Lucene search
+L
UbuntucveMost viewed

71772 matches found

UbuntuCve
UbuntuCve
•added 2023/10/26 6:15 p.m.•44 views

CVE-2023-31419

A flaw was discovered in Elasticsearch, affecting the search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service...

7.5CVSS6.8AI score0.60679EPSS
Exploits4References3
UbuntuCve
UbuntuCve
•added 2023/10/18 4:15 a.m.•44 views

CVE-2023-39331

A previously disclosed vulnerability CVE-2023-30584 was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations. Please...

7.7CVSS6.8AI score0.01325EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2023/09/28 12:0 a.m.•44 views

CVE-2023-42116

Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling o...

9.8CVSS7.6AI score0.03158EPSS
Exploits2References4
UbuntuCve
UbuntuCve
•added 2023/09/27 3:19 p.m.•44 views

CVE-2023-41074

The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution...

8.8CVSS7.3AI score0.03609EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2023/08/31 10:15 p.m.•44 views

CVE-2023-40569

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the progressivedecompress function. This issue is likely down to incorrect calculations of the nXSrc and nYSrc variables. This issue h...

9.8CVSS6.8AI score0.01106EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2023/08/22 7:16 p.m.•44 views

CVE-2022-47007

An issue was discovered function stabdemanglev3arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks...

5.5CVSS6.8AI score0.00403EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2023/08/22 7:16 p.m.•44 views

CVE-2022-45582

Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the successurl parameter...

6.1CVSS6.3AI score0.00674EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2023/08/22 7:16 p.m.•44 views

CVE-2020-35342

GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4xprintcond file opcodes/tic4x-dis.c which could allow attackers to make an information leak...

7.5CVSS6.6AI score0.00659EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2023/07/11 8:15 p.m.•44 views

CVE-2023-29406

The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...

6.5CVSS6.8AI score0.01453EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2023/06/19 10:15 a.m.•44 views

CVE-2023-29532

A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not...

5.5CVSS6.8AI score0.00185EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2023/05/31 8:15 p.m.•44 views

CVE-2022-48502

An issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, leading to an out-of-bounds read in ntfssetea in fs/ntfs3/xattr.c...

7.1CVSS6.8AI score0.00545EPSS
Exploits1References11
UbuntuCve
UbuntuCve
•added 2023/05/10 2:15 p.m.•44 views

CVE-2023-28410

Improper restriction of operations within the bounds of a memory buffer in some IntelR i915 Graphics drivers for linux before kernel version 6.2.10 may allow an authenticated user to potentially enable escalation of privilege via local access...

8.8CVSS6.6AI score0.00262EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2023/04/29 12:15 a.m.•44 views

CVE-2023-31486

HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates...

8.1CVSS6.9AI score0.01742EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2023/04/20 12:0 a.m.•44 views

CVE-2023-2176

A vulnerability was found in comparenetdevandip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege...

7.8CVSS6.7AI score0.0024EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2023/04/01 5:15 a.m.•44 views

CVE-2023-0189

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering...

8.8CVSS7.1AI score0.00273EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2023/03/30 5:15 a.m.•44 views

CVE-2023-26118

Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service ReDoS via the element due to the usage of an insecure regular expression in the inputurl functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result ...

5.3CVSS6.8AI score0.01695EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2023/03/24 8:15 p.m.•44 views

CVE-2021-43312

A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf64::invertptdynamic at plxelf.cpp:5239...

7.5CVSS7.3AI score0.00817EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2023/03/06 9:15 p.m.•44 views

CVE-2023-1161

ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file...

7.1CVSS6.8AI score0.00649EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2023/02/28 8:15 p.m.•44 views

CVE-2023-27372

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1...

9.8CVSS7.3AI score0.99637EPSS
Exploits23References9
UbuntuCve
UbuntuCve
•added 2023/02/16 10:15 p.m.•44 views

CVE-2020-12413

The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites...

5.9CVSS6.7AI score0.00594EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2023/02/15 12:0 a.m.•44 views

CVE-2023-23915

A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP...

6.5CVSS6.8AI score0.00861EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2023/02/03 6:15 p.m.•44 views

CVE-2023-23088

Buffer OverFlow Vulnerability in Barenboim json-parser master and v1.1.0 fixed in v1.1.1 allows an attacker to execute arbitrary code via the jsonvalueparse function...

9.8CVSS7.5AI score0.00998EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2023/02/03 6:15 a.m.•44 views

CVE-2023-25139

sprintf in the GNU C Library glibc 2.37 has a buffer overflow out-of-bounds write in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a...

9.8CVSS7.3AI score0.01423EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2023/01/18 12:0 a.m.•44 views

CVE-2023-23606

Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 109...

8.8CVSS7.2AI score0.00521EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2023/01/12 4:15 a.m.•44 views

CVE-2022-4345

Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file...

6.5CVSS6.8AI score0.00675EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2023/01/07 8:15 p.m.•44 views

CVE-2020-36646

A vulnerability classified as problematic has been found in MediaArea ZenLib up to 0.4.38. This affects the function Ztring::DateFromSeconds1970Local of the file Source/ZenLib/Ztring.cpp. The manipulation of the argument Value leads to unchecked return value to null pointer dereference. Upgrading...

7.5CVSS5.3AI score0.01177EPSS
Exploits0References8
UbuntuCve
UbuntuCve
•added 2023/01/05 4:15 p.m.•44 views

CVE-2022-47662

GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault /stack overflow due to infinite recursion in MediaGetSample isomedia/media.c:662...

5.5CVSS6.8AI score0.00308EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2023/01/05 12:0 a.m.•44 views

CVE-2023-22622

WordPress through 6.1.1 depends on unpredictable client visits to cause wp-cron.php execution and the resulting security updates, and the source code describes "the scenario where a site may not receive enough visits to execute scheduled tasks in a timely manner," but neither the installation gui...

5.3CVSS6.2AI score0.01659EPSS
Exploits1References7
UbuntuCve
UbuntuCve
•added 2023/01/04 12:0 a.m.•44 views

CVE-2022-46692

A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy...

5.5CVSS6.8AI score0.00197EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2023/01/02 11:15 p.m.•44 views

CVE-2022-0337

Inappropriate implementation in File System API in Google Chrome on Windows prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. Chrome security severity: High...

6.5CVSS6.8AI score0.01266EPSS
Exploits2References3
UbuntuCve
UbuntuCve
•added 2022/12/18 6:15 a.m.•44 views

CVE-2022-47520

An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security Network RSN information element from a Netlink packet...

7.1CVSS6.8AI score0.00307EPSS
Exploits0References20
UbuntuCve
UbuntuCve
•added 2022/12/16 4:15 p.m.•44 views

CVE-2022-20567

In pppol2tpcreate of l2tpppp.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

7.4CVSS7AI score0.0011EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2022/12/09 6:15 p.m.•44 views

CVE-2022-23482

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol RDP. xrdp v0.9.21 contain a Out of Bound Read in xrdpsecprocessmcsdataCSCORE function. There are no known workarounds for this issue. Users are advised to upgrade...

9.1CVSS6.9AI score0.00729EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/12/05 7:15 p.m.•44 views

CVE-2022-43515

Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. In this way, any user will not be able to access the Zabbix Frontend while it is being maintained and possible sensitive data will be prevented from being...

9.8CVSS6.8AI score0.01207EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2022/11/08 11:15 p.m.•44 views

CVE-2022-39328

Grafana is an open-source platform for monitoring and observability. Versions starting with 9.2.0 and less than 9.2.4 contain a race condition in the authentication middlewares logic which may allow an unauthenticated user to query an administration endpoint under heavy load. This issue is patche...

9.8CVSS7.2AI score0.00922EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/11/01 8:15 p.m.•44 views

CVE-2022-42823

A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may lead to arbitrary code execution...

8.8CVSS7.3AI score0.0141EPSS
Exploits0References8
UbuntuCve
UbuntuCve
•added 2022/10/21 8:15 p.m.•44 views

CVE-2022-3649

A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfsnewinode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch t...

7CVSS6.2AI score0.00758EPSS
Exploits0References27
UbuntuCve
UbuntuCve
•added 2022/10/20 8:15 p.m.•44 views

CVE-2022-3620

A vulnerability was found in Exim and classified as problematic. This issue affects the function dmarcdnslookup of the file dmarc.c of the component DMARC Handler. The manipulation leads to use after free. The attack may be initiated remotely. The name of the patch is...

9.8CVSS6AI score0.00734EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/10/17 7:15 p.m.•44 views

CVE-2022-3564

A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2capreassemblesdu of the file net/bluetooth/l2capcore.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The...

7.1CVSS6.5AI score0.0129EPSS
Exploits0References16
UbuntuCve
UbuntuCve
•added 2022/10/16 10:15 a.m.•44 views

CVE-2022-3524

A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6renewoptions of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this...

5.5CVSS5.8AI score0.00733EPSS
Exploits0References17
UbuntuCve
UbuntuCve
•added 2022/10/14 3:15 p.m.•44 views

CVE-2022-32149

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

7.5CVSS6.8AI score0.01428EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2022/10/12 8:15 p.m.•44 views

CVE-2022-37601

Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3...

9.8CVSS6.8AI score0.02601EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2022/10/06 6:16 p.m.•44 views

CVE-2022-39237

syslabs/sif is the Singularity Image Format SIF reference implementation. In versions prior to 2.8.1the github.com/sylabs/sif/v2/pkg/integrity package did not verify that the hash algorithms used are cryptographically secure when verifying digital signatures. A patch is available in version =...

9.8CVSS6.5AI score0.00477EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2022/09/30 12:0 a.m.•44 views

CVE-2022-41848

drivers/char/pcmcia/synclinkcs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpcioctl and mgslpcdetach...

4.2CVSS6.7AI score0.0025EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/09/26 4:15 p.m.•44 views

CVE-2022-3057

Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

6.5CVSS6.8AI score0.00515EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2022/09/26 4:15 p.m.•44 views

CVE-2022-2859

Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions...

8.8CVSS7.3AI score0.00772EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2022/09/23 7:15 p.m.•44 views

CVE-2022-22610

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to code execution...

8.8CVSS7.2AI score0.01006EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2022/09/23 12:0 a.m.•44 views

CVE-2022-41322

In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup...

7.8CVSS7.3AI score0.00481EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2022/09/21 12:0 a.m.•44 views

CVE-2022-3080

By sending specific queries to the resolver, an attacker can cause named to crash...

7.5CVSS7.1AI score0.01555EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/09/20 8:15 p.m.•44 views

CVE-2022-40008

SWFTools commit 772e55a was discovered to contain a heap-buffer overflow via the function readU8 at /lib/ttf.c...

9.8CVSS7.2AI score0.00988EPSS
Exploits1References2
Total number of security vulnerabilities5000