Lucene search
+L
UbuntucveMost viewed

71772 matches found

UbuntuCve
UbuntuCve
•added 2022/08/03 7:15 p.m.•44 views

CVE-2022-31175

CKEditor 5 is a JavaScript rich text editor. A cross-site scripting vulnerability has been discovered affecting three optional CKEditor 5's packages in versions prior to 35.0.1. The vulnerability allowed to trigger a JavaScript code after fulfilling special conditions. The affected packages are...

5.8CVSS5.9AI score0.006EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2022/08/02 4:0 p.m.•44 views

CVE-2022-31606

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape, where a failure to properly validate data might allow an attacker with basic user capabilities to cause an out-of-bounds access in kernel mode, which could lead to denia...

7.8CVSS7.1AI score0.00378EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/08/02 4:0 p.m.•44 views

CVE-2022-31607

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer nvidia.ko, where a local user with basic capabilities can cause improper input validation, which may lead to denial of service, escalation of privileges, data tampering, and limited information disclosure...

7.8CVSS7AI score0.00245EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/07/27 10:15 p.m.•44 views

CVE-2022-1872

Insufficient policy enforcement in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page...

4.3CVSS6.3AI score0.00472EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2022/07/26 10:15 p.m.•44 views

CVE-2022-1499

Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

6.3CVSS6.8AI score0.00648EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2022/07/14 9:15 p.m.•44 views

CVE-2022-32323

AutoTrace v0.40.0 was discovered to contain a heap overflow via the ReadImage function at input-bmp.c:660...

7.3CVSS7.1AI score0.00879EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/07/05 1:15 p.m.•44 views

CVE-2022-2304

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0...

7.8CVSS7.1AI score0.01408EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2022/07/04 9:15 p.m.•44 views

CVE-2022-34918

An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nftseteleminit leading to a buffer overflow could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. The attacker can obtain root access, but must start with an...

7.8CVSS6.9AI score0.05496EPSS
Exploits10References15
UbuntuCve
UbuntuCve
•added 2022/07/01 10:15 p.m.•44 views

CVE-2022-34903

GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints e.g., use of GPGME are met, allows signature forgery via injection into the status line...

6.5CVSS6.9AI score0.02551EPSS
Exploits1References7
UbuntuCve
UbuntuCve
•added 2022/06/28 1:15 p.m.•44 views

CVE-2021-40609

The GetHintFormat function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command...

5.5CVSS6.8AI score0.0062EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2022/06/23 12:0 a.m.•44 views

CVE-2022-33070

Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parsetagandwiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service DoS via unspecified vectors...

5.5CVSS6.4AI score0.01065EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2022/06/20 2:15 p.m.•44 views

CVE-2021-41682

There is a heap-use-after-free at ecma-helpers-string.c:1940 in ecmacompareecmanondirectstrings in JerryScript 2.4.0...

7.8CVSS7.1AI score0.00727EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2022/06/19 12:15 p.m.•44 views

CVE-2022-2125

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2...

7.8CVSS7.1AI score0.01564EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2022/06/11 3:15 p.m.•44 views

CVE-2022-30780

Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service CPU consumption from stuck connections because connectionreadheadermore in connections.c has a typo that disrupts use of multiple read operations on large headers...

7.5CVSS7.1AI score0.56418EPSS
Exploits3References5
UbuntuCve
UbuntuCve
•added 2022/06/02 6:15 p.m.•44 views

CVE-2022-26944

Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONASCHEMA.xtrabackuphistory table. NOTE:...

6.5CVSS6.6AI score0.00851EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/06/02 2:15 p.m.•44 views

CVE-2022-1462

An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flushtoldisc function. This flaw allows a local user to crash the...

6.3CVSS6.7AI score0.00334EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2022/06/01 12:0 a.m.•44 views

CVE-2022-31744

An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR 91.11, Thunderbird 102, Thunderbird 91.11, and Firefox 101...

6.5CVSS6.7AI score0.0058EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2022/05/25 9:15 p.m.•44 views

CVE-2022-31620

In libjpeg before 1.64, BitStream::Get in bitstream.hpp has an assertion failure that may cause denial of service. This is related to out-of-bounds array access during arithmetically coded lossless scan or arithmetically coded sequential scan...

6.5CVSS6.6AI score0.01336EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2022/05/23 12:0 a.m.•44 views

CVE-2022-1529

An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR 91.9.1...

8.8CVSS7.3AI score0.17103EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2022/05/18 8:15 p.m.•44 views

CVE-2022-1771

Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975...

5.5CVSS6.8AI score0.01172EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2022/05/12 12:0 a.m.•44 views

CVE-2022-1552

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

8.8CVSS6.9AI score0.12403EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2022/05/10 2:15 p.m.•44 views

CVE-2022-1621

Heap buffer overflow in vimstrncpy findword in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution...

7.8CVSS7.5AI score0.02303EPSS
Exploits1References7
UbuntuCve
UbuntuCve
•added 2022/05/09 5:15 p.m.•44 views

CVE-2022-27114

There is a vulnerability in htmldoc 1.9.16. In imageloadjpeg function image.cxx when it calls malloc,'img-width' and 'img-height' they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause a buffer...

5.5CVSS6.5AI score0.00917EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2022/05/04 12:0 a.m.•44 views

CVE-2022-29914

When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...

6.5CVSS6.9AI score0.0062EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2022/04/27 8:15 p.m.•44 views

CVE-2022-24735

Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the potentially higher privileges of another Redis user. The Lua scri...

7.8CVSS7.2AI score0.02264EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2022/04/19 9:15 p.m.•44 views

CVE-2022-21414

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4.9CVSS6.6AI score0.01366EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/04/19 9:15 p.m.•44 views

CVE-2022-21435

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4.9CVSS6.6AI score0.0134EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/04/19 9:15 p.m.•44 views

CVE-2022-21485

Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physica...

2.9CVSS6.6AI score0.0175EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/04/19 9:15 p.m.•44 views

CVE-2022-21426

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

5.3CVSS6.8AI score0.03203EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2022/04/15 7:15 p.m.•44 views

CVE-2022-24851

LDAP Account Manager LAM is an open source web frontend for managing entries stored in an LDAP directory. The profile editor tool has an edit profile functionality, the parameters on this page are not properly sanitized and hence leads to stored XSS attacks. An authenticated user can store XSS...

8.1CVSS6.7AI score0.01086EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2022/04/05 1:15 p.m.•44 views

CVE-2022-26361

IOMMU: RMRR VT-d and unity map AMD-Vi handling issues This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Certain PCI devices in a system might be assigned Reserved Memory Regions specified via Reserved Memory Region...

7.8CVSS6.7AI score0.00344EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2022/03/30 10:15 p.m.•44 views

CVE-2022-24790

Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. Thi...

9.1CVSS6.6AI score0.0214EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2022/03/30 4:15 p.m.•44 views

CVE-2020-35501

A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem...

3.6CVSS6.7AI score0.00236EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/03/30 6:15 a.m.•44 views

CVE-2022-28202

An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete...

6.1CVSS6.3AI score0.01161EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/03/18 2:15 p.m.•44 views

CVE-2022-24771

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses...

7.5CVSS6.7AI score0.00717EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2022/03/16 4:15 p.m.•44 views

CVE-2022-24728

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content...

5.4CVSS6.7AI score0.0119EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/03/16 3:15 p.m.•44 views

CVE-2021-23165

A flaw was found in htmldoc before v1.9.12. Heap buffer overflow in pspdfprepareoutpages, in ps-pdf.cxx may lead to execute arbitrary code and denial of service...

10CVSS7.5AI score0.03291EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2022/03/11 6:15 p.m.•44 views

CVE-2021-32476

A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected...

7.5CVSS7.1AI score0.01073EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/03/09 12:0 a.m.•44 views

CVE-2022-26382

While the text displayed in Autofill tooltips cannot be directly read by JavaScript, the text was rendered using page fonts. Side-channel attacks on the text by using specially crafted fonts could have lead to this text being inferred by the webpage. This vulnerability affects Firefox 98...

4.3CVSS6.3AI score0.00493EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2022/03/06 12:0 a.m.•44 views

CVE-2022-26486

An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, Thunderbird 91.6.2, and Focus...

9.6CVSS7.1AI score0.02349EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2022/02/24 7:15 p.m.•44 views

CVE-2022-0545

An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is...

7.8CVSS7.1AI score0.01164EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2022/02/15 4:15 p.m.•44 views

CVE-2022-24585

A stored cross-site scripting XSS vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the author parameter...

5.4CVSS6AI score0.00753EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2022/02/15 2:15 p.m.•44 views

CVE-2022-24586

A stored cross-site scripting XSS vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters...

5.4CVSS6AI score0.00747EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2022/02/09 12:0 a.m.•44 views

CVE-2022-22754

If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. This vulnerability affects Firefox 97, Thunderbird 91.6, and Firefox ESR 91.6...

6.5CVSS6.8AI score0.00644EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2022/01/22 2:15 a.m.•44 views

CVE-2022-23808

An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection...

6.1CVSS6.8AI score0.07936EPSS
Exploits2References4
UbuntuCve
UbuntuCve
•added 2022/01/19 12:15 p.m.•44 views

CVE-2022-21291

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allow...

5.3CVSS6.5AI score0.02896EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2022/01/13 12:0 a.m.•44 views

CVE-2022-22743

When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to leave fullscreen mode. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

4.3CVSS6.8AI score0.00643EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2022/01/13 12:0 a.m.•44 views

CVE-2022-22751

Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory safety bugs present in Firefox 95 and Firefox ESR 91.4. Some of these bugs showed evidence of memory corruption and we presume that with...

8.8CVSS7.2AI score0.0087EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2022/01/01 1:15 a.m.•44 views

CVE-2021-45930

Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps::growAppend called from QPainterPath::addPath and QPathClipper::intersect...

5.5CVSS6.3AI score0.01343EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2021/12/17 8:15 p.m.•44 views

CVE-2021-23450

All versions of package dojo are vulnerable to Prototype Pollution via the setObject function...

9.8CVSS6.8AI score0.30367EPSS
Exploits1References8
Total number of security vulnerabilities5000