Lucene search
+L
UbuntucveMost viewed

71772 matches found

UbuntuCve
UbuntuCve
•added 2022/11/01 8:15 p.m.•43 views

CVE-2022-42799

The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface spoofing...

6.1CVSS6.9AI score0.01192EPSS
Exploits0References8
UbuntuCve
UbuntuCve
•added 2022/11/01 5:15 p.m.•43 views

CVE-2022-39369

phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service CAS server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a...

8CVSS6.6AI score0.01064EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2022/11/01 1:15 p.m.•43 views

CVE-2022-42316

Xenstore: guests can let run xenstored out of memory This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service...

6.5CVSS6.7AI score0.00245EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2022/10/31 12:0 a.m.•43 views

CVE-2022-3707

A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intelgvtdmamapguestpage function. This issue could allow a local user to crash the system...

5.5CVSS6.7AI score0.00224EPSS
Exploits0References17
UbuntuCve
UbuntuCve
•added 2022/10/27 12:0 a.m.•43 views

CVE-2022-42929

If a website called window.print in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings. This vulnerability affects Firefox 106, Firefox ESR 102.4, and Thunderbird 102.4...

6.5CVSS6.8AI score0.0073EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2022/10/21 10:15 a.m.•43 views

CVE-2021-42553

A buffer overflow vulnerability in stm32mwusbhost of STMicroelectronics in versions before 3.5.1 allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBHMAXNUMENDPOINTS. The library is typically integrated when using a RTOS such as FreeRTOS on STM32 MCUs...

9.8CVSS7.6AI score0.00959EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/10/11 8:15 p.m.•43 views

CVE-2022-20423

In rndissetresponse of rndis.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious USB device is attached with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

4.6CVSS6AI score0.00231EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/10/10 12:0 a.m.•43 views

CVE-2022-3424

A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first grufileunlockedioctl function is called by the user, where a fail pass occurs in the grucheckchipletassignment function. This flaw allows a local user to crash or potentially escalate their privileges on the...

7.8CVSS6.7AI score0.00238EPSS
Exploits0References22
UbuntuCve
UbuntuCve
•added 2022/09/30 5:15 p.m.•43 views

CVE-2022-40314

A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified...

9.8CVSS7AI score0.0159EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2022/09/29 1:15 p.m.•43 views

CVE-2022-39250

Matrix JavaScript SDK is the Matrix Client-Server software development kit SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one o...

8.6CVSS6.9AI score0.00942EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2022/09/28 10:15 p.m.•43 views

CVE-2022-39264

nheko is a desktop client for the Matrix communication application. All versions below 0.10.2 are vulnerable homeservers inserting malicious secrets, which could lead to man-in-the-middle attacks. Users can upgrade to version 0.10.2 to protect against this issue. As a workaround, one may apply th...

8.6CVSS6.8AI score0.00641EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2022/09/26 4:15 p.m.•43 views

CVE-2022-3071

Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction...

8.8CVSS7.3AI score0.0044EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2022/09/26 4:15 p.m.•43 views

CVE-2022-2861

Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page...

6.5CVSS6.8AI score0.00585EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2022/09/26 4:15 p.m.•43 views

CVE-2022-3056

Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page...

6.5CVSS6.9AI score0.00876EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2022/09/23 12:0 a.m.•43 views

CVE-2021-41803

HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1.11.9, 1.12.5, and 1.13.2."...

7.1CVSS7AI score0.00846EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/09/16 10:15 p.m.•43 views

CVE-2022-40755

JasPer 3.0.6 allows denial of service via a reachable assertion in the function inttobits in libjasper/base/jasimage.c...

5.5CVSS6.8AI score0.0035EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2022/09/15 3:15 p.m.•43 views

CVE-2022-38866

Certain The MPlayer Project products are vulnerable to Buffer Overflow via readaviheader of libmpdemux/aviheader.c . This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1...

5.5CVSS6.1AI score0.00283EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/09/07 10:15 p.m.•43 views

CVE-2022-38249

Nagios XI v5.8.6 was discovered to contain a cross-site scripting XSS vulnerability via the MTR component in version 1.0.4...

6.1CVSS6.3AI score0.01781EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/09/05 10:15 a.m.•43 views

CVE-2022-38751

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow...

6.5CVSS6.8AI score0.01507EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2022/09/05 7:15 a.m.•43 views

CVE-2022-39050

An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Then the stored JavaScript is executed in the context of OTRS. The same issue applies for the usage of external...

4.8CVSS5.9AI score0.00469EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/08/29 3:15 p.m.•43 views

CVE-2022-1043

A flaw was found in the Linux kernel’s iouring implementation. This flaw allows an attacker with a local account to corrupt system memory, crash the system or escalate privileges...

8.8CVSS7.1AI score0.03718EPSS
Exploits4References3
UbuntuCve
UbuntuCve
•added 2022/08/17 11:19 a.m.•43 views

CVE-2022-2868

libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop...

5.5CVSS6.8AI score0.003EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2022/08/15 8:15 p.m.•43 views

CVE-2021-33236

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-34033. Reason: This candidate is a duplicate of CVE-2022-34033. Notes: All CVE users should reference CVE-2022-34033 instead of this candidate...

6.1AI score
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/08/12 8:15 p.m.•43 views

CVE-2022-2623

Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions...

8.8CVSS7.3AI score0.00604EPSS
Exploits2References1
UbuntuCve
UbuntuCve
•added 2022/08/10 8:15 p.m.•43 views

CVE-2022-29804

Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack...

7.5CVSS6.9AI score0.01762EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/08/05 9:15 p.m.•43 views

CVE-2022-31614

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager vGPU plugin where it may double-free some resources. An attacker may exploit this vulnerability with other vulnerabilities to cause denial of service, code execution, and information disclosure...

7.8CVSS6.9AI score0.00262EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/08/05 4:15 p.m.•43 views

CVE-2022-2326

An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible to gain access to a private project through an email invite by using other user's email address as an...

8.1CVSS6.9AI score0.00705EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2022/08/02 4:0 p.m.•43 views

CVE-2022-31608

NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file, where a local user with basic capabilities can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data...

7.8CVSS7.1AI score0.00226EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/07/29 7:15 p.m.•43 views

CVE-2022-2414

Access to external entities when parsing XML documents can lead to XML external entity XXE attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests...

7.5CVSS7.2AI score0.85323EPSS
Exploits3References3
UbuntuCve
UbuntuCve
•added 2022/07/28 2:15 a.m.•43 views

CVE-2022-2478

Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS7.2AI score0.00761EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2022/07/27 3:15 p.m.•43 views

CVE-2022-2549

NULL Pointer Dereference in GitHub repository gpac/gpac prior to v2.1.0-DEV...

5.7CVSS6.8AI score0.00488EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2022/07/26 10:15 p.m.•43 views

CVE-2022-1483

Heap buffer overflow in WebGPU in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS7.4AI score0.0105EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2022/07/26 10:15 p.m.•43 views

CVE-2022-1492

Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to inject arbitrary scripts or HTML via a crafted HTML page...

6.1CVSS6.8AI score0.00685EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2022/07/23 12:15 a.m.•43 views

CVE-2022-1141

Use after free in File Manager in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific user gesture...

8.8CVSS7AI score0.00701EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2022/07/22 2:1 p.m.•43 views

CVE-2022-2255

A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...

7.5CVSS7AI score0.0069EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2022/07/19 9:15 p.m.•43 views

CVE-2022-31150

undici is an HTTP/1.1 client, written from scratch for Node.js. It is possible to inject CRLF sequences into request headers in undici in versions less than 5.7.1. A fix was released in version 5.8.0. Sanitizing all HTTP headers from untrusted sources to eliminate \r\n is a workaround for this...

6.5CVSS6.7AI score0.01391EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2022/07/18 9:15 p.m.•43 views

CVE-2022-34035

HTMLDoc v1.9.12 and below was discovered to contain a heap overflow via enode htmldoc/htmldoc/html.cxx:588...

7.5CVSS7.1AI score0.01509EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2022/07/05 12:0 a.m.•43 views

CVE-2022-34473

The HTML Sanitizer should have sanitized the href attribute of SVG use tags; however it incorrectly did not sanitize xlink:href attributes. This vulnerability affects Firefox 102...

6.1CVSS6.8AI score0.00364EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/07/02 8:15 p.m.•43 views

CVE-2022-34912

An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped...

6.1CVSS6.5AI score0.00992EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/06/30 4:15 p.m.•43 views

CVE-2022-2057

Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010...

6.5CVSS6.8AI score0.01206EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2022/06/18 7:15 a.m.•43 views

CVE-2014-125010

A vulnerability was found in FFmpeg 2.0. It has been rated as critical. Affected by this issue is the function decodesliceheader of the file libavcodec/h64.c. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue...

5.5CVSS5.6AI score0.00589EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/06/08 6:15 p.m.•43 views

CVE-2021-40592

GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a version v1.0.1 onwards contains loop with unreachable exit condition 'infinite loop' vulnerability in ISOBMFF reader filter, isoffinread.c. Function isoffinprocess can result in DoS by infinite loop. To exploit, the victim must...

5.5CVSS6.8AI score0.00816EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2022/05/30 12:0 a.m.•43 views

CVE-2022-26716

A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution...

8.8CVSS7.4AI score0.00869EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/05/27 3:15 p.m.•43 views

CVE-2022-1897

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2...

7.8CVSS7.1AI score0.01474EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2022/05/18 12:0 a.m.•43 views

CVE-2022-1671

A NULL pointer dereference flaw was found in rxrpcpreparses in net/rxrpc/serverkey.c in the Linux kernel. This flaw allows a local attacker to crash the system or leak internal kernel information...

7.1CVSS6.7AI score0.00304EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/05/09 6:15 p.m.•43 views

CVE-2022-30524

There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. It can be triggered by for example sending a crafted pdf file to the pdftotext binary, which allows a remote attacker to cause a Denia...

7.8CVSS6.8AI score0.01599EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2022/04/29 4:15 p.m.•43 views

CVE-2022-1195

A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service DOS when the mkiss or sixpack device is detached and reclaim resources early...

5.5CVSS6.7AI score0.00229EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2022/04/28 2:15 p.m.•43 views

CVE-2021-41945

Encode OSS httpx 0.23.0 is affected by improper input validation in httpx.URL, httpx.Client and some functions using httpx.URL.copywith...

9.1CVSS7.2AI score0.02144EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2022/04/15 6:15 p.m.•43 views

CVE-2021-44482

An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of input validation in calls to doverify in srunix/doverify.c allows attackers to attempt to jump to a NULL pointer by corrupting a function pointer...

7.5CVSS7.1AI score0.01021EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2022/04/12 5:15 p.m.•43 views

CVE-2021-39801

In ionioctl of ion-ioctl.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

7.8CVSS7.3AI score0.00114EPSS
Exploits0References2
Total number of security vulnerabilities5000