Lucene search
K
UbuntucveRecent

68528 matches found

UbuntuCve
UbuntuCve
added 2025/11/26 12:15 p.m.2 views

CVE-2025-13674

BPv7 dissector crash in Wireshark 4.6.0 allows denial of service...

5.5CVSS5.8AI score0.00096EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/11/26 7:16 a.m.4 views

CVE-2025-13735

Out-of-bounds Read vulnerability in ASR1903、ASR3901 in ASR LapwingLinux on Linux nrfw modules. This vulnerability is associated with program files Code/nrfw/DLP/src/NrCgi.C. This issue affects LapwingLinux: before 2025/11/26...

7.4CVSS6.7AI score0.00174EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/11/26 6:15 a.m.1 views

CVE-2025-59820

In KDE Krita before 5.2.13, loading a manipulated TGA file could result in a heap-based buffer overflow in plugins/impex/tga/kistgaimport.cpp aka KisTgaImport. Control flow proceeds even when a number of pixels becomes negative...

6.7CVSS7.3AI score0.0018EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/11/26 6:15 a.m.4 views

CVE-2025-55174

In KDE Skanpage before 25.08.0, an attempt at file overwrite can result in the contents of the new file at the beginning followed by the partial contents of the old file at the end, because of use of QIODevice::ReadWrite instead of QODevice::WriteOnly...

3.2CVSS5.8AI score0.00123EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/11/26 12:15 a.m.3 views

CVE-2025-66019

pypdf is a free and open-source pure-python PDF library. Prior to version 6.4.0, an attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a page using the LZWDecode filter. This issue has been patch...

8.7CVSS7AI score0.00313EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/11/25 8:16 p.m.2 views

CVE-2025-9624

A vulnerability in OpenSearch allows attackers to cause Denial of Service DoS by submitting complex querystring inputs. This issue affects all OpenSearch versions between 3.0.0 and 3.3.0 and OpenSearch 2.19.4...

8.3CVSS5.9AI score0.0047EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2025/11/25 8:15 p.m.3 views

CVE-2025-12816

An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions...

8.6CVSS6.9AI score0.00689EPSS
Exploits1References7
UbuntuCve
UbuntuCve
added 2025/11/25 8:15 a.m.4 views

CVE-2025-13502

A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, leading to a UIProcess crash DoS via a crafted payload to the GLib remote inspector server...

7.5CVSS7.1AI score0.00505EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/11/25 6:15 a.m.2 views

CVE-2025-13644

MongoDB Server may experience an invariant failure during batched delete operations when handling documents. The issue arises when the server mistakenly assumes the presence of multiple documents in a batch based solely on document size exceeding BSONObjMaxSize. This issue affects MongoDB Server...

7.5CVSS5.9AI score0.00252EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/11/25 6:15 a.m.3 views

CVE-2025-13643

A user with access to the cluster with a limited set of privilege actions may be able to terminate queries that are being executed by other users. This may cause a denial of service by preventing a fraction of queries from successfully completing. This issue affects MongoDB Server v7.0 versions...

6.5CVSS5.8AI score0.00192EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/11/25 5:16 a.m.1 views

CVE-2025-13507

Inconsistent object size validation in time series processing logic may result in later processing of oversized BSON documents leading to an assert failing and process termination. This issue impacts MongoDB Server v7.0 versions prior to 7.0.26, v8.0 versions prior to 8.0.16 and MongoDB server v8...

7.1CVSS5.9AI score0.00249EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/11/25 5:15 a.m.2 views

CVE-2025-12893

Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage EKU requirements. A certificate that specifies extendedKeyUsage but is missing extendedKeyUsage = clientAuth may still be successfully...

5.4CVSS5.9AI score0.00084EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/11/25 12:15 a.m.6 views

CVE-2025-65018

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function pngimagefinishread when processing...

7.1CVSS6.4AI score0.00224EPSS
Exploits4References7
UbuntuCve
UbuntuCve
added 2025/11/25 12:15 a.m.3 views

CVE-2025-64506

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's pngwriteimage8bit function when processing 8-bit images through t...

6.1CVSS6.4AI score0.00118EPSS
Exploits2References6
UbuntuCve
UbuntuCve
added 2025/11/25 12:15 a.m.3 views

CVE-2025-64505

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's pngdoquantize function when processing PNG files with malformed palette...

6.1CVSS6.4AI score0.00184EPSS
Exploits2References7
UbuntuCve
UbuntuCve
added 2025/11/25 12:15 a.m.5 views

CVE-2025-64720

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in pngimagereadcomposite when processing palette images with PNGFLAGOPTIMIZEALP...

7.1CVSS6.3AI score0.00281EPSS
Exploits4References6
UbuntuCve
UbuntuCve
added 2025/11/24 9:16 p.m.4 views

CVE-2025-63498

alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting XSS via the "userName" parameter...

6.1CVSS5.9AI score0.00241EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2025/11/24 7:15 p.m.1 views

CVE-2025-13466

body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage. This c...

6.9CVSS6.6AI score0.00342EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/11/24 6:15 p.m.2 views

CVE-2025-13609

A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module TPM device but claiming an existing agent's unique identifier UUID. This action overwrites the legitimate agent's identity, enabling the...

8.2CVSS5.7AI score0.0038EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/11/24 4:15 p.m.2 views

CVE-2025-40213

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: fix crash in setmeshsync and setmeshcomplete There is a BUG: KASAN: stack-out-of-bounds in setmeshsync due to memcpy from badly declared on-stack flexible array. Another crash is in setmeshcomplete due to double...

5.7AI score0.00161EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2025/11/24 2:15 p.m.2 views

CVE-2025-65496

NULL pointer dereference in coapdtlsgeneratecookie in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSLgetSSLCTX to return NULL...

4.3CVSS5.9AI score0.00226EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/11/24 2:15 p.m.2 views

CVE-2025-65501

Null pointer dereference in coapdtlsinfocallback in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSLgetappdata returns NULL...

4.3CVSS5.9AI score0.00226EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/11/24 2:15 p.m.2 views

CVE-2025-65493

NULL pointer dereference in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS/TLS connection that triggers BIOgetdata to return NULL...

7.5CVSS5.9AI score0.00331EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/11/24 2:15 p.m.2 views

CVE-2025-65499

Array index error in tlsverifycallback in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSLgetexdataX509STORECTXidx to return -1...

4.3CVSS5.9AI score0.00226EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/11/24 2:15 p.m.5 views

CVE-2025-65500

NULL pointer dereference in coapdtlsgeneratecookie in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSLgetSSLCTX to return NULL...

4.3CVSS5.9AI score0.00226EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/11/24 2:15 p.m.3 views

CVE-2025-65497

NULL pointer dereference in coapdtlsgeneratecookie in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSLgetSSLCTX to return NULL...

4.3CVSS5.9AI score0.00226EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/11/24 2:15 p.m.1 views

CVE-2025-65498

NULL pointer dereference in coapdtlsgeneratecookie in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSLgetSSLCTX to return NULL...

4.3CVSS5.9AI score0.00226EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/11/24 2:15 p.m.1 views

CVE-2025-65495

Integer signedness error in tlsverifycallback in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted TLS certificate that causes i2dX509 to return -1 and be misused as a malloc size parameter...

7.5CVSS5.9AI score0.00219EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/11/24 2:15 p.m.4 views

CVE-2025-65494

NULL pointer dereference in getsanorcnfromcert in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted X.509 certificate that causes skGENERALNAMEvalue to return NULL...

7.5CVSS5.9AI score0.00219EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/11/24 1:16 p.m.2 views

CVE-2025-40212

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix refcount leak in nfsdsetfhdentry nfsd exports a "pseudo root filesystem" which is used by NFSv4 to find the various exported filesystems using LOOKUP requests from a known root filehandle. NFSv3 uses the MOUNT protocol ...

5.7AI score0.00161EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2025/11/22 12:15 a.m.1 views

CVE-2025-12889

With TLS 1.2 connections a client can use any digest, specifically a weaker digest that is supported, rather than those in the CertificateRequest...

5.4CVSS5.8AI score0.00127EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/11/21 11:15 p.m.2 views

CVE-2025-11931

Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to the function wcXChaCha20Poly1305Decrypt which is not used with TLS connections, only from direct calls from an application...

8.2CVSS5.9AI score0.00297EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/11/21 11:15 p.m.3 views

CVE-2025-11934

Improper input validation in the TLS 1.3 CertificateVerify signature algorithm negotiation in wolfSSL 5.8.2 and earlier on multiple platforms allows for downgrading the signature algorithm used. For example when a client sends ECDSA P521 as the supported signature algorithm the server previously...

2.7CVSS5.9AI score0.0015EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/11/21 11:15 p.m.3 views

CVE-2025-11933

Improper Input Validation in the TLS 1.3 CKS extension parsing in wolfSSL 5.8.2 and earlier on multiple platforms allows a remote unauthenticated attacker to potentially cause a denial-of-service via a crafted ClientHello message with duplicate CKS extensions...

6.5CVSS5.9AI score0.00394EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/11/21 11:15 p.m.1 views

CVE-2025-11932

The server previously verified the TLS 1.3 PSK binder using a non-constant time method which could potentially leak information about the PSK binder...

4.3CVSS5.8AI score0.0024EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/11/21 11:15 p.m.3 views

CVE-2025-11936

Improper input validation in the TLS 1.3 KeyShareEntry parsing in wolfSSL v5.8.2 on multiple platforms allows a remote unauthenticated attacker to cause a denial-of-service by sending a crafted ClientHello message containing duplicate KeyShareEntry values for the same supported group, leading to...

6.3CVSS5.9AI score0.004EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/11/21 11:15 p.m.1 views

CVE-2025-12888

Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels introduced by compiler optimizations and CPU architecture limitations, specifically with the Xtensa-based ESP32 chips. If targeting Xtensa it is recommended to use the low memory implementations of...

7.5CVSS5.8AI score0.00268EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/11/21 10:16 p.m.3 views

CVE-2025-11935

With TLS 1.3 pre-shared key PSK a malicious or faulty server could ignore the request for PFS perfect forward secrecy and the client would continue on with the connection using PSK without PFS. This happened when a server responded to a ClientHello containing pskdheke without a keyshare...

7.5CVSS5.9AI score0.00199EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/11/21 10:16 p.m.4 views

CVE-2025-65102

PJSIP is a free and open source multimedia communication library. Prior to version 2.16, Opus PLC may zero-fill the input frame as long as the decoder ptime, while the input frame length, which is based on stream ptime, may be less than that. This issue affects PJSIP users who use the Opus audio...

8.7CVSS5.9AI score0.00273EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/11/21 7:16 p.m.7 views

CVE-2025-62626

Improper handling of insufficient entropy in the AMD CPUs could allow a local attacker to influence the values returned by the RDSEED instruction, potentially resulting in the consumption of insufficiently random values...

7.2CVSS7.2AI score0.00156EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2025/11/21 7:15 p.m.1 views

CVE-2025-29934

A bug within some AMD CPUs could allow a local admin-privileged attacker to run a SEV-SNP guest using stale TLB entries, potentially resulting in loss of data integrity...

5.3CVSS5.8AI score0.00094EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/11/21 5:15 p.m.2 views

CVE-2025-13470

In RNP version 0.18.0 a refactoring regression causes the symmetric session key used for Public-Key Encrypted Session Key PKESK packets to be left uninitialized except for zeroing, resulting in it always being an all-zero byte array. Any data encrypted using public-key encryption in this release...

8.7CVSS6AI score0.00274EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2025/11/21 11:15 a.m.3 views

CVE-2025-40210

In the Linux kernel, the following vulnerability has been resolved: Revert "NFSD: Remove the cap on number of operations per NFSv4 COMPOUND" I've found that pynfs COMP6 now leaves the connection or lease in a strange state, which causes CLOSE9 to hang indefinitely. I've dug into it a little, but ...

5.8AI score0.0015EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2025/11/21 11:15 a.m.4 views

CVE-2025-40211

In the Linux kernel, the following vulnerability has been resolved: ACPI: video: Fix use-after-free in acpivideoswitchbrightness The switchbrightnesswork delayed work accesses device-brightness and device-backlight, freed by acpivideodevunregisterbacklight during device removal. If the work...

5.9AI score0.00171EPSS
Exploits0References30
UbuntuCve
UbuntuCve
added 2025/11/21 11:15 a.m.1 views

CVE-2025-40209

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix memory leak of qgrouplist in btrfsaddqgrouprelation When btrfsaddqgrouprelation is called with invalid qgroup levels src = dst, the function returns -EINVAL directly without freeing the preallocated qgrouplist structur...

5.8AI score0.00161EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2025/11/21 6:15 a.m.4 views

CVE-2025-9825

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 to 18.2.8, 18.3 before 18.3.4, and 18.4 before 18.4.2 that could have allowed authenticated users without project membership to view sensitive manual CI/CD variables by querying the GraphQL API...

6.5CVSS5.9AI score0.00315EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2025/11/21 12:0 a.m.2 views

CVE-2025-13402

RNP PKESK Session Keys Generated as All-Zero...

5.8AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/11/21 12:0 a.m.1 views

CVE-2025-13499

Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service...

7.8CVSS5.9AI score0.00101EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/11/20 4:16 p.m.2 views

CVE-2025-62875

An Improper Check for Unusual or Exceptional Conditions vulnerability in OpenSMTPD allows local users to crash OpenSMTPD. This issue affects openSUSE Tumbleweed: from ? before 7.8.0p0-1.1...

6.9CVSS5.9AI score0.00155EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2025/11/20 3:17 p.m.1 views

CVE-2025-60796

phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting XSS vulnerabilities across various components. User-supplied input from $REQUEST parameters is reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php, admin.ph...

6.1CVSS6AI score0.00198EPSS
Exploits0References5
Total number of security vulnerabilities68528