Lucene search
+L
UbuntucveMost viewed

71772 matches found

UbuntuCve
UbuntuCve
•added 2019/04/18 12:0 a.m.•44 views

CVE-2019-11324

The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use o...

7.5CVSS6.8AI score0.02836EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2019/04/10 3:29 p.m.•44 views

CVE-2019-0199

The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servle...

7.5CVSS6.8AI score0.72855EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2019/03/26 6:29 p.m.•44 views

CVE-2019-3851

A vulnerability was found in moodle before versions 3.6.3 and 3.5.5. There was a link to site home within the the Boost theme's secure layout, meaning students could navigate out of the page...

4.3CVSS5.7AI score0.00883EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2019/03/07 11:29 p.m.•44 views

CVE-2018-16808

An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note...

6.1CVSS6.7AI score0.0098EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2019/02/26 2:29 a.m.•44 views

CVE-2009-5155

In the GNU C Library aka glibc or libc6 before 2.28, parseregexp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service assertion failure and application exit or trigger an incorrect result by attempting a regular-expression match...

7.5CVSS6.7AI score0.03906EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2019/02/22 12:0 a.m.•44 views

CVE-2019-9021

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the...

9.8CVSS6.9AI score0.10059EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2019/02/21 12:0 a.m.•44 views

CVE-2018-20783

In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to pharparsepharfile in...

7.5CVSS7AI score0.0566EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2019/02/10 10:29 p.m.•44 views

CVE-2019-7702

A NULL pointer dereference was discovered in wasm::SExpressionWasmBuilder::parseExpression in wasm-s-parser.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as...

6.5CVSS6.6AI score0.0115EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2019/01/25 12:0 a.m.•44 views

CVE-2019-3819

A flaw was found in the Linux kernel in the function hiddebugeventsread in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user "root" can cause a system lock up and a denial of service. Versions from v4.18 and newe...

4.9CVSS6.6AI score0.00457EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2019/01/09 12:0 a.m.•44 views

CVE-2019-5747

An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components consumed by the DHCP client, server, and/or relay might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte...

7.5CVSS7.1AI score0.04651EPSS
Exploits2References2
UbuntuCve
UbuntuCve
•added 2018/12/31 7:29 p.m.•44 views

CVE-2018-6334

Multipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly before being used this can lead to unexpected behavior. This affects all supported versions of HHVM prior to the patch 3.25.1, 3.24.5, and 3.21.9 and below...

9.8CVSS7.2AI score0.01913EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2018/12/31 12:0 a.m.•44 views

CVE-2018-25012

A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24...

9.1CVSS7.3AI score0.02051EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2018/12/17 12:0 a.m.•44 views

CVE-2018-20169

An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to usbgetextradescriptor in drivers/usb/core/usb.c...

7.2CVSS6.7AI score0.00586EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2018/12/11 12:0 a.m.•44 views

CVE-2018-20060

urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect i.e., a redirect that differs in host, port, or scheme. This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext...

9.8CVSS6.8AI score0.04488EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2018/11/21 12:0 a.m.•44 views

CVE-2018-19409

An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used...

9.8CVSS7.1AI score0.07825EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2018/11/07 5:29 a.m.•44 views

CVE-2018-19052

An issue was discovered in modaliasphysicalhandler in modalias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific modalias configuration where the matched alias lacks a trailing '/' character, but the alias target...

7.5CVSS6.9AI score0.1408EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2018/10/23 5:29 p.m.•44 views

CVE-2018-18605

A heap-based buffer over-read issue was discovered in the function secmergehashlookup in merge.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.31, because bfdaddmergesection mishandles section merges when size is not a multiple of entsize. A specially...

5.5CVSS6.9AI score0.0232EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2018/09/25 5:0 p.m.•44 views

CVE-2018-14634

An integer overflow flaw was found in the Linux kernel's createelftables function. An unprivileged local user with access to SUID or otherwise privileged binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable...

7.8CVSS7.2AI score0.14806EPSS
Exploits6References6
UbuntuCve
UbuntuCve
•added 2018/09/13 7:29 p.m.•44 views

CVE-2018-17019

In Bro through 2.5.5, there is a DoS in IRC protocol names command parsing in analyzer/protocol/irc/IRC.cc...

7.5CVSS7.1AI score0.01399EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2018/09/04 12:29 a.m.•44 views

CVE-2018-16430

GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTORzipextractmethod in zipextractor.c...

8.8CVSS7.2AI score0.02646EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2018/08/27 12:0 a.m.•44 views

CVE-2018-10938

A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipsov4optptr function in net/ipv4/cipsoipv4.c leading to a denial-of-service. A certain non-default...

7.1CVSS6.7AI score0.04997EPSS
Exploits0References8
UbuntuCve
UbuntuCve
•added 2018/08/14 12:29 p.m.•44 views

CVE-2016-4975

Possible CRLF injection allowing HTTP response splitting attacks for sites which use moduserdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 Affected...

6.1CVSS6.6AI score0.19798EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2018/07/18 1:29 p.m.•44 views

CVE-2018-10871

389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently...

7.2CVSS6.7AI score0.01005EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2018/06/26 4:29 p.m.•44 views

CVE-2017-7657

In Eclipse Jetty, versions 9.2.x and older, 9.3.x all configurations, and 9.4.x non-default configuration with RFC2616 compliance enabled, transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a...

9.8CVSS7.1AI score0.16154EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2018/06/08 6:29 p.m.•44 views

CVE-2018-4204

An issue was discovered in certain Apple products. iOS before 11.4 is affected. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit"...

8.8CVSS7.5AI score0.03236EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2018/05/09 12:0 a.m.•44 views

CVE-2018-10940

The cdromioctlmediachanged function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROMMEDIACHANGED ioctl to read out kernel memory...

5.5CVSS6.8AI score0.0054EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2018/04/19 5:29 p.m.•44 views

CVE-2018-9861

Cross-site scripting XSS vulnerability in the Enhanced Image aka image2 plugin for CKEditor in versions 4.5.10 through 4.9.1; fixed in 4.9.2, as used in Drupal 8 before 8.4.7 and 8.5.x before 8.5.2 and other products, allows remote attackers to inject arbitrary web script through a crafted IMG...

6.1CVSS6.8AI score0.0178EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2018/04/18 12:29 a.m.•44 views

CVE-2018-8734

SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary SQL commands via the selInfoKey1 parameter...

9.8CVSS7.5AI score0.53247EPSS
Exploits9References4
UbuntuCve
UbuntuCve
•added 2018/04/18 12:0 a.m.•44 views

CVE-2018-2797

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JMX. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with...

5.3CVSS6.2AI score0.078EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2018/04/11 1:29 p.m.•44 views

CVE-2018-1275

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

9.8CVSS7.5AI score0.57632EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2018/04/03 12:0 a.m.•44 views

CVE-2018-8778

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format similar to format string vulnerabilities can trigger a buffer under-read in the Stringunpack method, resulting in a massive and controlled informatio...

7.5CVSS7AI score0.07825EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2018/04/01 12:0 a.m.•44 views

CVE-2018-1094

The ext4fillsuper function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service ext4xattrinodehash NULL pointer dereference and system crash via a crafted ext4 image...

7.1CVSS6.7AI score0.02128EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2018/03/16 5:29 p.m.•44 views

CVE-2014-4613

Cross-site request forgery CSRF vulnerability in the administration panel in Piwigo before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a request to ws.php...

6.5CVSS6.7AI score0.03225EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2018/01/31 12:0 a.m.•44 views

CVE-2017-16913

The "stubrecvcmdsubmit" function drivers/usb/usbip/stubrx.c in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMDSUBMIT packets allows attackers to cause a denial of service arbitrary memory allocation via a specially crafted USB over IP packet...

7.1CVSS6.8AI score0.03896EPSS
Exploits0References11
UbuntuCve
UbuntuCve
•added 2018/01/30 8:29 p.m.•44 views

CVE-2011-2902

zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-12+squeeze1 as packaged in Debian squeeze deletes temporary files insecurely, which allows remote attackers to delete arbitrary files via a crafted .pdf.gz file name...

6.4CVSS6.2AI score0.01395EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2018/01/24 12:0 a.m.•44 views

CVE-2018-1000007

libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is...

9.8CVSS6.8AI score0.08031EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2018/01/17 12:0 a.m.•44 views

CVE-2018-2677

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: AWT. Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

4.3CVSS6.8AI score0.04675EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2017/11/22 10:29 p.m.•44 views

CVE-2017-16879

Stack-based buffer overflow in the ncwriteentry function in tinfo/writeentry.c in ncurses 6.0 allows attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic...

7.8CVSS7.2AI score0.02383EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2017/10/14 11:29 p.m.•44 views

CVE-2017-12629

Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML extern...

9.8CVSS7.6AI score0.91896EPSS
Exploits11References4
UbuntuCve
UbuntuCve
•added 2017/09/18 12:29 a.m.•44 views

CVE-2017-14528

The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service use-after-free after an invalid call to TIFFSetField,...

6.5CVSS6.8AI score0.02616EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2017/09/01 12:0 a.m.•44 views

CVE-2017-14106

The tcpdisconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service tcpselectwindow divide-by-zero error and system crash by triggering a disconnect within a certain tcprecvmsg code path...

5.5CVSS6.8AI score0.00445EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2017/07/26 9:29 p.m.•44 views

CVE-2017-7659

A maliciously constructed HTTP/2 request could cause modhttp2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process...

7.5CVSS6.8AI score0.53939EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2017/07/20 12:0 a.m.•44 views

CVE-2017-10115

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JCE. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with networ...

7.5CVSS6.8AI score0.02737EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2017/06/29 11:29 p.m.•44 views

CVE-2017-10685

In ncurses 6.0, there is a format string vulnerability in the fmtentry function. A crafted input will lead to a remote arbitrary code execution attack...

9.8CVSS7.1AI score0.04257EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2017/06/21 12:0 a.m.•44 views

CVE-2017-9233

XML External Entity vulnerability in libexpat 2.2.0 and earlier Expat XML Parser Library allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD...

7.5CVSS7.1AI score0.09051EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2017/05/23 4:29 a.m.•44 views

CVE-2016-9842

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers...

8.8CVSS7AI score0.05204EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2017/05/22 12:0 a.m.•44 views

CVE-2017-9147

LibTIFF 4.0.7 has an invalid read in the TIFFVGetField function in tifdir.c, which might allow remote attackers to cause a denial of service crash via a crafted TIFF file...

6.5CVSS6.8AI score0.07EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2017/05/19 8:29 p.m.•44 views

CVE-2017-7475

Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FTLoadGlyph and FTRenderGlyph resulting in an application crash...

5.5CVSS6.4AI score0.01824EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2017/05/02 12:0 a.m.•44 views

CVE-2014-9940

The regulatorenagpiofree function in drivers/regulator/core.c in the Linux kernel before 3.19 allows local users to gain privileges or cause a denial of service use-after-free via a crafted application...

7.6CVSS6.8AI score0.01613EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2017/04/19 3:59 p.m.•44 views

CVE-2017-7963

The GNU Multiple Precision Arithmetic Library GMP interfaces for PHP through 7.1.4 allow attackers to cause a denial of service memory consumption and application crash via operations on long strings. NOTE: the vendor disputes this, stating "There is no security issue here, because GMP safely...

7.5CVSS7.1AI score0.0174EPSS
Exploits0References1
Total number of security vulnerabilities5000