Lucene search
+L
UbuntucveMost viewed

71772 matches found

UbuntuCve
UbuntuCve
•added 2014/06/04 2:55 p.m.•45 views

CVE-2014-3834

ownCloud Server before 6.0.3 does not properly check permissions, which allows remote authenticated users to 1 access the contacts of other users via the address book or 2 rename files via unspecified vectors...

7.5CVSS5.9AI score0.01397EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2014/05/26 12:0 a.m.•45 views

CVE-2012-6647

The futexwaitrequeuepi function in kernel/futex.c in the Linux kernel before 3.5.1 does not ensure that calls have two different futex addresses, which allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact via a crafted...

4.9CVSS6.5AI score0.00381EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2014/05/19 2:55 p.m.•45 views

CVE-2014-3716

Xen 4.4.x does not properly check alignment, which allows local users to cause a denial of service crash via an unspecified field in a DTB header in a 32-bit guest kernel...

1.9CVSS5.8AI score0.00388EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2014/04/27 8:55 p.m.•45 views

CVE-2013-6887

OpenJPEG 1.5.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger NULL pointer dereferences, division-by-zero, and other errors...

6.4CVSS7.2AI score0.02236EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2014/04/23 12:0 a.m.•45 views

CVE-2014-2894

Off-by-one error in the cmdsmart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and memory corruption...

7.2CVSS7AI score0.00386EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2014/04/15 12:0 a.m.•45 views

CVE-2014-2412

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-0451...

7.5CVSS7.1AI score0.04976EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2014/04/15 12:0 a.m.•45 views

CVE-2014-0446

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries...

7.5CVSS7.1AI score0.05603EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2014/04/01 12:0 a.m.•45 views

CVE-2014-2678

The rdsiwladdrcheck function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports...

4.7CVSS6.5AI score0.00403EPSS
Exploits1References10
UbuntuCve
UbuntuCve
•added 2014/03/26 12:0 a.m.•45 views

CVE-2014-0055

The getrxbufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux RHEL 6 does not properly handle vhostgetvqdesc errors, which allows guest OS users to cause a denial of service host OS crash via unspecified...

5.5CVSS6.5AI score0.0062EPSS
Exploits1References8
UbuntuCve
UbuntuCve
•added 2014/02/05 6:55 p.m.•45 views

CVE-2013-1880

Cross-site scripting XSS vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish, a different vulnerability than CVE-2012-6092...

4.3CVSS7AI score0.05895EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2014/01/15 12:0 a.m.•45 views

CVE-2014-0373

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on...

7.5CVSS6.4AI score0.04234EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2013/12/09 4:36 p.m.•45 views

CVE-2013-7023

The ffcombineframe function in libavcodec/parser.c in FFmpeg before 2.1 does not properly handle certain memory-allocation errors, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted data...

6.8CVSS5.9AI score0.01637EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2013/12/07 12:55 a.m.•45 views

CVE-2013-6417

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query...

6.4CVSS5.9AI score0.02371EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2013/12/07 12:55 a.m.•45 views

CVE-2013-6415

Cross-site scripting XSS vulnerability in the numbertocurrency helper in actionpack/lib/actionview/helpers/numberhelper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter...

4.3CVSS6AI score0.03171EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2013/10/16 12:0 a.m.•45 views

CVE-2013-4002

XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment JRE in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlie...

7.1CVSS6.8AI score0.24738EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2013/09/30 12:0 a.m.•45 views

CVE-2013-4222

OpenStack Identity Keystone Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token...

6.5CVSS5.9AI score0.01892EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2013/09/16 1:2 p.m.•45 views

CVE-2013-5674

badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting the value of the userid...

7.5CVSS5.9AI score0.02098EPSS
Exploits2References3
UbuntuCve
UbuntuCve
•added 2013/08/15 5:55 p.m.•45 views

CVE-2013-2023

Cross-site scripting XSS vulnerability in actionscript/Jplayer.as in the Flash SWF component jplayer.swf in jPlayer before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to incomplete blacklists, a different vulnerability than...

4.3CVSS6AI score0.02461EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2013/06/25 12:0 a.m.•45 views

CVE-2013-1697

The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with...

9.3CVSS7.4AI score0.03166EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2013/06/18 12:0 a.m.•45 views

CVE-2013-2455

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different...

5CVSS6.9AI score0.04326EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2013/04/21 9:55 p.m.•45 views

CVE-2012-6092

Multiple cross-site scripting XSS vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via 1 the refresh parameter to PortfolioPublishServlet.java aka demo/portfolioPublish or Market Data Publisher, or vectors involving 2...

4.3CVSS7AI score0.06018EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2013/04/17 12:0 a.m.•45 views

CVE-2013-2429

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate...

7.6CVSS6.8AI score0.05724EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2013/04/17 12:0 a.m.•45 views

CVE-2013-2420

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate...

10CVSS6.8AI score0.06917EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2013/03/15 12:0 a.m.•45 views

CVE-2013-2546

The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAPNETADMIN capability...

2.1CVSS5.9AI score0.00386EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2013/03/07 12:0 a.m.•45 views

CVE-2012-6545

The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application...

1.9CVSS7AI score0.00368EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2013/02/20 12:0 a.m.•45 views

CVE-2013-1485

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries...

5CVSS7.2AI score0.0395EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2013/02/01 12:0 a.m.•45 views

CVE-2013-0434

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previou...

5CVSS7.2AI score0.04911EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2013/02/01 12:0 a.m.•45 views

CVE-2013-0426

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vecto...

10CVSS7.2AI score0.08087EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2012/10/16 12:0 a.m.•45 views

CVE-2012-1533

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than...

10CVSS5.9AI score0.68532EPSS
Exploits4References3
UbuntuCve
UbuntuCve
•added 2012/08/10 10:34 a.m.•45 views

CVE-2012-3463

Cross-site scripting XSS vulnerability in actionpack/lib/actionview/helpers/formtaghelper.rb in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the prompt field to the selecttag helper...

4.3CVSS6AI score0.01306EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2012/06/22 2:55 p.m.•45 views

CVE-2012-2660

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...

6.4CVSS7AI score0.046EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2012/06/16 9:55 p.m.•45 views

CVE-2011-1473

OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service CPU consumption by performing many renegotiations within a single connection, a...

5CVSS6.9AI score0.66422EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2012/06/06 12:0 a.m.•45 views

CVE-2012-0441

The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services NSS before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a...

5CVSS7.2AI score0.02945EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2012/02/09 12:0 a.m.•45 views

CVE-2011-4086

The journalunmapbuffer function in fs/jbd2/transaction.c in the Linux kernel before 3.3.1 does not properly handle the Delay and Unwritten buffer head states, which allows local users to cause a denial of service system crash by leveraging the presence of an ext4 filesystem that was mounted with ...

4.9CVSS5.9AI score0.00391EPSS
Exploits0References12
UbuntuCve
UbuntuCve
•added 2011/12/29 12:0 a.m.•45 views

CVE-2011-4885

PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters...

5CVSS7.2AI score0.83911EPSS
Exploits15References5
UbuntuCve
UbuntuCve
•added 2011/12/23 12:0 a.m.•45 views

CVE-2011-4127

The Linux kernel before 3.2.2 does not properly restrict SGIO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to 1 a partition block device or 2 an LVM volume...

4.6CVSS6.2AI score0.00566EPSS
Exploits2References8
UbuntuCve
UbuntuCve
•added 2011/12/15 3:57 a.m.•45 views

CVE-2011-4339

ipmievd aka the IPMI event daemon in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux RHEL 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this fil...

3.6CVSS6AI score0.00434EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2011/11/19 3:58 a.m.•45 views

CVE-2011-4404

The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote attackers to conduct directory traversal attacks and read arbitrary files via unspecified vectors, a related issue to...

5CVSS6AI score0.59726EPSS
Exploits7References1
UbuntuCve
UbuntuCve
•added 2011/06/22 12:0 a.m.•45 views

CVE-2011-1170

net/ipv4/netfilter/arptables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by...

2.1CVSS7AI score0.00407EPSS
Exploits2References11
UbuntuCve
UbuntuCve
•added 2011/06/14 12:0 a.m.•45 views

CVE-2011-0862

Multiple unspecified vulnerabilities in the Java Runtime Environment JRE component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.231 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D...

10CVSS7.2AI score0.06277EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2011/05/23 10:55 p.m.•45 views

CVE-2011-1575

The STARTTLS implementation in ftpparser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext...

5.8CVSS5.9AI score0.33341EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2011/05/03 12:0 a.m.•45 views

CVE-2011-1495

drivers/scsi/mpt2sas/mpt2sasctl.c in the Linux kernel 2.6.38 and earlier does not validate 1 length and 2 offset values before performing memory copy operations, which might allow local users to gain privileges, cause a denial of service memory corruption, or obtain sensitive information from...

7.2CVSS6.3AI score0.00367EPSS
Exploits1References13
UbuntuCve
UbuntuCve
•added 2011/03/02 12:0 a.m.•45 views

CVE-2011-0051

Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges...

6.8CVSS7.2AI score0.01823EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2011/02/17 12:0 a.m.•45 views

CVE-2010-4448

Unspecified vulnerability in the Java Runtime Environment JRE in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.229 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors...

2.6CVSS7.2AI score0.02407EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2011/01/03 12:0 a.m.•45 views

CVE-2010-4668

The blkrqmapuseriov function in block/blk-map.c in the Linux kernel before 2.6.37-rc7 allows local users to cause a denial of service panic via a zero-length I/O request in a device ioctl to a SCSI device, related to an unaligned map. NOTE: this vulnerability exists because of an incomplete fix f...

4.7CVSS5.9AI score0.00405EPSS
Exploits1References9
UbuntuCve
UbuntuCve
•added 2010/11/29 12:0 a.m.•45 views

CVE-2010-4073

The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initialize certain structures, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the 1 compatsyssemctl, 2 compatsysmsgctl, and 3 compatsysshmctl functions in...

1.9CVSS6.3AI score0.01542EPSS
Exploits8References10
UbuntuCve
UbuntuCve
•added 2010/10/23 12:0 a.m.•45 views

CVE-2010-4054

The gstype2interpret function in Ghostscript allows remote attackers to cause a denial of service incorrect pointer dereference and application crash via crafted font data in a compressed data stream, aka bug 691043...

4.3CVSS5.9AI score0.0266EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2010/10/20 12:0 a.m.•45 views

CVE-2010-3170

Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL serve...

4.3CVSS7.2AI score0.01096EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2010/08/10 12:23 p.m.•45 views

CVE-2010-2493

The default configuration of the deployment descriptor aka web.xml in picketlink-sts.war in 1 the securitysaml quickstart, 2 the webserviceproxysecurity quickstart, 3 the web-console application, 4 the http-invoker application, 5 the gpd-deployer application, 6 the jbpm-console application, 7 the...

5CVSS6AI score0.01688EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2010/07/23 12:0 a.m.•45 views

CVE-2010-1213

The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows remote attackers to bypass the Same Origin Polic...

4.3CVSS7.2AI score0.00957EPSS
Exploits1References4
Total number of security vulnerabilities5000