6.5CVSS6.9AI score0.0167EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2021/12/08 12:0 a.m.•45 views

CVE-2021-43539

Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Thunderbird 91.4.0, Firefox...

8.8CVSS7.2AI score0.0162EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2021/11/11 12:0 a.m.•45 views

CVE-2021-23222

A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption...

5.9CVSS6.8AI score0.01501EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2021/10/27 1:15 a.m.•45 views

CVE-2011-4125

A untrusted search path issue was found in Calibre at devices/linuxmounthelper.c leading to the ability of unprivileged users to execute any program as root...

10CVSS7.2AI score0.02235EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2021/10/05 9:15 a.m.•45 views

CVE-2021-41524

While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project...

7.5CVSS7.3AI score0.24982EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2021/09/30 2:15 p.m.•45 views

CVE-2021-41720

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

5.9AI score
Exploits0References2
UbuntuCve
UbuntuCve
•added 2021/09/16 3:15 p.m.•45 views

CVE-2021-39239

A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities XXE, including exposing the contents of local files to a remote server...

7.5CVSS7.2AI score0.04306EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2021/09/15 12:0 a.m.•45 views

CVE-2021-3744

A memory leak flaw was found in the Linux kernel in the ccprunaesgcmcmd function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service memory consumption. This vulnerability is similar with the older CVE-2019-18808...

5.5CVSS6.7AI score0.00533EPSS
Exploits1References8
UbuntuCve
UbuntuCve
•added 2021/09/12 1:15 p.m.•45 views

CVE-2021-23440

This affects the package set-value before =3.0.0 4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays...

9.8CVSS7.1AI score0.02457EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2021/09/08 3:15 p.m.•45 views

CVE-2021-30661

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1, iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report...

8.8CVSS7.2AI score0.04528EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2021/09/08 3:15 p.m.•45 views

CVE-2021-30682

A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to leak sensitive user information...

5.5CVSS6.8AI score0.01593EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2021/09/07 3:15 p.m.•45 views

CVE-2021-35266

In NTFS-3G versions 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur resulting in memory disclosure, denial of service and even code execution...

7.8CVSS7.1AI score0.00488EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2021/08/26 1:15 a.m.•45 views

CVE-2021-40145

gdImageGd2Ptr in gdgd2.c in the GD Graphics Library aka LibGD through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes...

7.5CVSS6.7AI score0.02051EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2021/08/16 12:0 p.m.•45 views

CVE-2021-3653

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the "intctl" field, this issue could allow a malicious ...

8.8CVSS6.7AI score0.00413EPSS
Exploits1References11
UbuntuCve
UbuntuCve
•added 2021/08/16 12:0 a.m.•45 views

CVE-2021-3621

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest...

9.3CVSS6.7AI score0.02524EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2021/08/10 3:15 p.m.•45 views

CVE-2021-38371

The STARTTLS feature in Exim through 4.94.2 allows response injection buffering during MTA SMTP sending...

7.5CVSS7.1AI score0.01996EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2021/07/20 7:15 a.m.•45 views

CVE-2020-36430

libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decodechars called from decodefont and processtext because the wrong integer data type is used for subtraction...

7.8CVSS7.3AI score0.01075EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2021/07/12 3:15 p.m.•45 views

CVE-2021-30639

A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests. This meant that once ...

7.5CVSS6.9AI score0.06889EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2021/07/01 3:15 a.m.•45 views

CVE-2021-36085

The CIL compiler in SELinux 3.2 has a use-after-free in cilverifyclassperms called from verifymappermclassperms and hashtabmap...

3.3CVSS6.8AI score0.00453EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2021/06/23 10:15 p.m.•45 views

CVE-2021-21809

A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities...

9.1CVSS7.4AI score0.24173EPSS
Exploits7References2
UbuntuCve
UbuntuCve
•added 2021/06/10 11:15 p.m.•45 views

CVE-2021-26198

An issue was discovered in JerryScript 2.4.0. There is a SEVG in ecmaderefbigint in ecma-helpers.c file...

6.5CVSS6.6AI score0.00856EPSS
Exploits1References2
Total number of security vulnerabilities5000