Lucene search
+L
UbuntucveMost viewed

68528 matches found

ubuntucve
ubuntucve
•added 2014/02/05 12:0 a.m.•44 views

CVE-2012-6152

The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service application crash via crafted byte sequences...

5CVSS5.9AI score0.0379EPSS
Exploits0References3
ubuntucve
ubuntucve
•added 2014/01/26 4:58 p.m.•44 views

CVE-2013-6429

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External...

6.8CVSS7.3AI score0.90455EPSS
Exploits0References3
ubuntucve
ubuntucve
•added 2014/01/19 5:16 p.m.•44 views

CVE-2013-0244

Cross-site scripting XSS vulnerability in Drupal 6.x before 6.28 and 7.x before 7.19, when running with older versions of jQuery that are vulnerable to CVE-2011-4969, allows remote attackers to inject arbitrary web script or HTML via vectors involving unspecified Javascript functions that are use...

2.6CVSS6AI score0.02144EPSS
Exploits0References3
ubuntucve
ubuntucve
•added 2013/12/07 12:55 a.m.•44 views

CVE-2013-6415

Cross-site scripting XSS vulnerability in the numbertocurrency helper in actionpack/lib/actionview/helpers/numberhelper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter...

4.3CVSS6AI score0.03171EPSS
Exploits0References2
ubuntucve
ubuntucve
•added 2013/11/18 2:55 a.m.•44 views

CVE-2013-4204

Multiple cross-site scripting XSS vulnerabilities in the JUnit files in the GWTTestCase in Google Web Toolkit GWT before 2.5.1 RC1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.9AI score0.01057EPSS
Exploits0References2
ubuntucve
ubuntucve
•added 2013/10/01 3:48 a.m.•44 views

CVE-2013-5572

Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldapbindpassword value in the HTML source code...

3.5CVSS5.9AI score0.04111EPSS
Exploits4References2
ubuntucve
ubuntucve
•added 2013/07/04 9:55 p.m.•44 views

CVE-2013-2224

A certain Red Hat patch for the Linux kernel 2.6.32 on Red Hat Enterprise Linux RHEL 6 allows local users to cause a denial of service invalid free operation and system crash or possibly gain privileges via a sendmsg system call with the IPRETOPTS option, as demonstrated by hemlock.c. NOTE: this...

6.9CVSS5.9AI score0.00354EPSS
Exploits0References4
ubuntucve
ubuntucve
•added 2013/06/25 12:0 a.m.•44 views

CVE-2013-1697

The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with...

9.3CVSS7.4AI score0.03166EPSS
Exploits0References4
ubuntucve
ubuntucve
•added 2013/06/18 12:0 a.m.•44 views

CVE-2013-2463

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2...

10CVSS7.1AI score0.10179EPSS
Exploits0References6
ubuntucve
ubuntucve
•added 2013/04/17 6:55 p.m.•44 views

CVE-2013-1561

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality via unknown vectors related to JavaFX...

5CVSS5.9AI score0.02889EPSS
Exploits0References2
ubuntucve
ubuntucve
•added 2013/04/17 12:0 a.m.•44 views

CVE-2013-2420

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate...

10CVSS6.8AI score0.06917EPSS
Exploits0References4
ubuntucve
ubuntucve
•added 2013/04/17 12:0 a.m.•44 views

CVE-2013-2429

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate...

7.6CVSS6.8AI score0.05724EPSS
Exploits0References4
ubuntucve
ubuntucve
•added 2013/03/26 12:0 a.m.•44 views

CVE-2012-6139

libxslt before 1.1.28 allows remote attackers to cause a denial of service NULL pointer dereference and crash via an 1 empty match attribute in a XSL key to the xsltAddKey function in keys.c or 2 uninitialized variable to the xsltDocumentFunction function in functions.c...

5CVSS7.2AI score0.04286EPSS
Exploits1References3
ubuntucve
ubuntucve
•added 2013/02/20 12:0 a.m.•44 views

CVE-2013-1485

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries...

5CVSS7.2AI score0.0395EPSS
Exploits0References3
ubuntucve
ubuntucve
•added 2013/02/01 12:0 a.m.•44 views

CVE-2013-0443

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOT...

4CVSS6.8AI score0.04259EPSS
Exploits0References5
ubuntucve
ubuntucve
•added 2013/01/31 9:55 p.m.•44 views

CVE-2012-5959

Stack-based buffer overflow in the uniqueservicename function in ssdp/ssdpserver.c in the SSDP parser in the portable SDK for UPnP Devices aka libupnp, formerly the Intel SDK for UPnP devices before 1.6.18 allows remote attackers to execute arbitrary code via a long UDN aka uuid field within a...

10CVSS6.4AI score0.75796EPSS
Exploits2References1
ubuntucve
ubuntucve
•added 2013/01/29 3:0 p.m.•44 views

CVE-2013-0208

The boot-from-volume feature in OpenStack Compute Nova Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the blockdevicemapping parameter...

6.5CVSS5.9AI score0.02505EPSS
Exploits0References2
ubuntucve
ubuntucve
•added 2012/11/04 12:0 a.m.•44 views

CVE-2012-5783

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle...

5.8CVSS6.9AI score0.09254EPSS
Exploits0References3
ubuntucve
ubuntucve
•added 2012/06/22 2:55 p.m.•44 views

CVE-2012-2661

The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query...

5CVSS7.2AI score0.04174EPSS
Exploits2References1
ubuntucve
ubuntucve
•added 2012/06/22 2:55 p.m.•44 views

CVE-2012-2660

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...

6.4CVSS7AI score0.046EPSS
Exploits1References2
ubuntucve
ubuntucve
•added 2012/06/16 9:55 p.m.•44 views

CVE-2011-1473

OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service CPU consumption by performing many renegotiations within a single connection, a...

5CVSS6.9AI score0.66422EPSS
Exploits1References6
ubuntucve
ubuntucve
•added 2012/06/05 10:55 p.m.•44 views

CVE-2012-0920

Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels...

7.1CVSS7.5AI score0.06489EPSS
Exploits0References1
ubuntucve
ubuntucve
•added 2012/02/09 12:0 a.m.•44 views

CVE-2011-4086

The journalunmapbuffer function in fs/jbd2/transaction.c in the Linux kernel before 3.3.1 does not properly handle the Delay and Unwritten buffer head states, which allows local users to cause a denial of service system crash by leveraging the presence of an ext4 filesystem that was mounted with ...

4.9CVSS5.9AI score0.00391EPSS
Exploits0References12
ubuntucve
ubuntucve
•added 2012/01/27 7:55 p.m.•44 views

CVE-2012-0814

The authparseoptions function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorizedkeys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user accoun...

6.5CVSS6.6AI score0.03672EPSS
Exploits0References1
ubuntucve
ubuntucve
•added 2012/01/18 10:55 p.m.•44 views

CVE-2012-0495

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, and CVE-2012-0493...

4CVSS5.9AI score0.02394EPSS
Exploits0References3
ubuntucve
ubuntucve
•added 2011/12/29 12:0 a.m.•44 views

CVE-2011-4885

PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters...

5CVSS7.2AI score0.83911EPSS
Exploits15References5
ubuntucve
ubuntucve
•added 2011/10/18 1:55 a.m.•44 views

CVE-2011-4061

Multiple untrusted search path vulnerabilities in 1 db2rspgn and 2 kbbacf1 in IBM DB2 Express Edition 9.7, as used in the IBM Tivoli Monitoring for Databases: DB2 Agent, allow local users to gain privileges via a Trojan horse libkbb.so in the current working directory, related to the DTRPATH ELF...

6.9CVSS5.9AI score0.00412EPSS
Exploits2References2
ubuntucve
ubuntucve
•added 2011/09/21 4:55 p.m.•44 views

CVE-2011-3356

Multiple cross-site scripting XSS vulnerabilities in configdefaultsinc.php in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO, as demonstrated by the PATHINFO to 1 manageconfigemailpage.php, 2 manageconfigworkflowpage.php, or 3 bugs/plugin.php...

4.3CVSS5.9AI score0.01823EPSS
Exploits1References4
ubuntucve
ubuntucve
•added 2011/08/25 2:22 p.m.•44 views

CVE-2011-3189

The crypt function in PHP 5.3.7, when the MD5 hash type is used, returns the value of the salt argument instead of the hashed string, which might allow remote attackers to bypass authentication via an arbitrary password, a different vulnerability than CVE-2011-2483...

4.3CVSS6AI score0.04205EPSS
Exploits2References1
ubuntucve
ubuntucve
•added 2011/08/25 12:0 a.m.•44 views

CVE-2011-3182

PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service NULL pointer dereference and application crash or trigger a buffer overflow by leveraging the ability to provide a...

5CVSS6.2AI score0.19152EPSS
Exploits1References2
ubuntucve
ubuntucve
•added 2011/08/09 7:55 p.m.•44 views

CVE-2008-7293

Mozilla Firefox before 4 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security HSTS...

5.8CVSS7.3AI score0.01675EPSS
Exploits0References4
ubuntucve
ubuntucve
•added 2011/06/14 12:0 a.m.•44 views

CVE-2011-0862

Multiple unspecified vulnerabilities in the Java Runtime Environment JRE component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.231 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D...

10CVSS7.2AI score0.06277EPSS
Exploits0References2
ubuntucve
ubuntucve
•added 2011/05/23 10:55 p.m.•44 views

CVE-2011-1575

The STARTTLS implementation in ftpparser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext...

5.8CVSS5.9AI score0.33341EPSS
Exploits0References1
ubuntucve
ubuntucve
•added 2011/05/03 12:0 a.m.•44 views

CVE-2011-1495

drivers/scsi/mpt2sas/mpt2sasctl.c in the Linux kernel 2.6.38 and earlier does not validate 1 length and 2 offset values before performing memory copy operations, which might allow local users to gain privileges, cause a denial of service memory corruption, or obtain sensitive information from...

7.2CVSS6.3AI score0.00367EPSS
Exploits1References13
ubuntucve
ubuntucve
•added 2011/04/09 12:0 a.m.•44 views

CVE-2011-1163

The osfpartition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing...

2.1CVSS7AI score0.00414EPSS
Exploits2References11
ubuntucve
ubuntucve
•added 2011/03/18 4:55 p.m.•44 views

CVE-2009-5057

The S/MIME feature in Open Ticket Request System OTRS before 2.3.4 does not configure the RANDFILE and HOME environment variables for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations,...

5CVSS5.9AI score0.01645EPSS
Exploits0References1
ubuntucve
ubuntucve
•added 2011/03/18 4:55 p.m.•44 views

CVE-2010-4761

The customer-interface ticket-print dialog in Open Ticket Request System OTRS before 3.0.0-beta3 does not properly restrict customer-visible data, which allows remote authenticated users to obtain potentially sensitive information from the 1 responsible, 2 owner, 3 accounted time, 4 pending until...

4CVSS5.9AI score0.01289EPSS
Exploits0References1
ubuntucve
ubuntucve
•added 2011/03/02 12:0 a.m.•44 views

CVE-2011-0051

Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges...

6.8CVSS7.2AI score0.01823EPSS
Exploits1References3
ubuntucve
ubuntucve
•added 2011/02/17 12:0 a.m.•44 views

CVE-2010-4448

Unspecified vulnerability in the Java Runtime Environment JRE in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.229 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors...

2.6CVSS7.2AI score0.02407EPSS
Exploits0References5
ubuntucve
ubuntucve
•added 2011/02/02 12:0 a.m.•44 views

CVE-2011-0521

The dvbcaioctl function in drivers/media/dvb/ttpci/av7110ca.c in the Linux kernel before 2.6.38-rc2 does not check the sign of a certain integer field, which allows local users to cause a denial of service memory corruption or possibly have unspecified other impact via a negative value...

7.2CVSS6.3AI score0.00404EPSS
Exploits1References10
ubuntucve
ubuntucve
•added 2011/01/03 12:0 a.m.•44 views

CVE-2010-4668

The blkrqmapuseriov function in block/blk-map.c in the Linux kernel before 2.6.37-rc7 allows local users to cause a denial of service panic via a zero-length I/O request in a device ioctl to a SCSI device, related to an unaligned map. NOTE: this vulnerability exists because of an incomplete fix f...

4.7CVSS5.9AI score0.00405EPSS
Exploits1References9
ubuntucve
ubuntucve
•added 2010/11/29 12:0 a.m.•44 views

CVE-2010-4073

The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initialize certain structures, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the 1 compatsyssemctl, 2 compatsysmsgctl, and 3 compatsysshmctl functions in...

1.9CVSS6.3AI score0.01542EPSS
Exploits8References10
ubuntucve
ubuntucve
•added 2010/11/05 5:0 p.m.•44 views

CVE-2010-4183

Multiple cross-site scripting XSS vulnerabilities in HTML Purifier before 4.1.0, when Internet Explorer is used, allow remote attackers to inject arbitrary web script or HTML via a crafted 1 background-image, 2 background, or 3 font-family Cascading Style Sheets CSS property, a different...

4.3CVSS5.9AI score0.00902EPSS
Exploits0References1
ubuntucve
ubuntucve
•added 2010/10/20 12:0 a.m.•44 views

CVE-2010-3170

Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL serve...

4.3CVSS7.2AI score0.01096EPSS
Exploits0References2
ubuntucve
ubuntucve
•added 2010/10/19 12:0 a.m.•44 views

CVE-2010-3569

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.227 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from...

10CVSS6.1AI score0.07099EPSS
Exploits0References2
ubuntucve
ubuntucve
•added 2010/09/21 12:0 a.m.•44 views

CVE-2010-3080

Double free vulnerability in the sndseqossopen function in sound/core/seq/oss/seqossinit.c in the Linux kernel before 2.6.36-rc4 might allow local users to cause a denial of service or possibly have unspecified other impact via an unsuccessful attempt to open the /dev/sequencer device...

7.2CVSS5.9AI score0.00416EPSS
Exploits0References7
ubuntucve
ubuntucve
•added 2010/08/19 12:0 a.m.•44 views

CVE-2010-2239

Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images without setting the user-defined backing-store format, which allows guest OS users to read arbitrary files on the host OS via unspecified vectors...

4.4CVSS7.3AI score0.00325EPSS
Exploits0References2
ubuntucve
ubuntucve
•added 2010/05/21 12:0 a.m.•44 views

CVE-2010-1848

Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. dot dot in a table name...

6.5CVSS6AI score0.03119EPSS
Exploits1References4
ubuntucve
ubuntucve
•added 2010/04/05 12:0 a.m.•44 views

CVE-2010-0173

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code vi...

9.3CVSS7.3AI score0.04562EPSS
Exploits0References2
ubuntucve
ubuntucve
•added 2010/04/05 12:0 a.m.•44 views

CVE-2010-0179

Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute...

5.1CVSS7.2AI score0.03275EPSS
Exploits0References3
Total number of security vulnerabilities5000