Lucene search
K
UbuntucveMost viewed

68528 matches found

UbuntuCve
UbuntuCve
•added 2008/09/24 12:0 a.m.•45 views

CVE-2008-4059

The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element...

7.5CVSS6.1AI score0.04996EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2008/08/06 6:41 p.m.•45 views

CVE-2008-2939

Cross-site scripting XSS vulnerability in proxyftp.c in the modproxyftp module in Apache 2.0.63 and earlier, and modproxyftp.c in the modproxyftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory...

4.3CVSS7.2AI score0.38953EPSS
Exploits4References2
UbuntuCve
UbuntuCve
•added 2008/08/01 2:41 p.m.•45 views

CVE-2008-2935

Multiple heap-based buffer overflows in the rc4 1 encryption aka exsltCryptoRc4EncryptFunction and 2 decryption aka exsltCryptoRc4DecryptFunction functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containin...

7.5CVSS7.4AI score0.12789EPSS
Exploits2References2
UbuntuCve
UbuntuCve
•added 2008/06/24 7:41 p.m.•45 views

CVE-2008-2836

PHP remote file inclusion vulnerability in sendreminders.php in WebCalendar 1.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter and a 0 value for the noSet parameter, a different vector than CVE-2007-1483...

7.5CVSS6.2AI score0.03094EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2008/06/18 7:41 p.m.•45 views

CVE-2008-2751

Multiple cross-site scripting XSS vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.101 allow remote attackers to inject arbitrary web script or HTML via the 1 propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, 2...

4.3CVSS5.9AI score0.04376EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2008/04/09 9:5 p.m.•45 views

CVE-2007-0071

Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer...

9.3CVSS7.7AI score0.92501EPSS
Exploits2References1
UbuntuCve
UbuntuCve
•added 2008/04/04 12:44 a.m.•45 views

CVE-2008-1373

Buffer overflow in the gifreadlzw function in CUPS 1.3.6 allows remote attackers to have an unknown impact via a GIF file with a large codesize value, a similar issue to CVE-2006-4484...

5.8CVSS7.2AI score0.02171EPSS
Exploits2References3
UbuntuCve
UbuntuCve
•added 2008/01/25 1:0 a.m.•45 views

CVE-2008-0456

CRLF injection vulnerability in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP respons...

2.6CVSS6AI score0.19036EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2007/12/21 10:46 p.m.•45 views

CVE-2007-6514

Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "" backslash, which is not handled by the intended AddType directive...

4.3CVSS6AI score0.38042EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2007/11/08 8:46 p.m.•45 views

CVE-2007-5896

Mozilla Firefox 2.0.0.9 allows remote attackers to cause a denial of service CPU consumption and crash via an iframe with Javascript that sets the document.location to contain a leading NULL byte \x00 and a 1 res://, 2 about:config, or 3 file:/// URI...

7.1CVSS6AI score0.01174EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2007/10/16 12:17 a.m.•45 views

CVE-2007-5471

libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in SUSE Linux Enterprise Server 10 SP 1, terminates upon an initialization error, which allows remote attackers to cause a denial of service daemon exit via a GSS-TSIG request. NOTE: this issue probably affects other daemons that...

7.8CVSS6AI score0.02603EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2007/09/17 4:17 p.m.•45 views

CVE-2007-4904

RealNetworks RealPlayer 10.1.0.3114 and earlier, and Helix Player 1.0.6.778 on Fedora Core 6 FC6 and possibly other platforms, allow user-assisted remote attackers to cause a denial of service application crash via a malformed .au file that triggers a divide-by-zero error...

4.3CVSS5.9AI score0.02787EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2007/08/28 1:17 a.m.•45 views

CVE-2007-4560

clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."...

7.6CVSS6.1AI score0.83539EPSS
Exploits12References1
UbuntuCve
UbuntuCve
•added 2007/06/19 9:30 p.m.•45 views

CVE-2007-3280

The Database Link library dblink in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system...

9CVSS6.2AI score0.2613EPSS
Exploits2References1
UbuntuCve
UbuntuCve
•added 2007/06/06 1:30 a.m.•45 views

CVE-2007-3056

Cross-site scripting XSS vulnerability in filedetails.php in WebSVN 2.0rc4, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the path parameter...

4.3CVSS5.9AI score0.01562EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2007/04/30 10:19 p.m.•45 views

CVE-2007-2353

Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message...

5CVSS5.9AI score0.27651EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2007/03/03 9:19 p.m.•45 views

CVE-2006-7105

PHP remote file inclusion vulnerability in libs/Smarty.class.php in Smarty 2.6.9 allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter. NOTE: in the original disclosure, filename is used in a function definition, so this report is probably incorrect...

9.8CVSS6.3AI score0.01735EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2007/01/29 5:28 p.m.•45 views

CVE-2007-0539

The wpremotefopen function in WordPress before 2.1 allows remote attackers to cause a denial of service bandwidth or thread consumption via pingback service calls with a source URI that corresponds to a large file, which triggers a long download session without a timeout constraint...

7.8CVSS5.9AI score0.03384EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2006/09/28 6:7 p.m.•45 views

CVE-2006-2940

OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service CPU consumption via parasitic public keys with large 1 "public exponent" or 2 "public modulus" values in X.509 certificates that require extra time to process when using RSA...

7.8CVSS6.7AI score0.04903EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2006/07/27 7:4 p.m.•45 views

CVE-2006-3803

Race condition in the JavaScript garbage collection in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code by causing the garbage collector to delete a temporary variable while it is still being used...

5.1CVSS6.4AI score0.04378EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2006/07/21 2:3 p.m.•45 views

CVE-2006-3630

Multiple off-by-one errors in Wireshark aka Ethereal 0.9.7 to 0.99.0 have unknown impact and remote attack vectors via the 1 NCP NMAS and 2 NDPS dissectors...

7.5CVSS5.9AI score0.01906EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2006/04/20 10:2 a.m.•45 views

CVE-2006-1056

The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th generation AuthenticAMD processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one process to determine portions of the stat...

2.1CVSS5.9AI score0.00448EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2006/02/02 11:2 a.m.•45 views

CVE-2006-0527

BIND 4 BIND4 and BIND 8 BIND8, if used as a target forwarder, allows remote attackers to gain privileged access via a "Kashpureff-style DNS cache corruption" attack...

7.5CVSS5.9AI score0.07999EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2006/01/18 1:7 a.m.•45 views

CVE-2006-0236

GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-assisted attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that is not displayed by Thunderbird, along with an...

5.1CVSS6.3AI score0.02057EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2005/12/31 5:0 a.m.•45 views

CVE-2005-4351

The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass immutable settings for files by mounting another filesystem that masks the immutable files while the system is running...

4.3CVSS5.8AI score0.00426EPSS
Exploits2References1
UbuntuCve
UbuntuCve
•added 2005/09/16 10:3 p.m.•45 views

CVE-2005-2946

The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature...

7.5CVSS7.3AI score0.00844EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2005/07/11 4:0 a.m.•45 views

CVE-2005-1768

Race condition in the ia32 compatibility code for the execve system call in Linux kernel 2.4 before 2.4.31 and 2.6 before 2.6.6 allows local users to cause a denial of service kernel panic and possibly execute arbitrary code via a concurrent thread that increments a pointer count after the nargs...

3.7CVSS6.3AI score0.00482EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2005/05/02 4:0 a.m.•45 views

CVE-2005-0469

Buffer overflow in the slcaddreply function in various BSD-based Telnet clients, when handling LINEMODE suboptions, allows remote attackers to execute arbitrary code via a reply with a large number of Set Local Character SLC commands...

7.5CVSS7.7AI score0.08635EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2004/12/31 5:0 a.m.•45 views

CVE-2004-1189

The addtohistory function in svrprincipal.c in libkadm5srv for MIT Kerberos 5 krb5 up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an array index out-of-bounds error and may allow...

7.2CVSS7.5AI score0.00734EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2004/09/28 4:0 a.m.•45 views

CVE-2004-0642

Double free vulnerabilities in the error handling code for ASN.1 decoders in the 1 Key Distribution Center KDC library and 2 client library for MIT Kerberos 5 krb5 1.3.4 and earlier may allow remote attackers to execute arbitrary code...

7.5CVSS7.5AI score0.08257EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2004/06/01 4:0 a.m.•45 views

CVE-2004-0179

Multiple format string vulnerabilities in 1 neon 0.24.4 and earlier, and other products that use neon including 2 Cadaver, 3 Subversion, and 4 OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code...

6.8CVSS6AI score0.11056EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2024/11/11 8:15 p.m.•44 views

CVE-2024-51488

Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users delete messages. This vulnerability could be exploited to forge CSRF attacks, allowing an attacker to delete messages to any...

5.4CVSS5.8AI score0.00266EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2024/08/07 4:15 p.m.•44 views

CVE-2024-42240

In the Linux kernel, the following vulnerability has been resolved: x86/bhi: Avoid warning in DB handler due to BHI mitigation When BHI mitigation is enabled, if SYSENTER is invoked with the TF flag set then entrySYSENTERcompat uses CLEARBRANCHHISTORY and calls the clearbhbloop before the TF flag...

5.5CVSS6.3AI score0.00219EPSS
Exploits0References34
UbuntuCve
UbuntuCve
•added 2024/07/23 6:15 p.m.•44 views

CVE-2024-41665

Ampache, a web based audio/video streaming application and file manager, has a stored cross-site scripting XSS vulnerability in versions prior to 6.6.0. This vulnerability exists in the "Playlists - Democratic - Configure Democratic Playlist" feature. An attacker with Content Manager permissions...

5.5CVSS5.8AI score0.0046EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2024/07/12 1:15 p.m.•44 views

CVE-2024-40954

In the Linux kernel, the following vulnerability has been resolved: net: do not leave a dangling sk pointer, when socket creation fails It is possible to trigger a use-after-free by: attaching an fentry probe to sockrelease and the probe calling the bpfgetsocketcookie helper running traceroute -I...

7.8CVSS6.4AI score0.00255EPSS
Exploits0References20
UbuntuCve
UbuntuCve
•added 2024/06/28 7:15 p.m.•44 views

CVE-2024-27629

An issue in dc2niix before v.1.0.20240202 allows a local attacker to execute arbitrary code via the generated file name is not properly escaped and injected into a system call when certain types of compression are used...

7.8CVSS6AI score0.00206EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2024/05/30 4:15 p.m.•44 views

CVE-2024-36904

In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcountincnotzero in tcptwskunique. Anderson Nascimento reported a use-after-free splat in tcptwskunique with nice analysis. Since commit ec94c2696f0b "tcp/dccp: avoid one atomic operation for timewait hashdance",...

7.8CVSS6.4AI score0.00614EPSS
Exploits0References28
UbuntuCve
UbuntuCve
•added 2024/05/22 12:0 a.m.•44 views

CVE-2024-5157

Use after free in Scheduling in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.6AI score0.00772EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2024/05/19 9:15 a.m.•44 views

CVE-2024-35875

In the Linux kernel, the following vulnerability has been resolved: x86/coco: Require seeding RNG with RDRAND on CoCo systems There are few uses of CoCo that don't rely on working cryptography and hence a working RNG. Unfortunately, the CoCo threat model means that the VM host cannot be trusted a...

5.5CVSS6.3AI score0.00235EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2024/05/17 3:15 p.m.•44 views

CVE-2023-52685

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

6.5AI score
Exploits0References18
UbuntuCve
UbuntuCve
•added 2024/05/17 2:15 p.m.•44 views

CVE-2024-35811

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix use-after-free bug in brcmfcfg80211detach This is the candidate patch of CVE-2023-47233 : https://nvd.nist.gov/vuln/detail/CVE-2023-47233 In brcm80211 driver,it starts with the following invoking chain to star...

5.5CVSS6.3AI score0.00233EPSS
Exploits0References24
UbuntuCve
UbuntuCve
•added 2024/04/17 11:15 a.m.•44 views

CVE-2024-26872

In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Do not register event handler until srpt device is fully setup Upon rare occasions, KASAN reports a use-after-free Write in srptrefreshport. This seems to be because an event handler is registered before the srpt devic...

7CVSS6.3AI score0.00235EPSS
Exploits0References24
UbuntuCve
UbuntuCve
•added 2024/04/16 10:15 p.m.•44 views

CVE-2024-21012

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM...

3.7CVSS6.8AI score0.00902EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2024/04/15 6:15 a.m.•44 views

CVE-2024-32489

TCPDF before 6.7.4 mishandles calls that use HTML syntax...

6.1CVSS6.3AI score0.00582EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2024/04/03 3:15 p.m.•44 views

CVE-2024-26690

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: protect updates of 64-bit statistics counters As explained by a comment in , write side of struct u64statssync must ensure mutual exclusion, or one seqcount update could be lost on 32-bit platforms, thus blocking...

6.5CVSS5.7AI score0.00709EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2024/03/26 8:15 p.m.•44 views

CVE-2024-2955

T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file...

7.8CVSS6.8AI score0.01403EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2024/03/09 1:15 a.m.•44 views

CVE-2024-28176

jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens JWT, JSON Web Signature JWS, JSON Web Encryption JWE, JSON Web Key JWK, JSON Web Key Set JWKS, and more. A vulnerability has been identified in the JSON Web Encryption JWE decryption interfaces...

5.9CVSS6.6AI score0.02085EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2024/03/05 11:15 p.m.•44 views

CVE-2023-45289

When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a...

4.3CVSS6.7AI score0.0108EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2024/03/02 10:15 p.m.•44 views

CVE-2023-52528

In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Fix uninit-value access in smsc75xxreadreg syzbot reported the following uninit-value access issue: ===================================================== BUG: KMSAN: uninit-value in smsc75xxwaitready...

5.5CVSS6.3AI score0.00228EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2024/02/28 9:15 a.m.•44 views

CVE-2021-47010

In the Linux kernel, the following vulnerability has been resolved: net: Only allow init netns to set default tcp cong to a restricted algo tcpsetdefaultcongestioncontrol is netns-safe in that it writes to &net-ipv4.tcpcongestioncontrol, but it also sets ca-flags |= TCPCONGNONRESTRICTED which is...

7.8CVSS6.4AI score0.00257EPSS
Exploits0References8
Total number of security vulnerabilities5000