Lucene search
+L
UbuntucveMost viewed

71772 matches found

UbuntuCve
UbuntuCve
•added 2019/08/22 8:15 p.m.•115 views

CVE-2019-13139

In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs, and results in command injection into the underlying "git...

8.4CVSS7.3AI score0.02025EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2015/02/03 4:59 p.m.•115 views

CVE-2015-1381

Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service segmentation fault or memory consumption via unspecified vectors...

5CVSS7.1AI score0.02775EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2024/04/16 6:15 a.m.•114 views

CVE-2024-22262

Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is...

8.1CVSS6.7AI score0.01191EPSS
Exploits2References2
UbuntuCve
UbuntuCve
•added 2022/12/27 10:15 p.m.•114 views

CVE-2022-3064

Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory...

7.5CVSS6.7AI score0.017EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2017/05/24 12:0 a.m.•114 views

CVE-2017-7494

Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it...

10CVSS7.7AI score0.99448EPSS
Exploits24References5
UbuntuCve
UbuntuCve
•added 2023/06/14 9:15 p.m.•113 views

CVE-2023-26965

loadImage in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image...

5.5CVSS6.8AI score0.00376EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2023/05/15 3:15 p.m.•113 views

CVE-2023-31620

An issue in the dvcompare component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS7.1AI score0.00905EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2022/12/12 1:15 p.m.•113 views

CVE-2022-3509

A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes...

7.5CVSS6.7AI score0.00567EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2021/12/20 12:0 a.m.•113 views

CVE-2021-44224

A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint Server Side Request Forgery...

8.2CVSS7AI score0.82295EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2021/10/21 12:0 a.m.•113 views

CVE-2021-21703

In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the...

7.8CVSS6.9AI score0.01337EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2023/07/03 9:15 p.m.•112 views

CVE-2023-36377

Buffer Overflow vulnerability in mtrojnar osslsigncode v.2.3 and before allows a local attacker to execute arbitrary code via a crafted .exe, .sys, and .dll files...

7.8CVSS7.4AI score0.003EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2023/06/25 6:15 p.m.•112 views

CVE-2023-36632

The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed ...

7.5CVSS6.8AI score0.01584EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2023/04/18 10:15 p.m.•112 views

CVE-2023-30608

sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS Regular Expression Denial of Service. This issue was introduced by commit e75e358. The vulnerability may lead to Denial of Service DoS. This...

7.5CVSS6.7AI score0.0098EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2023/04/13 8:15 p.m.•112 views

CVE-2023-20863

In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service DoS condition...

6.5CVSS6.8AI score0.01122EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/12/21 12:0 a.m.•112 views

CVE-2022-43552

A use after free vulnerability exists in curl 7.87.0. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can and often do deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocat...

5.9CVSS6.7AI score0.02511EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2022/11/09 10:15 p.m.•112 views

CVE-2022-37966

Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability...

8.1CVSS6.9AI score0.02772EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2022/08/11 3:15 p.m.•112 views

CVE-2022-20369

In v4l2m2mquerybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid...

6.7CVSS7AI score0.00155EPSS
Exploits0References14
UbuntuCve
UbuntuCve
•added 2021/06/10 7:15 a.m.•112 views

CVE-2021-26691

In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow...

9.8CVSS7.2AI score0.68067EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2023/10/17 8:15 p.m.•111 views

CVE-2023-45803

urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body like POST to GET as is required by HT...

4.2CVSS6.6AI score0.00544EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2023/06/30 6:15 p.m.•111 views

CVE-2023-37360

pacparserfindproxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL which may be realistic within enterprise security products...

6.1CVSS6.3AI score0.00362EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2023/04/11 9:15 p.m.•111 views

CVE-2023-26552

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd...

5.6CVSS6.8AI score0.00645EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2016/09/26 3:59 p.m.•111 views

CVE-2016-7142

The msasl module in InspIRCd before 2.0.23, when used with a service that supports SASLEXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message...

5.9CVSS6.3AI score0.0108EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2016/04/15 12:0 a.m.•111 views

CVE-2016-3961

Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service guest OS crash by attempting to access a hugetlbfs mapped area...

5.5CVSS6.8AI score0.0051EPSS
Exploits0References13
UbuntuCve
UbuntuCve
•added 2024/04/17 12:0 a.m.•110 views

CVE-2024-2961

The iconv function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable...

7.3CVSS7AI score0.8833EPSS
Exploits16References4
UbuntuCve
UbuntuCve
•added 2023/10/13 12:15 p.m.•110 views

CVE-2023-39999

Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4...

4.3CVSS6.3AI score0.01045EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2023/07/13 3:15 a.m.•110 views

CVE-2023-3424

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.3 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. A Regular Expression Denial of Service was possible via sending crafted payloads to the...

7.5CVSS6.9AI score0.00905EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2021/09/15 8:15 p.m.•110 views

CVE-2016-20012

OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE...

5.3CVSS6.9AI score0.05326EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2022/01/06 11:15 p.m.•109 views

CVE-2022-21661

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WPQuery, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress...

8CVSS7AI score0.97795EPSS
Exploits14References7
UbuntuCve
UbuntuCve
•added 2021/07/07 12:15 p.m.•109 views

CVE-2021-22555

A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/xtables.c. This allows an attacker to gain privileges or cause a DoS via heap memory corruption through user name space...

8.3CVSS6.7AI score0.78684EPSS
Exploits21References6
UbuntuCve
UbuntuCve
•added 2021/05/04 1:30 p.m.•109 views

CVE-2020-28026

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification DSN. Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unauthenticated remote attackers to execute arbitrary...

9.8CVSS7.2AI score0.09251EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2020/06/01 4:15 p.m.•109 views

CVE-2020-12062

The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the...

7.5CVSS7.2AI score0.02267EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2023/07/25 9:15 p.m.•108 views

CVE-2023-38500

TYPO3 HTML Sanitizer is an HTML sanitizer, written in PHP, aiming to provide cross-site-scripting-safe markup based on explicitly allowed tags, attributes and values. Starting in version 1.0.0 and prior to versions 1.5.1 and 2.1.2, due to an encoding issue in the serialization layer, malicious...

6.1CVSS6.3AI score0.0043EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2023/01/18 12:0 a.m.•108 views

CVE-2023-22809

In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected...

7.8CVSS7.2AI score0.55367EPSS
Exploits20References4
UbuntuCve
UbuntuCve
•added 2022/06/08 1:15 p.m.•108 views

CVE-2022-1996

Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0...

9.3CVSS7.2AI score0.02737EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2023/06/01 1:15 a.m.•107 views

CVE-2023-2985

A use after free flaw was found in hfsplusputsuper in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service problem...

5.5CVSS6.7AI score0.002EPSS
Exploits0References15
UbuntuCve
UbuntuCve
•added 2021/11/02 9:15 p.m.•107 views

CVE-2021-37980

Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows...

7.4CVSS7.1AI score0.01416EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2020/04/29 9:15 p.m.•107 views

CVE-2020-11023

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0...

6.9CVSS6.8AI score0.8383EPSS
Exploits6References7
UbuntuCve
UbuntuCve
•added 2024/04/17 11:15 a.m.•106 views

CVE-2024-26847

In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: use correct function name for resetting TCE tables The PAPR spec spells the function name as "ibm,reset-pe-dma-windows" but in practice firmware uses the singular form: "ibm,reset-pe-dma-window" in the device tree...

5.1CVSS5.8AI score0.0024EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2023/08/11 12:0 a.m.•106 views

CVE-2023-40267

GitPython before 3.1.32 does not block insecure non-multi options in clone and clonefrom. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439...

9.8CVSS7.1AI score0.00984EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2023/05/15 3:15 p.m.•106 views

CVE-2023-31612

An issue in the dfeqexplist component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS7.1AI score0.00905EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2020/04/29 10:15 p.m.•106 views

CVE-2020-11022

In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0...

6.9CVSS6.8AI score0.99019EPSS
Exploits7References7
UbuntuCve
UbuntuCve
•added 2019/08/29 1:15 a.m.•106 views

CVE-2019-11248

The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for...

8.2CVSS6.8AI score0.61139EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2017/09/05 6:29 a.m.•106 views

CVE-2017-14108

libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service CPU consumption via a file that begins with many '\0' characters...

7.1CVSS6.1AI score0.02234EPSS
Exploits3References3
UbuntuCve
UbuntuCve
•added 2015/01/08 12:0 a.m.•106 views

CVE-2015-0204

The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORTRSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to...

4.3CVSS7AI score0.98685EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2024/07/17 12:0 a.m.•105 views

CVE-2024-40725

A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local...

5.3CVSS6.7AI score0.04134EPSS
Exploits3References2
UbuntuCve
UbuntuCve
•added 2023/08/08 12:0 a.m.•105 views

CVE-2023-38180

.NET and Visual Studio Denial of Service Vulnerability...

7.5CVSS7.3AI score0.15519EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2023/01/04 12:0 a.m.•105 views

CVE-2022-42856

A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this iss...

8.8CVSS7.5AI score0.08523EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/02/09 12:0 a.m.•105 views

CVE-2022-22757

Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to control it. This bug only affected Firefox when WebDriver was enabled, which is not the default configuration.. This vulnerability affect...

6.5CVSS6.8AI score0.00233EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2018/07/18 12:0 a.m.•105 views

CVE-2018-3058

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: MyISAM. Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

4.3CVSS6.7AI score0.02431EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/02/13 12:0 a.m.•104 views

CVE-2025-0927

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Filesystem bugs due to corrupt images are not considered a CVE for any filesystem that is only mountable by CAPSYSADMIN in the initial user namespace. That includes delegated mounting...

6.9AI score
Exploits1References46
Total number of security vulnerabilities5000