Lucene search
+L
UbuntucveMost viewed

71772 matches found

UbuntuCve
UbuntuCve
•added 2021/10/27 1:15 a.m.•45 views

CVE-2011-4125

A untrusted search path issue was found in Calibre at devices/linuxmounthelper.c leading to the ability of unprivileged users to execute any program as root...

10CVSS7.2AI score0.02235EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2021/09/16 3:15 p.m.•45 views

CVE-2021-39239

A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities XXE, including exposing the contents of local files to a remote server...

7.5CVSS7.2AI score0.04306EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2021/09/12 1:15 p.m.•45 views

CVE-2021-23440

This affects the package set-value before =3.0.0 4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays...

9.8CVSS7.1AI score0.02457EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2021/09/08 3:15 p.m.•45 views

CVE-2021-30661

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1, iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report...

8.8CVSS7.2AI score0.04528EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2021/09/08 3:15 p.m.•45 views

CVE-2021-30682

A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to leak sensitive user information...

5.5CVSS6.8AI score0.01593EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2021/08/26 1:15 a.m.•45 views

CVE-2021-40145

gdImageGd2Ptr in gdgd2.c in the GD Graphics Library aka LibGD through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes...

7.5CVSS6.7AI score0.02051EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2021/08/16 12:0 p.m.•45 views

CVE-2021-3653

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the "intctl" field, this issue could allow a malicious ...

8.8CVSS6.7AI score0.00413EPSS
Exploits1References11
UbuntuCve
UbuntuCve
•added 2021/08/16 12:0 a.m.•45 views

CVE-2021-3621

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest...

9.3CVSS6.7AI score0.02524EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2021/08/10 3:15 p.m.•45 views

CVE-2021-38371

The STARTTLS feature in Exim through 4.94.2 allows response injection buffering during MTA SMTP sending...

7.5CVSS7.1AI score0.01996EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2021/07/20 7:15 a.m.•45 views

CVE-2020-36430

libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decodechars called from decodefont and processtext because the wrong integer data type is used for subtraction...

7.8CVSS7.3AI score0.01075EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2021/07/12 3:15 p.m.•45 views

CVE-2021-30639

A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests. This meant that once ...

7.5CVSS6.9AI score0.06889EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2021/07/01 3:15 a.m.•45 views

CVE-2021-36085

The CIL compiler in SELinux 3.2 has a use-after-free in cilverifyclassperms called from verifymappermclassperms and hashtabmap...

3.3CVSS6.8AI score0.00453EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2021/06/10 11:15 p.m.•45 views

CVE-2021-26198

An issue was discovered in JerryScript 2.4.0. There is a SEVG in ecmaderefbigint in ecma-helpers.c file...

6.5CVSS6.6AI score0.00856EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2021/06/09 2:15 a.m.•45 views

CVE-2021-28169

For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal...

5.3CVSS6.8AI score0.7848EPSS
Exploits2References2
UbuntuCve
UbuntuCve
•added 2021/06/08 11:15 a.m.•45 views

CVE-2021-33560

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpipowm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP...

7.5CVSS6.9AI score0.02342EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2021/06/02 4:15 p.m.•45 views

CVE-2009-0947

Multiple integer overflows in the 1 cdfreadpropertyinfo and 2 cdfreadsat functions in file before 5.02...

9.8CVSS7.2AI score0.0114EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2021/05/26 6:0 a.m.•45 views

CVE-2021-22901

curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client...

8.1CVSS7.3AI score0.60122EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2021/05/24 12:0 a.m.•45 views

CVE-2021-29256

. The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0. Notes...

9CVSS7.6AI score0.0302EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2021/05/20 12:15 p.m.•45 views

CVE-2020-15522

Bouncy Castle BC Java before 1.66, BC C .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multip...

5.9CVSS6.8AI score0.01522EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2021/05/11 5:0 p.m.•45 views

CVE-2021-3489

The eBPF RINGBUF bpfringbufreserve function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee "bp...

7.8CVSS7AI score0.0055EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2021/05/10 2:15 p.m.•45 views

CVE-2021-32056

Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall...

4.3CVSS6.3AI score0.017EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2021/05/04 1:30 p.m.•45 views

CVE-2020-28020

Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by leveraging the mishandling of continuation lines during header-length restriction...

9.8CVSS7.4AI score0.07944EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2021/04/22 12:0 a.m.•45 views

CVE-2021-2160

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 5.7.30 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

4.9CVSS6.6AI score0.0111EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2021/04/22 12:0 a.m.•45 views

CVE-2021-2161

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2...

5.9CVSS6.8AI score0.03125EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2021/04/19 7:15 p.m.•45 views

CVE-2021-31260

The MergeTrack function in GPAC 1.0.1 allows attackers to cause a denial of service NULL pointer dereference via a crafted file in the MP4Box command...

5.5CVSS6.8AI score0.00872EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2021/04/01 3:15 p.m.•45 views

CVE-2021-28165

In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame...

7.8CVSS6.9AI score0.53861EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2021/04/01 2:15 p.m.•45 views

CVE-2021-20296

A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availabili...

5.3CVSS6.8AI score0.01747EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2021/03/25 7:15 p.m.•45 views

CVE-2021-3443

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened...

5.5CVSS6.4AI score0.00762EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2021/03/09 7:15 p.m.•45 views

CVE-2021-20245

A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability...

7.1CVSS6.4AI score0.01205EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2021/03/07 5:15 a.m.•45 views

CVE-2021-27365

An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGESIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum leng...

7.8CVSS6.8AI score0.02079EPSS
Exploits1References11
UbuntuCve
UbuntuCve
•added 2021/02/17 12:0 a.m.•45 views

CVE-2021-26931

An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests such as out of memory conditions, it isn'...

5.5CVSS6.8AI score0.00544EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2020/12/17 7:15 p.m.•45 views

CVE-2020-35490

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource...

8.1CVSS6.9AI score0.07694EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2020/12/02 1:15 a.m.•45 views

CVE-2020-25704

A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERFEVENTIOCSETFILTER. A local user could use this flaw to starve the resources causing denial of service...

5.5CVSS6.7AI score0.00348EPSS
Exploits0References8
UbuntuCve
UbuntuCve
•added 2020/11/30 12:0 a.m.•45 views

CVE-2020-27815

A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well a...

7.8CVSS6.7AI score0.00788EPSS
Exploits1References7
UbuntuCve
UbuntuCve
•added 2020/11/20 6:15 p.m.•45 views

CVE-2020-28974

A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KDFONTOPCOPY in drivers/tty/vt/vt.c can be used for manipulations such as font height...

6.1CVSS6.7AI score0.00511EPSS
Exploits1References11
UbuntuCve
UbuntuCve
•added 2020/11/19 2:15 a.m.•45 views

CVE-2019-20933

InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret aka shared secret...

9.8CVSS6.9AI score0.30921EPSS
Exploits3References5
UbuntuCve
UbuntuCve
•added 2020/11/12 2:15 p.m.•45 views

CVE-2020-25658

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA...

7.5CVSS6.7AI score0.01631EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2020/11/10 6:0 p.m.•45 views

CVE-2020-8695

Observable discrepancy in the RAPL interface for some IntelR Processors may allow a privileged user to potentially enable information disclosure via local access...

5.5CVSS6.7AI score0.00414EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2020/11/06 8:15 a.m.•45 views

CVE-2020-26892

The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled...

9.8CVSS7.2AI score0.02054EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2020/10/22 5:15 p.m.•45 views

CVE-2020-7020

Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documen...

3.5CVSS6.6AI score0.00999EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2020/08/25 6:15 p.m.•45 views

CVE-2020-24616

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource aka Anteros-DBCP...

8.1CVSS7.1AI score0.09422EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2020/08/17 5:15 p.m.•45 views

CVE-2020-24370

ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal3,2^31...

5.3CVSS6.8AI score0.03833EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2020/08/13 7:15 p.m.•45 views

CVE-2020-24345

JerryScript through 2.3.0 allows stack consumption via function anew new Proxya,JSON.parse"",a. NOTE: the vendor states that the problem is the lack of the --stack-limit option...

7.8CVSS7.1AI score0.00817EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2020/08/11 8:15 p.m.•45 views

CVE-2020-0256

In LoadPartitionTable of gpt.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege when inserting a malicious USB device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

7.2CVSS6.8AI score0.00214EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2020/07/29 5:0 p.m.•45 views

CVE-2020-10713

A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access...

8.2CVSS7.5AI score0.01068EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2020/07/22 5:15 p.m.•45 views

CVE-2020-6514

Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream...

6.5CVSS6.9AI score0.0779EPSS
Exploits6References4
UbuntuCve
UbuntuCve
•added 2020/06/10 10:15 p.m.•45 views

CVE-2020-13900

An issue was discovered in janus-gateway aka Janus WebRTC Server through 0.10.0. janussdppreparse in sdp.c has a NULL pointer dereference...

7.5CVSS7.1AI score0.02367EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2020/06/02 2:15 p.m.•45 views

CVE-2020-13754

hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation...

6.7CVSS6.8AI score0.00421EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2020/04/30 11:15 p.m.•45 views

CVE-2020-11027

In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. Access would be needed to the email account of the user by a malicious party for successful execution. This has been patched in version 5.4.1, along with all the previously...

8.1CVSS7AI score0.13625EPSS
Exploits3References3
UbuntuCve
UbuntuCve
•added 2020/04/30 5:15 p.m.•45 views

CVE-2020-11652

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users...

6.5CVSS7.1AI score0.86063EPSS
Exploits17References7
Total number of security vulnerabilities5000