Lucene search
+L
UbuntucveMost viewed

71772 matches found

UbuntuCve
UbuntuCve
•added 2014/05/02 2:55 p.m.•44 views

CVE-2014-3125

Xen 4.4.x, when running on an ARM system, does not properly context switch the CNTKCTLEL1 register, which allows local guest users to modify the hardware timers and cause a denial of service crash via unspecified vectors...

6.2CVSS5.9AI score0.00629EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2014/04/27 8:55 p.m.•44 views

CVE-2013-6887

OpenJPEG 1.5.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger NULL pointer dereferences, division-by-zero, and other errors...

6.4CVSS7.2AI score0.02236EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2014/04/16 12:55 a.m.•44 views

CVE-2014-0432

Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0455 and CVE-2014-2402...

9.3CVSS7.4AI score0.04392EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2014/04/15 12:0 a.m.•44 views

CVE-2014-2412

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-0451...

7.5CVSS7.1AI score0.04976EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2014/02/05 6:55 p.m.•44 views

CVE-2013-1880

Cross-site scripting XSS vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish, a different vulnerability than CVE-2012-6092...

4.3CVSS7AI score0.05895EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2014/02/05 12:0 a.m.•44 views

CVE-2012-6152

The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service application crash via crafted byte sequences...

5CVSS5.9AI score0.0379EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2014/01/26 4:58 p.m.•44 views

CVE-2013-6429

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External...

6.8CVSS7.3AI score0.90455EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2014/01/19 5:16 p.m.•44 views

CVE-2013-0244

Cross-site scripting XSS vulnerability in Drupal 6.x before 6.28 and 7.x before 7.19, when running with older versions of jQuery that are vulnerable to CVE-2011-4969, allows remote attackers to inject arbitrary web script or HTML via vectors involving unspecified Javascript functions that are use...

2.6CVSS6AI score0.02144EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2013/11/18 2:55 a.m.•44 views

CVE-2013-4204

Multiple cross-site scripting XSS vulnerabilities in the JUnit files in the GWTTestCase in Google Web Toolkit GWT before 2.5.1 RC1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.9AI score0.01057EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2013/10/01 3:48 a.m.•44 views

CVE-2013-5572

Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldapbindpassword value in the HTML source code...

3.5CVSS5.9AI score0.04111EPSS
Exploits4References2
UbuntuCve
UbuntuCve
•added 2013/07/04 9:55 p.m.•44 views

CVE-2013-2224

A certain Red Hat patch for the Linux kernel 2.6.32 on Red Hat Enterprise Linux RHEL 6 allows local users to cause a denial of service invalid free operation and system crash or possibly gain privileges via a sendmsg system call with the IPRETOPTS option, as demonstrated by hemlock.c. NOTE: this...

6.9CVSS5.9AI score0.00354EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2013/06/18 12:0 a.m.•44 views

CVE-2013-2463

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2...

10CVSS7.1AI score0.10179EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2013/04/17 6:55 p.m.•44 views

CVE-2013-1561

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality via unknown vectors related to JavaFX...

5CVSS5.9AI score0.02889EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2013/03/26 12:0 a.m.•44 views

CVE-2012-6139

libxslt before 1.1.28 allows remote attackers to cause a denial of service NULL pointer dereference and crash via an 1 empty match attribute in a XSL key to the xsltAddKey function in keys.c or 2 uninitialized variable to the xsltDocumentFunction function in functions.c...

5CVSS7.2AI score0.04286EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2013/02/01 12:0 a.m.•44 views

CVE-2013-0443

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOT...

4CVSS6.8AI score0.04259EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2013/01/31 9:55 p.m.•44 views

CVE-2012-5959

Stack-based buffer overflow in the uniqueservicename function in ssdp/ssdpserver.c in the SSDP parser in the portable SDK for UPnP Devices aka libupnp, formerly the Intel SDK for UPnP devices before 1.6.18 allows remote attackers to execute arbitrary code via a long UDN aka uuid field within a...

10CVSS6.4AI score0.75796EPSS
Exploits2References1
UbuntuCve
UbuntuCve
•added 2013/01/29 3:0 p.m.•44 views

CVE-2013-0208

The boot-from-volume feature in OpenStack Compute Nova Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the blockdevicemapping parameter...

6.5CVSS5.9AI score0.02505EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2012/11/04 12:0 a.m.•44 views

CVE-2012-5783

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle...

5.8CVSS6.9AI score0.09254EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2012/06/22 2:55 p.m.•44 views

CVE-2012-2661

The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query...

5CVSS7.2AI score0.04174EPSS
Exploits2References1
UbuntuCve
UbuntuCve
•added 2012/06/21 12:0 a.m.•44 views

CVE-2012-2127

fs/proc/root.c in the procfs implementation in the Linux kernel before 3.2 does not properly interact with CLONENEWPID clone system calls, which allows remote attackers to cause a denial of service reference leak and memory consumption by making many connections to a daemon that uses PID namespac...

5CVSS6AI score0.04309EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2012/06/05 10:55 p.m.•44 views

CVE-2012-0920

Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels...

7.1CVSS7.5AI score0.06489EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2012/01/27 7:55 p.m.•44 views

CVE-2012-0814

The authparseoptions function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorizedkeys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user accoun...

6.5CVSS6.6AI score0.03672EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2012/01/18 10:55 p.m.•44 views

CVE-2012-0495

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, and CVE-2012-0493...

4CVSS5.9AI score0.02394EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2011/10/18 1:55 a.m.•44 views

CVE-2011-4061

Multiple untrusted search path vulnerabilities in 1 db2rspgn and 2 kbbacf1 in IBM DB2 Express Edition 9.7, as used in the IBM Tivoli Monitoring for Databases: DB2 Agent, allow local users to gain privileges via a Trojan horse libkbb.so in the current working directory, related to the DTRPATH ELF...

6.9CVSS5.9AI score0.00412EPSS
Exploits2References2
UbuntuCve
UbuntuCve
•added 2011/09/21 4:55 p.m.•44 views

CVE-2011-3356

Multiple cross-site scripting XSS vulnerabilities in configdefaultsinc.php in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO, as demonstrated by the PATHINFO to 1 manageconfigemailpage.php, 2 manageconfigworkflowpage.php, or 3 bugs/plugin.php...

4.3CVSS5.9AI score0.01823EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2011/08/25 2:22 p.m.•44 views

CVE-2011-3189

The crypt function in PHP 5.3.7, when the MD5 hash type is used, returns the value of the salt argument instead of the hashed string, which might allow remote attackers to bypass authentication via an arbitrary password, a different vulnerability than CVE-2011-2483...

4.3CVSS6AI score0.04205EPSS
Exploits2References1
UbuntuCve
UbuntuCve
•added 2011/08/25 12:0 a.m.•44 views

CVE-2011-3182

PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service NULL pointer dereference and application crash or trigger a buffer overflow by leveraging the ability to provide a...

5CVSS6.2AI score0.19152EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2011/08/09 7:55 p.m.•44 views

CVE-2008-7293

Mozilla Firefox before 4 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security HSTS...

5.8CVSS7.3AI score0.01675EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2011/04/09 12:0 a.m.•44 views

CVE-2011-1163

The osfpartition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing...

2.1CVSS7AI score0.00414EPSS
Exploits2References11
UbuntuCve
UbuntuCve
•added 2011/03/18 4:55 p.m.•44 views

CVE-2010-4761

The customer-interface ticket-print dialog in Open Ticket Request System OTRS before 3.0.0-beta3 does not properly restrict customer-visible data, which allows remote authenticated users to obtain potentially sensitive information from the 1 responsible, 2 owner, 3 accounted time, 4 pending until...

4CVSS5.9AI score0.01289EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2011/03/18 4:55 p.m.•44 views

CVE-2009-5057

The S/MIME feature in Open Ticket Request System OTRS before 2.3.4 does not configure the RANDFILE and HOME environment variables for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations,...

5CVSS5.9AI score0.01645EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2011/02/02 12:0 a.m.•44 views

CVE-2011-0521

The dvbcaioctl function in drivers/media/dvb/ttpci/av7110ca.c in the Linux kernel before 2.6.38-rc2 does not check the sign of a certain integer field, which allows local users to cause a denial of service memory corruption or possibly have unspecified other impact via a negative value...

7.2CVSS6.3AI score0.00404EPSS
Exploits1References10
UbuntuCve
UbuntuCve
•added 2010/11/05 5:0 p.m.•44 views

CVE-2010-4183

Multiple cross-site scripting XSS vulnerabilities in HTML Purifier before 4.1.0, when Internet Explorer is used, allow remote attackers to inject arbitrary web script or HTML via a crafted 1 background-image, 2 background, or 3 font-family Cascading Style Sheets CSS property, a different...

4.3CVSS5.9AI score0.00902EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2010/10/19 12:0 a.m.•44 views

CVE-2010-3569

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.227 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from...

10CVSS6.1AI score0.07099EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2010/09/21 12:0 a.m.•44 views

CVE-2010-3080

Double free vulnerability in the sndseqossopen function in sound/core/seq/oss/seqossinit.c in the Linux kernel before 2.6.36-rc4 might allow local users to cause a denial of service or possibly have unspecified other impact via an unsuccessful attempt to open the /dev/sequencer device...

7.2CVSS5.9AI score0.00416EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2010/08/19 12:0 a.m.•44 views

CVE-2010-2239

Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images without setting the user-defined backing-store format, which allows guest OS users to read arbitrary files on the host OS via unspecified vectors...

4.4CVSS7.3AI score0.00325EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2010/05/21 12:0 a.m.•44 views

CVE-2010-1848

Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. dot dot in a table name...

6.5CVSS6AI score0.03119EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2010/04/05 12:0 a.m.•44 views

CVE-2010-0173

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code vi...

9.3CVSS7.3AI score0.04562EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2010/04/05 12:0 a.m.•44 views

CVE-2010-0179

Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute...

5.1CVSS7.2AI score0.03275EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2010/04/01 12:0 a.m.•44 views

CVE-2010-0091

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0084...

4.3CVSS5.9AI score0.02783EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2010/03/05 7:30 p.m.•44 views

CVE-2010-0928

OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation FWE algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to...

4CVSS7.2AI score0.00515EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2010/01/13 8:30 p.m.•44 views

CVE-2009-4609

The Dump Servlet in Mort Bay Jetty 6.x and 7.0.0 allows remote attackers to obtain sensitive information about internal variables and other data via a request to a URI ending in /dump/, as demonstrated by discovering the value of the getPathTranslated variable...

5CVSS6.7AI score0.0179EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2010/01/07 6:30 p.m.•44 views

CVE-2009-4590

Cross-site scripting XSS vulnerability in baselocalrules.php in Basic Analysis and Security Engine BASE before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.01089EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2009/12/12 12:0 a.m.•44 views

CVE-2009-4308

The ext4decodeerror function in fs/ext4/super.c in the ext4 filesystem in the Linux kernel before 2.6.32 allows user-assisted remote attackers to cause a denial of service NULL pointer dereference, and possibly have unspecified other impact, via a crafted read-only filesystem that lacks a journal...

7.1CVSS5.9AI score0.03471EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2009/12/01 12:0 a.m.•44 views

CVE-2009-4128

GNU GRand Unified Bootloader GRUB 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate attackers to conduct brute force attacks and bypass authentication by submitting a password whose length is 1...

7.2CVSS5.9AI score0.00571EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2009/09/18 10:30 a.m.•44 views

CVE-2009-3242

Unspecified vulnerability in packet.c in the GSM A RR dissector in Wireshark 1.2.0 and 1.2.1 allows remote attackers to cause a denial of service application crash via unknown vectors related to "an uninitialized dissector handle," which triggers an assertion failure...

5CVSS7.1AI score0.07778EPSS
Exploits2References2
UbuntuCve
UbuntuCve
•added 2009/06/01 2:30 p.m.•44 views

CVE-2009-1844

Multiple cross-site scripting XSS vulnerabilities in Drupal 5.x before 5.18 and 6.x before 6.12 allow 1 remote authenticated users to inject arbitrary web script or HTML via crafted UTF-8 byte sequences that are treated as UTF-7 by Internet Explorer 6 and 7, which are not properly handled in the...

3.5CVSS5.9AI score0.00856EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2009/04/24 3:30 p.m.•44 views

CVE-2009-0164

The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attackers to conduct DNS rebinding attacks...

6.4CVSS7.2AI score0.02907EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2009/04/24 3:30 p.m.•44 views

CVE-2009-1192

The 1 agpgenericallocpage and 2 agpgenericallocpages functions in drivers/char/agp/generic.c in the agp subsystem in the Linux kernel before 2.6.30-rc3 do not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by reading...

4.9CVSS6.3AI score0.00392EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2009/03/23 2:19 p.m.•44 views

CVE-2009-0733

Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS aka lcms or liblcms before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for th...

9.3CVSS6.2AI score0.05534EPSS
Exploits2References2
Total number of security vulnerabilities5000