Lucene search
+L
UbuntucveMost viewed

71772 matches found

ubuntucve
ubuntucve
•added 2024/04/16 10:15 p.m.•44 views

CVE-2024-21012

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM...

3.7CVSS6.8AI score0.00902EPSS
Exploits0References5
ubuntucve
ubuntucve
•added 2024/04/15 6:15 a.m.•44 views

CVE-2024-32489

TCPDF before 6.7.4 mishandles calls that use HTML syntax...

6.1CVSS6.3AI score0.00582EPSS
Exploits0References4
ubuntucve
ubuntucve
•added 2024/04/03 3:15 p.m.•44 views

CVE-2024-26690

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: protect updates of 64-bit statistics counters As explained by a comment in , write side of struct u64statssync must ensure mutual exclusion, or one seqcount update could be lost on 32-bit platforms, thus blocking...

6.5CVSS5.7AI score0.00709EPSS
Exploits0References5
ubuntucve
ubuntucve
•added 2024/03/25 12:0 a.m.•44 views

CVE-2021-47170

In the Linux kernel, the following vulnerability has been resolved: USB: usbfs: Don't WARN about excessively large memory allocations Syzbot found that the kernel generates a WARNing if the user tries to submit a bulk transfer through usbfs with a buffer that is way too large. This isn't a bug in...

5.5CVSS6.6AI score0.00235EPSS
Exploits0References6
ubuntucve
ubuntucve
•added 2024/03/05 11:15 p.m.•44 views

CVE-2023-45289

When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a...

4.3CVSS6.7AI score0.0108EPSS
Exploits0References9
ubuntucve
ubuntucve
•added 2024/03/02 10:15 p.m.•44 views

CVE-2023-52528

In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Fix uninit-value access in smsc75xxreadreg syzbot reported the following uninit-value access issue: ===================================================== BUG: KMSAN: uninit-value in smsc75xxwaitready...

5.5CVSS6.3AI score0.00228EPSS
Exploits0References5
ubuntucve
ubuntucve
•added 2024/02/28 9:15 a.m.•44 views

CVE-2021-47010

In the Linux kernel, the following vulnerability has been resolved: net: Only allow init netns to set default tcp cong to a restricted algo tcpsetdefaultcongestioncontrol is netns-safe in that it writes to &net-ipv4.tcpcongestioncontrol, but it also sets ca-flags |= TCPCONGNONRESTRICTED which is...

7.8CVSS6.4AI score0.00257EPSS
Exploits0References8
ubuntucve
ubuntucve
•added 2024/02/26 12:0 a.m.•44 views

CVE-2024-26602

In the Linux kernel, the following vulnerability has been resolved: sched/membarrier: reduce the ability to hammer on sysmembarrier On some systems, sysmembarrier can be very expensive, causing overall slowdowns for everything. So put a lock on the path in order to serialize the accesses to preve...

5.5CVSS6.3AI score0.00316EPSS
Exploits0References17
ubuntucve
ubuntucve
•added 2024/02/07 4:15 p.m.•44 views

CVE-2024-24815

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA...

6.1CVSS6.7AI score0.00706EPSS
Exploits0References3
ubuntucve
ubuntucve
•added 2024/01/24 12:15 a.m.•44 views

CVE-2024-23638

Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client...

6.5CVSS6.6AI score0.6005EPSS
Exploits1References4
ubuntucve
ubuntucve
•added 2024/01/18 4:15 p.m.•44 views

CVE-2024-0607

A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nftbyteordereval function, where the code iterates through a loop and writes to the dst array. On each iteration, 8 bytes are written, but dst is an array of u32, so each element only has space for 4 bytes. That...

6.6CVSS6.7AI score0.00241EPSS
Exploits0References16
ubuntucve
ubuntucve
•added 2024/01/16 12:0 a.m.•44 views

CVE-2024-22362

Drupal contains a vulnerability with improper handling of structural elements. If this vulnerability is exploited, an attacker may be able to cause a denial-of-service DoS condition...

7.5CVSS6.7AI score0.00791EPSS
Exploits0References5
ubuntucve
ubuntucve
•added 2024/01/08 2:15 p.m.•44 views

CVE-2024-21647

Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions. Without this limit, an...

7.5CVSS6.6AI score0.00958EPSS
Exploits0References4
ubuntucve
ubuntucve
•added 2023/12/12 12:0 a.m.•44 views

CVE-2023-50495

NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component ncwrapentry...

6.5CVSS6.8AI score0.00962EPSS
Exploits0References4
ubuntucve
ubuntucve
•added 2023/12/08 5:15 p.m.•44 views

CVE-2023-6606

An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information...

7.1CVSS6.7AI score0.00526EPSS
Exploits1References19
ubuntucve
ubuntucve
•added 2023/12/04 11:15 p.m.•44 views

CVE-2023-49288

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with...

8.6CVSS7AI score0.04777EPSS
Exploits0References6
ubuntucve
ubuntucve
•added 2023/11/23 4:15 p.m.•44 views

CVE-2023-33202

Bouncy Castle for Java before 1.73 contains a potential Denial of Service DoS issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafte...

5.5CVSS6.8AI score0.00932EPSS
Exploits1References3
ubuntucve
ubuntucve
•added 2023/11/14 12:0 a.m.•44 views

CVE-2023-36558

ASP.NET Core Security Feature Bypass Vulnerability...

6.2CVSS6.8AI score0.01085EPSS
Exploits0References4
ubuntucve
ubuntucve
•added 2023/10/26 6:15 p.m.•44 views

CVE-2023-31419

A flaw was discovered in Elasticsearch, affecting the search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service...

7.5CVSS6.8AI score0.60679EPSS
Exploits4References3
ubuntucve
ubuntucve
•added 2023/10/25 12:0 a.m.•44 views

CVE-2023-31582

jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less...

7.5CVSS6.9AI score0.00644EPSS
Exploits0References3
ubuntucve
ubuntucve
•added 2023/10/18 4:15 a.m.•44 views

CVE-2023-39331

A previously disclosed vulnerability CVE-2023-30584 was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations. Please...

7.7CVSS6.8AI score0.01325EPSS
Exploits0References2
ubuntucve
ubuntucve
•added 2023/09/28 12:0 a.m.•44 views

CVE-2023-42116

Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling o...

9.8CVSS7.6AI score0.03158EPSS
Exploits2References4
ubuntucve
ubuntucve
•added 2023/09/27 3:19 p.m.•44 views

CVE-2023-41074

The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution...

8.8CVSS7.3AI score0.03609EPSS
Exploits0References4
ubuntucve
ubuntucve
•added 2023/08/31 10:15 p.m.•44 views

CVE-2023-40569

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the progressivedecompress function. This issue is likely down to incorrect calculations of the nXSrc and nYSrc variables. This issue h...

9.8CVSS6.8AI score0.01106EPSS
Exploits1References4
ubuntucve
ubuntucve
•added 2023/08/22 7:16 p.m.•44 views

CVE-2022-45582

Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the successurl parameter...

6.1CVSS6.3AI score0.00674EPSS
Exploits0References2
ubuntucve
ubuntucve
•added 2023/08/22 7:16 p.m.•44 views

CVE-2022-47007

An issue was discovered function stabdemanglev3arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks...

5.5CVSS6.8AI score0.00403EPSS
Exploits1References3
ubuntucve
ubuntucve
•added 2023/07/11 8:15 p.m.•44 views

CVE-2023-29406

The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...

6.5CVSS6.8AI score0.01453EPSS
Exploits0References10
ubuntucve
ubuntucve
•added 2023/06/26 9:15 p.m.•44 views

CVE-2023-3422

Use after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.2AI score0.00658EPSS
Exploits0References3
ubuntucve
ubuntucve
•added 2023/06/19 10:15 a.m.•44 views

CVE-2023-29532

A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not...

5.5CVSS6.8AI score0.00185EPSS
Exploits0References4
ubuntucve
ubuntucve
•added 2023/05/31 8:15 p.m.•44 views

CVE-2022-48502

An issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, leading to an out-of-bounds read in ntfssetea in fs/ntfs3/xattr.c...

7.1CVSS6.8AI score0.00545EPSS
Exploits1References11
ubuntucve
ubuntucve
•added 2023/05/15 10:15 p.m.•44 views

CVE-2023-2124

An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure with a dirty log journal. This flaw allows a local user to crash or potentially escalate their privileges on the system...

7.8CVSS6.7AI score0.00491EPSS
Exploits1References20
ubuntucve
ubuntucve
•added 2023/05/10 2:15 p.m.•44 views

CVE-2023-28410

Improper restriction of operations within the bounds of a memory buffer in some IntelR i915 Graphics drivers for linux before kernel version 6.2.10 may allow an authenticated user to potentially enable escalation of privilege via local access...

8.8CVSS6.6AI score0.00262EPSS
Exploits0References2
ubuntucve
ubuntucve
•added 2023/05/09 12:0 a.m.•44 views

CVE-2023-2283

A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in thepkiverifydatasignature function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the retu...

6.5CVSS6.6AI score0.01061EPSS
Exploits2References3
ubuntucve
ubuntucve
•added 2023/04/29 12:15 a.m.•44 views

CVE-2023-31486

HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates...

8.1CVSS6.9AI score0.01742EPSS
Exploits0References10
ubuntucve
ubuntucve
•added 2023/04/20 12:0 a.m.•44 views

CVE-2023-2176

A vulnerability was found in comparenetdevandip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege...

7.8CVSS6.7AI score0.0024EPSS
Exploits0References9
ubuntucve
ubuntucve
•added 2023/04/01 5:15 a.m.•44 views

CVE-2023-0189

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering...

8.8CVSS7.1AI score0.00273EPSS
Exploits0References2
ubuntucve
ubuntucve
•added 2023/03/30 5:15 a.m.•44 views

CVE-2023-26118

Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service ReDoS via the element due to the usage of an insecure regular expression in the inputurl functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result ...

5.3CVSS6.8AI score0.01695EPSS
Exploits1References4
ubuntucve
ubuntucve
•added 2023/03/24 8:15 p.m.•44 views

CVE-2021-43312

A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf64::invertptdynamic at plxelf.cpp:5239...

7.5CVSS7.3AI score0.00817EPSS
Exploits1References2
ubuntucve
ubuntucve
•added 2023/03/06 9:15 p.m.•44 views

CVE-2023-1161

ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file...

7.1CVSS6.8AI score0.00649EPSS
Exploits0References4
ubuntucve
ubuntucve
•added 2023/03/02 12:0 a.m.•44 views

CVE-2023-1078

A flaw was found in the Linux Kernel in RDS Reliable Datagram Sockets protocol. The rdsrmzerocopycallback uses listentry on the head of a list causing a type confusion. Local user can trigger this with rdsmessageput. Type confusion leads to struct rdsmsgzcopyinfo info actually points to something...

7.8CVSS6.7AI score0.00251EPSS
Exploits0References17
ubuntucve
ubuntucve
•added 2023/02/28 8:15 p.m.•44 views

CVE-2023-27372

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1...

9.8CVSS7.3AI score0.99637EPSS
Exploits23References9
ubuntucve
ubuntucve
•added 2023/02/28 12:0 a.m.•44 views

CVE-2023-1075

A flaw was found in the Linux Kernel. The tlsistxready incorrectly checks for list emptiness, potentially accessing a type confused entry to the listhead, leaking the last byte of the confused field that overlaps with rec-txready...

3.3CVSS6.7AI score0.00217EPSS
Exploits0References18
ubuntucve
ubuntucve
•added 2023/02/16 10:15 p.m.•44 views

CVE-2020-12413

The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites...

5.9CVSS6.7AI score0.00594EPSS
Exploits0References2
ubuntucve
ubuntucve
•added 2023/02/15 12:0 a.m.•44 views

CVE-2023-23915

A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP...

6.5CVSS6.8AI score0.00861EPSS
Exploits0References3
ubuntucve
ubuntucve
•added 2023/02/03 6:15 p.m.•44 views

CVE-2023-23088

Buffer OverFlow Vulnerability in Barenboim json-parser master and v1.1.0 fixed in v1.1.1 allows an attacker to execute arbitrary code via the jsonvalueparse function...

9.8CVSS7.5AI score0.00998EPSS
Exploits1References1
ubuntucve
ubuntucve
•added 2023/02/03 6:15 a.m.•44 views

CVE-2023-25139

sprintf in the GNU C Library glibc 2.37 has a buffer overflow out-of-bounds write in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a...

9.8CVSS7.3AI score0.01423EPSS
Exploits1References1
ubuntucve
ubuntucve
•added 2023/01/31 4:15 p.m.•44 views

CVE-2022-28331

On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in aprsocketsendv. This is a result of integer overflow...

9.8CVSS7.4AI score0.01575EPSS
Exploits0References2
ubuntucve
ubuntucve
•added 2023/01/18 12:0 a.m.•44 views

CVE-2023-23606

Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 109...

8.8CVSS7.2AI score0.00521EPSS
Exploits0References3
ubuntucve
ubuntucve
•added 2023/01/12 4:15 a.m.•44 views

CVE-2022-4345

Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file...

6.5CVSS6.8AI score0.00675EPSS
Exploits0References3
ubuntucve
ubuntucve
•added 2023/01/07 8:15 p.m.•44 views

CVE-2020-36646

A vulnerability classified as problematic has been found in MediaArea ZenLib up to 0.4.38. This affects the function Ztring::DateFromSeconds1970Local of the file Source/ZenLib/Ztring.cpp. The manipulation of the argument Value leads to unchecked return value to null pointer dereference. Upgrading...

7.5CVSS5.3AI score0.01177EPSS
Exploits0References8
Total number of security vulnerabilities5000