Lucene search
+L
UbuntucveMost viewed

71772 matches found

UbuntuCve
UbuntuCve
added 2020/03/24 9:15 p.m.43 views

CVE-2020-6079

An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker...

7.5CVSS7.1AI score0.03011EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2020/03/12 7:15 p.m.43 views

CVE-2020-10531

An issue was discovered in International Components for Unicode ICU for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend function in common/unistr.cpp...

8.8CVSS6.9AI score0.02669EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2020/03/11 12:0 a.m.43 views

CVE-2020-6805

When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 68.6, Firefox 74, Firefox ESR68.6, and Firefox ESR 68.6...

8.8CVSS7.2AI score0.0125EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2020/02/27 9:15 p.m.43 views

CVE-2020-7061

In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash...

9.1CVSS7.1AI score0.04075EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2020/01/28 12:0 a.m.43 views

CVE-2019-8844

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may le...

9.3CVSS7AI score0.02091EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2020/01/24 7:15 p.m.43 views

CVE-2014-4172

A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the 1 service...

9.8CVSS7.2AI score0.06057EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2020/01/21 11:15 p.m.43 views

CVE-2020-7595

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation...

7.5CVSS6.8AI score0.07627EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2020/01/13 9:15 p.m.43 views

CVE-2019-20143

An issue was discovered in GitLab Community Edition CE and Enterprise Edition EE 12.6. It has Incorrect Access Control...

5.3CVSS6.1AI score0.0088EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2019/12/27 8:15 a.m.43 views

CVE-2019-20042

In wp-includes/formatting.php in WordPress 3.7 to 5.3.0, the function wptargetedlinkrel can be used in a particular way to result in a stored cross-site scripting XSS vulnerability. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a mino...

6.1CVSS6.6AI score0.02762EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2019/12/17 6:15 a.m.43 views

CVE-2019-19814

In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause removedirtysegment slab-out-of-bounds write access because an array is bounded by the number of dirty types 8 but the array index can exceed this...

9.3CVSS7.1AI score0.03297EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2019/12/04 12:0 a.m.43 views

CVE-2019-17010

Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, and Firefox 71...

7.5CVSS7.1AI score0.01566EPSS
Exploits1References8
UbuntuCve
UbuntuCve
added 2019/12/03 4:15 p.m.43 views

CVE-2019-19523

In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79...

4.9CVSS6.7AI score0.00409EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2019/11/29 12:0 a.m.43 views

CVE-2019-17007

In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service...

7.5CVSS6.8AI score0.01399EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2019/11/25 10:15 p.m.43 views

CVE-2011-3351

openvas-scanner before 2011-09-11 creates a temporary file insecurely when generating OVAL system characteristics document with the ovaldi integrated tool enabled. A local attacker could use this flaw to conduct symlink attacks to overwrite arbitrary files on the system...

7.1CVSS7.1AI score0.00398EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2019/11/21 11:15 p.m.43 views

CVE-2014-2902

wolfssl before 3.2.0 does not properly authorize CA certificate for signing other certificates...

7.5CVSS7.1AI score0.00812EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2019/11/19 6:15 p.m.43 views

CVE-2019-18934

Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with --enable-ipsecmod support, and ipsecmod is enabled and used in the configuration...

7.3CVSS7.2AI score0.03212EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2019/11/19 5:15 p.m.43 views

CVE-2012-6135

RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process...

7.5CVSS7.1AI score0.02308EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2019/11/12 9:15 p.m.43 views

CVE-2010-3299

The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks...

6.5CVSS6.9AI score0.01141EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2019/11/08 12:0 a.m.43 views

CVE-2019-8812

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Processing maliciously crafted web content may lead to arbitrary code execution...

8.8CVSS7AI score0.0189EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2019/10/31 2:15 p.m.43 views

CVE-2019-18423

An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service via a XENMEMaddtophysmap hypercall. p2m-maxmappedgfn is used by the functions p2mresolvetranslationfault and p2mgetentry to sanity check guest physical frame. The rest of the code in the two...

8.8CVSS6.5AI score0.02059EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2019/10/23 12:0 a.m.43 views

CVE-2019-11759

An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an attacker to execute arbitrary code or more likely lead to a crash. This vulnerability affects Firefox 70, Thunderbird 68.2, and Firefox ESR 68.2...

8.8CVSS7.5AI score0.01799EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2019/10/09 2:15 p.m.43 views

CVE-2019-17382

An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password i.e., anonymously. All created elements...

9.1CVSS7.2AI score0.5415EPSS
Exploits5References2
UbuntuCve
UbuntuCve
added 2019/10/01 5:15 p.m.43 views

CVE-2019-16942

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the commons-dbcp 1.4 jar in the classpath, and an attacker can find a...

9.8CVSS7AI score0.05728EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2019/09/27 4:15 p.m.43 views

CVE-2019-9853

LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and categorized, resulting in...

7.8CVSS7.1AI score0.03188EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2019/09/19 9:15 p.m.43 views

CVE-2019-9719

A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srttoass in libavcodec/srtdec.c misuses snprintf. NOTE: Third parties dispute that this is a vulnerability because “no evidence of a...

8.8CVSS7.5AI score0.02025EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2019/09/09 5:15 p.m.43 views

CVE-2019-16168

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlitestat1 sz field, aka a "severe division by zero in the query planner."...

6.5CVSS6.8AI score0.04219EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2019/09/04 12:0 a.m.43 views

CVE-2019-11750

A type confusion vulnerability exists in Spidermonkey, which results in a non-exploitable crash. This vulnerability affects Firefox 69 and Firefox ESR 68.1...

6.5CVSS6.9AI score0.01262EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2019/08/21 12:0 a.m.43 views

CVE-2019-15292

An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalkprocexit, related to net/appletalk/atalkproc.c, net/appletalk/ddp.c, and net/appletalk/sysctlnetatalk.c...

10CVSS6.7AI score0.02588EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2019/08/19 12:0 a.m.43 views

CVE-2019-15215

An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2usb.c driver...

4.9CVSS6.7AI score0.00762EPSS
Exploits1References8
UbuntuCve
UbuntuCve
added 2019/08/13 12:0 a.m.43 views

CVE-2019-9512

Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU,...

7.8CVSS7.2AI score0.83433EPSS
Exploits1References8
UbuntuCve
UbuntuCve
added 2019/07/30 5:15 p.m.43 views

CVE-2018-16871

A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to...

7.5CVSS7AI score0.02779EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2019/07/18 6:15 p.m.43 views

CVE-2019-1010251

Open Information Security Foundation Suricata prior to version 4.1.2 is affected by: Denial of Service - DNS detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed network packet. The component is: app-layer-detect-proto.c, decode.c, decode-teredo.c an...

7.5CVSS7.1AI score0.02125EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2019/07/04 12:0 a.m.43 views

CVE-2019-13233

In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-after-free for access to an LDT entry because of a race condition between modifyldt and a BR exception for an MPX bounds violation...

7CVSS7.1AI score0.00469EPSS
Exploits1References7
UbuntuCve
UbuntuCve
added 2019/06/03 7:29 p.m.43 views

CVE-2019-10144

rkt through version 1.30.0 does not isolate processes in containers that are run with rkt enter. Processes run with rkt enter are given all capabilities during stage 2 the actual environment in which the applications run. Compromised containers could exploit this flaw to access host resources...

7.7CVSS7.1AI score0.00471EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2019/06/03 12:0 a.m.43 views

CVE-2019-11039

Function iconvmimedecodeheaders in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash...

9.1CVSS6.4AI score0.0313EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2019/05/28 3:29 a.m.43 views

CVE-2019-12380

DISPUTED An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. physefisetvirtualaddressmap in arch/x86/platform/efi/efi.c and eficallphysprolog in arch/x86/platform/efi/efi64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because...

5.5CVSS6.8AI score0.00487EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2019/05/22 5:29 p.m.43 views

CVE-2019-11841

A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional "Hash" Armor Headers. The...

5.9CVSS7AI score0.02002EPSS
Exploits2References3
UbuntuCve
UbuntuCve
added 2019/05/15 12:0 a.m.43 views

CVE-2019-11833

fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem...

5.5CVSS6.8AI score0.00645EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2019/04/23 12:0 a.m.43 views

CVE-2019-2697

Vulnerability in the Java SE component of Oracle Java SE subcomponent: 2D. Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of...

8.1CVSS6.8AI score0.11466EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2019/04/22 4:29 p.m.44 views

CVE-2015-1316

Juju Core's Joyent provider before version 1.25.5 uploads the user's private ssh key...

7.5CVSS6.9AI score0.01162EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2019/04/22 4:29 p.m.43 views

CVE-2019-3901

A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. As no relevant locks in particular the credguardmutex are held during the ptracemayaccess call, it is possible for the specified target task to perform an execve syscall with setuid execution...

5.6CVSS7AI score0.00339EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2019/03/21 12:0 a.m.43 views

CVE-2019-7222

The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak...

5.5CVSS6.7AI score0.00678EPSS
Exploits1References9
UbuntuCve
UbuntuCve
added 2019/03/06 8:29 a.m.43 views

CVE-2019-9587

There is a stack consumption issue in md5Round1 located in Decrypt.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to for example the pdfimages binary. It allows an attacker to cause Denial of Service Segmentation fault or possibly have unspecified other impact. This is related...

7.8CVSS7.1AI score0.01195EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2019/02/06 9:29 p.m.43 views

CVE-2019-7548

SQLAlchemy 1.2.17 has SQL Injection when the groupby parameter can be controlled...

7.8CVSS7.2AI score0.01777EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2019/01/14 12:0 a.m.43 views

CVE-2019-6109

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This...

6.8CVSS7AI score0.03807EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2018/12/31 12:0 a.m.43 views

CVE-2018-18508

In Network Security Services NSS before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service...

6.5CVSS6.8AI score0.0198EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2018/12/19 12:0 a.m.43 views

CVE-2018-20023

LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memor...

7.5CVSS6.8AI score0.02495EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2018/10/22 12:0 a.m.43 views

CVE-2018-18557

LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 with JBIG enabled decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tifjbig.c...

8.8CVSS6.9AI score0.1496EPSS
Exploits3References3
UbuntuCve
UbuntuCve
added 2018/09/30 8:29 p.m.43 views

CVE-2018-17794

An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in workstuffcopytofrom when called from iteratedemanglefunction...

6.5CVSS6.9AI score0.01803EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2018/09/01 10:29 p.m.43 views

CVE-2018-16328

In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c...

9.8CVSS6.8AI score0.02032EPSS
Exploits0References2
Total number of security vulnerabilities5000