Lucene search
+L
UbuntucveMost viewed

71772 matches found

UbuntuCve
UbuntuCve
•added 2022/09/26 4:15 p.m.•43 views

CVE-2022-2861

Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page...

6.5CVSS6.8AI score0.00585EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2022/09/26 4:15 p.m.•43 views

CVE-2022-3056

Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page...

6.5CVSS6.9AI score0.00876EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2022/09/23 12:0 a.m.•43 views

CVE-2021-41803

HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1.11.9, 1.12.5, and 1.13.2."...

7.1CVSS7AI score0.00846EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/09/16 10:15 p.m.•43 views

CVE-2022-40755

JasPer 3.0.6 allows denial of service via a reachable assertion in the function inttobits in libjasper/base/jasimage.c...

5.5CVSS6.8AI score0.0035EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2022/09/15 3:15 p.m.•43 views

CVE-2022-38866

Certain The MPlayer Project products are vulnerable to Buffer Overflow via readaviheader of libmpdemux/aviheader.c . This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1...

5.5CVSS6.1AI score0.00283EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/09/07 10:15 p.m.•43 views

CVE-2022-38249

Nagios XI v5.8.6 was discovered to contain a cross-site scripting XSS vulnerability via the MTR component in version 1.0.4...

6.1CVSS6.3AI score0.01781EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/09/05 7:15 a.m.•43 views

CVE-2022-39050

An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Then the stored JavaScript is executed in the context of OTRS. The same issue applies for the usage of external...

4.8CVSS5.9AI score0.00469EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/08/29 3:15 p.m.•43 views

CVE-2022-1043

A flaw was found in the Linux kernel’s iouring implementation. This flaw allows an attacker with a local account to corrupt system memory, crash the system or escalate privileges...

8.8CVSS7.1AI score0.03718EPSS
Exploits4References3
UbuntuCve
UbuntuCve
•added 2022/08/10 8:15 p.m.•43 views

CVE-2022-29804

Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack...

7.5CVSS6.9AI score0.01762EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/08/05 9:15 p.m.•43 views

CVE-2022-31614

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager vGPU plugin where it may double-free some resources. An attacker may exploit this vulnerability with other vulnerabilities to cause denial of service, code execution, and information disclosure...

7.8CVSS6.9AI score0.00262EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/08/02 4:0 p.m.•43 views

CVE-2022-31608

NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file, where a local user with basic capabilities can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data...

7.8CVSS7.1AI score0.00226EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/07/29 7:15 p.m.•43 views

CVE-2022-2414

Access to external entities when parsing XML documents can lead to XML external entity XXE attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests...

7.5CVSS7.2AI score0.85323EPSS
Exploits3References3
UbuntuCve
UbuntuCve
•added 2022/07/28 2:15 a.m.•43 views

CVE-2022-2478

Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS7.2AI score0.00761EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2022/07/27 3:15 p.m.•43 views

CVE-2022-2549

NULL Pointer Dereference in GitHub repository gpac/gpac prior to v2.1.0-DEV...

5.7CVSS6.8AI score0.00488EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2022/07/26 10:15 p.m.•43 views

CVE-2022-1483

Heap buffer overflow in WebGPU in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS7.4AI score0.0105EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2022/07/26 10:15 p.m.•43 views

CVE-2022-1492

Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to inject arbitrary scripts or HTML via a crafted HTML page...

6.1CVSS6.8AI score0.00685EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2022/07/19 9:15 p.m.•43 views

CVE-2022-31150

undici is an HTTP/1.1 client, written from scratch for Node.js. It is possible to inject CRLF sequences into request headers in undici in versions less than 5.7.1. A fix was released in version 5.8.0. Sanitizing all HTTP headers from untrusted sources to eliminate \r\n is a workaround for this...

6.5CVSS6.7AI score0.01391EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2022/07/18 9:15 p.m.•43 views

CVE-2022-34035

HTMLDoc v1.9.12 and below was discovered to contain a heap overflow via enode htmldoc/htmldoc/html.cxx:588...

7.5CVSS7.1AI score0.01509EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2022/07/12 4:0 p.m.•43 views

CVE-2022-28693

Unprotected alternative channel of return branch target prediction in some IntelR Processors may allow an authorized user to potentially enable information disclosure via local access...

4.7CVSS6.4AI score0.00171EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2022/07/05 12:0 a.m.•43 views

CVE-2022-34473

The HTML Sanitizer should have sanitized the href attribute of SVG use tags; however it incorrectly did not sanitize xlink:href attributes. This vulnerability affects Firefox 102...

6.1CVSS6.8AI score0.00364EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/07/05 12:0 a.m.•43 views

CVE-2022-2097

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...

5.3CVSS6.7AI score0.04425EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2022/07/02 8:15 p.m.•43 views

CVE-2022-34912

An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped...

6.1CVSS6.5AI score0.00992EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/06/30 4:15 p.m.•43 views

CVE-2022-2057

Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010...

6.5CVSS6.8AI score0.01224EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2022/06/18 7:15 a.m.•43 views

CVE-2014-125010

A vulnerability was found in FFmpeg 2.0. It has been rated as critical. Affected by this issue is the function decodesliceheader of the file libavcodec/h64.c. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue...

5.5CVSS5.6AI score0.00589EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/06/08 6:15 p.m.•43 views

CVE-2021-40592

GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a version v1.0.1 onwards contains loop with unreachable exit condition 'infinite loop' vulnerability in ISOBMFF reader filter, isoffinread.c. Function isoffinprocess can result in DoS by infinite loop. To exploit, the victim must...

5.5CVSS6.8AI score0.00816EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2022/06/01 12:0 a.m.•43 views

CVE-2022-31748

Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited ...

9.8CVSS7.3AI score0.00656EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/05/30 12:0 a.m.•43 views

CVE-2022-26716

A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution...

8.8CVSS7.4AI score0.00869EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/05/18 12:0 a.m.•43 views

CVE-2022-1671

A NULL pointer dereference flaw was found in rxrpcpreparses in net/rxrpc/serverkey.c in the Linux kernel. This flaw allows a local attacker to crash the system or leak internal kernel information...

7.1CVSS6.7AI score0.00304EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/05/12 8:15 p.m.•43 views

CVE-2022-22971

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user...

6.5CVSS6.9AI score0.03126EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/05/09 6:15 p.m.•43 views

CVE-2022-30524

There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. It can be triggered by for example sending a crafted pdf file to the pdftotext binary, which allows a remote attacker to cause a Denia...

7.8CVSS6.8AI score0.01599EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2022/04/28 2:15 p.m.•43 views

CVE-2021-41945

Encode OSS httpx 0.23.0 is affected by improper input validation in httpx.URL, httpx.Client and some functions using httpx.URL.copywith...

9.1CVSS7.2AI score0.02144EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2022/04/15 6:15 p.m.•43 views

CVE-2021-44482

An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of input validation in calls to doverify in srunix/doverify.c allows attackers to attempt to jump to a NULL pointer by corrupting a function pointer...

7.5CVSS7.1AI score0.01021EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2022/04/12 5:15 p.m.•43 views

CVE-2021-39801

In ionioctl of ion-ioctl.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

7.8CVSS7.3AI score0.00114EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/04/04 8:15 p.m.•43 views

CVE-2022-1190

Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a stored XSS by abusing multi-word milestone references in issue descriptions, comments, etc...

8.7CVSS7AI score0.87369EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2022/03/29 5:15 p.m.•43 views

CVE-2022-1050

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition...

8.8CVSS6.9AI score0.00374EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/03/29 3:15 p.m.•43 views

CVE-2022-1055

A use-after-free exists in the Linux Kernel in tcnewtfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5...

8.6CVSS6.7AI score0.005EPSS
Exploits1References7
UbuntuCve
UbuntuCve
•added 2022/03/17 12:15 p.m.•43 views

CVE-2022-21221

The package github.com/valyala/fasthttp before 1.34.0 are vulnerable to Directory Traversal via the ServeFile function, due to improper sanitization. It is possible to be exploited by using a backslash %5c character in the path. Note: This security issue impacts Windows users only...

7.5CVSS6.8AI score0.02457EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2022/03/14 11:15 p.m.•43 views

CVE-2021-42387

Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl loop, a 16-bit unsigned user-supplied value 'offset' is read from the compressed data. The offset is later used in the length of a copy operation, without checking the...

8.1CVSS7.3AI score0.01549EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2022/02/17 12:15 p.m.•43 views

CVE-2022-0629

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2...

8.4CVSS7.1AI score0.01806EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2022/02/15 7:15 p.m.•43 views

CVE-2022-23639

crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of i,u64 was always the same as AtomicI,U64. However, the alignment of i,u64 on a...

8.1CVSS7AI score0.01239EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2022/02/14 2:15 p.m.•43 views

CVE-2022-24686

HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 artifact download functionality has a race condition such that the Nomad client agent could download the wrong artifact into the wrong destination. Fixed in 1.0.18, 1.1.12, and 1.2.6...

5.9CVSS6.2AI score0.00863EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/02/11 11:15 p.m.•43 views

CVE-2021-4102

Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS7.4AI score0.07836EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/02/11 5:15 p.m.•43 views

CVE-2021-45387

tcpreplay 4.3.4 has a Reachable Assertion in addtreeipv4 at tree.c...

5.5CVSS6.4AI score0.00712EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2022/02/10 12:0 a.m.•43 views

CVE-2022-0555

Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions...

8.4CVSS5.8AI score0.00283EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2022/02/09 11:15 p.m.•43 views

CVE-2021-33061

Insufficient control flow management for the IntelR 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access...

5.5CVSS6.7AI score0.00283EPSS
Exploits0References16
UbuntuCve
UbuntuCve
•added 2022/02/09 11:15 p.m.•43 views

CVE-2021-33113

Improper input validation for some IntelR PROSet/Wireless WiFi in multiple operating systems and KillerTM WiFi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access...

8.1CVSS7.1AI score0.00687EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2022/01/28 4:15 p.m.•43 views

CVE-2022-23097

An issue was discovered in the DNS proxy in Connman through 1.40. forwarddnsreply mishandles a strnlen call, leading to an out-of-bounds read...

9.1CVSS7.1AI score0.02372EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2022/01/25 12:0 a.m.•43 views

CVE-2022-22637

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. A malicious website may cause unexpected cross-origin behavior...

8.8CVSS6.8AI score0.00632EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2022/01/24 1:15 a.m.•43 views

CVE-2021-39293

In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header falsely designating that many files are present can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196...

7.5CVSS6.8AI score0.06934EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2022/01/15 9:15 p.m.•43 views

CVE-2021-33827

The filesantivirus component before 1.0.0 for ownCloud allows OS Command Injection via the administration settings...

9CVSS7AI score0.02089EPSS
Exploits0References3
Total number of security vulnerabilities5000