Lucene search
K
UbuntucveRecent

68528 matches found

UbuntuCve
UbuntuCve
•added 2025/09/03 3:15 p.m.•0 views

CVE-2025-57052

cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decodearrayindexfrompointer function in cJSONUtils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters...

9.8CVSS7.2AI score0.00693EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2025/09/03 1:15 p.m.•1 views

CVE-2025-9901

A flaw was found in libsoup’s caching mechanism, SoupCache, where the HTTP Vary header is ignored when evaluating cached responses. This header ensures that responses vary appropriately based on request headers such as language or authentication. Without this check, cached content can be...

5.9CVSS5.8AI score0.0043EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/09/03 1:15 p.m.•1 views

CVE-2025-38678

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: reject duplicate device on updates A chain/flowtable update with duplicated devices in the same batch is possible. Unfortunately, netdev event path only removes the first device that is found, leaving...

5.5CVSS5.9AI score0.00202EPSS
Exploits1References29
UbuntuCve
UbuntuCve
•added 2025/09/03 8:15 a.m.•1 views

CVE-2025-9817

SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service...

7.8CVSS5.9AI score0.00194EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/09/03 2:15 a.m.•3 views

CVE-2025-7039

A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to...

3.7CVSS7.1AI score0.0037EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/09/02 2:15 p.m.•2 views

CVE-2025-9784

A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts...

7.5CVSS5.8AI score0.0217EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/09/02 12:15 p.m.•1 views

CVE-2024-52284

Unauthorized disclosure of sensitive data: Any user with GET or LIST permissions on BundleDeployment resources could retrieve Helm values containing credentials or other secrets...

7.7CVSS5.9AI score0.00217EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/09/01 7:15 p.m.•3 views

CVE-2025-9809

Out-of-bounds write in cdfsopencuetrack in libretro libretro-common latest on all platforms allows remote attackers to execute arbitrary code via a crafted .cue file with a file path exceeding PATHMAXLENGTH that is copied using memcpy into a fixed-size buffer...

9.8CVSS6.2AI score0.00395EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/09/01 5:15 p.m.•4 views

CVE-2025-9375

XML Injection vulnerability in xmltodict allows Input Data Manipulation. This issue affects xmltodict: from 0.14.2 before 0.15.1. NOTE: the scope of this CVE is disputed by the vendor on the grounds that xmltodict.unparse delegates element-name handling to Python's xml.sax.saxutils.XMLGenerator,...

6.9CVSS5.8AI score0.00417EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/08/31 2:15 p.m.•2 views

CVE-2025-9732

A vulnerability was identified in DCMTK up to 3.6.9. This affects an unknown function in the library dcmimage/include/dcmtk/dcmimage/diybrpxt.h of the component dcm2img. Such manipulation leads to memory corruption. Local access is required to approach this attack. The name of the patch is...

7.8CVSS5.8AI score0.00158EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2025/08/30 2:15 p.m.•2 views

CVE-2005-10004

Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graphview.php script. An authenticated user can inject arbitrary shell commands via the graphstart GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute...

8.8CVSS6AI score0.01781EPSS
Exploits1References7
UbuntuCve
UbuntuCve
•added 2025/08/30 1:15 p.m.•2 views

CVE-2025-9688

A security vulnerability has been detected in Mupen64Plus up to 2.6.0. The affected element is the function writeisviewer of the file src/device/cart/isviewer.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The attack is considered to have high...

5.1CVSS5.5AI score0.00258EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2025/08/30 10:15 a.m.•0 views

CVE-2025-38677

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-boundary access in dnode page As Jiaming Zhang reported: dumpstack lib/dumpstack.c:94 inline dumpstacklvl+0x1c1/0x2a0 lib/dumpstack.c:120 printaddressdescription mm/kasan/report.c:378 inline...

7.1CVSS6.6AI score0.00151EPSS
Exploits0References35
UbuntuCve
UbuntuCve
•added 2025/08/29 10:15 p.m.•2 views

CVE-2025-58160

tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into...

2.3CVSS6AI score0.00303EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/08/29 10:15 p.m.•3 views

CVE-2025-58068

Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch targeted...

9.1CVSS6AI score0.00363EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2025/08/29 9:15 p.m.•3 views

CVE-2025-58066

nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. In versions between 1.2.0 and 1.6.1 inclusive servers which allow non-NTS traffic are affected by a denial of service vulnerability, where an attacker can induce a message storm between two NTP...

5.3CVSS5.8AI score0.00313EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/08/29 7:15 p.m.•1 views

CVE-2025-9670

A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released...

6.9CVSS5.7AI score0.00461EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2025/08/29 5:15 p.m.•1 views

CVE-2025-55763

Buffer Overflow in the URI parser of CivetWeb 1.14 through 1.16 latest allows a remote attacker to achieve remote code execution via a crafted HTTP request. This vulnerability is triggered during request processing and may allow an attacker to corrupt heap memory, potentially leading to denial of...

7.5CVSS6.6AI score0.01116EPSS
Exploits2References4
UbuntuCve
UbuntuCve
•added 2025/08/29 4:15 p.m.•2 views

CVE-2025-47909

Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can't get it to submit to https://example.com because the Origin...

7.3CVSS5.9AI score0.00159EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/08/29 12:0 a.m.•2 views

CVE-2025-40927

CGI::Simple versions before 1.282 for Perl has a HTTP response splitting flaw This vulnerability is a confirmed HTTP response splitting flaw in CGI::Simple that allows HTTP response header injection, which can be used for reflected XSS or open redirect under certain conditions. Although some...

7.3CVSS5.8AI score0.00431EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2025/08/29 12:0 a.m.•2 views

CVE-2025-54080

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions 0.28.5 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An...

5.5CVSS6.6AI score0.00132EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/08/29 12:0 a.m.•3 views

CVE-2025-55304

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A denial-of-service was found in Exiv2 version 0.28.5: a quadratic algorithm in the ICC profile parsing code in jpegBase::readMetadata can cause Exiv2 to run for a long time...

5.5CVSS6.6AI score0.00226EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2025/08/29 12:0 a.m.•4 views

CVE-2025-9649

A security vulnerability has been detected in appneta tcpreplay 4.5.1. Impacted is the function calcsleeptime of the file sendpackets.c. Such manipulation leads to divide by zero. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. Upgrading to version...

5.5CVSS5.4AI score0.00225EPSS
Exploits1References8
UbuntuCve
UbuntuCve
•added 2025/08/28 10:15 p.m.•1 views

CVE-2025-58058

xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current...

5.3CVSS7AI score0.00385EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/08/28 4:15 p.m.•5 views

CVE-2025-29364

spimsimulator spim v9.1.24 and before is vulnerable to Buffer Overflow in the READSYSCALL and WRITESYSCALL system calls. The application verifies the legitimacy of the starting and ending addresses for memory read/write operations. By configuring the starting and ending addresses for memory...

6.5CVSS5.9AI score0.00356EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/08/28 4:15 p.m.•0 views

CVE-2025-57767

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.15.2, 21.10.2, and 22.5.2, if a SIP request is received with an Authorization header that contains a realm that wasn't in a previous 401 response's WWW-Authenticate header, or an Authorization header wi...

7.5CVSS5.8AI score0.00381EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/08/28 3:16 p.m.•2 views

CVE-2025-54995

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions...

6.5CVSS5.7AI score0.00449EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2025/08/28 12:0 a.m.•1 views

CVE-2024-58240

In the Linux kernel, the following vulnerability has been resolved: tls: separate no-async decryption request handling from async If we're not doing async, the handling is much simpler. There's no reference counting, we just need to wait for the completion to wake us up and return its result. We...

7.8CVSS6.6AI score0.00144EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/08/28 12:0 a.m.•4 views

CVE-2025-8067

A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler, which handles requests sent through the D-BUS interface. As two of the parameters of this handle, it receives the file descriptor...

8.5CVSS6.9AI score0.0065EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2025/08/27 9:15 p.m.•2 views

CVE-2025-40779

If a DHCPv4 client sends a request with some specific options, and Kea fails to find an appropriate subnet for the client, the kea-dhcp4 process will abort with an assertion failure. This happens only if the client request is unicast directly to Kea; broadcast messages do not cause the problem...

7.5CVSS5.9AI score0.00495EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/08/27 7:15 p.m.•2 views

CVE-2025-58050

The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the scs:... Scan SubString verb when combined with...

9.1CVSS5.8AI score0.00693EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2025/08/27 5:15 p.m.•3 views

CVE-2025-5187

A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is subsequently delete...

6.7CVSS6.8AI score0.00434EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/08/27 3:15 p.m.•1 views

CVE-2025-53105

GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 10.0.0 to before 10.0.19, a connected user without administration rights can change th...

7.5CVSS6AI score0.00332EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/08/26 7:15 p.m.•0 views

CVE-2025-9478

Use after free in ANGLE in Google Chrome prior to 139.0.7258.154 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS7.3AI score0.03583EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/08/26 6:15 p.m.•1 views

CVE-2025-57803

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2 for ImageMagick's 32-bit build, a 32-bit integer overflow in the BMP encoder’s scanline-stride computation collapses bytesperline stride to a tiny value while the...

8.8CVSS6.9AI score0.00794EPSS
Exploits1References7
UbuntuCve
UbuntuCve
•added 2025/08/26 6:15 p.m.•2 views

CVE-2025-55298

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to FormatLocaleString without proper...

8.8CVSS7.1AI score0.04065EPSS
Exploits1References8
UbuntuCve
UbuntuCve
•added 2025/08/26 5:15 p.m.•1 views

CVE-2025-55212

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2, passing a geometry string containing only a colon ":" to montage -geometry leads GetGeometry to set width/height to 0. Later, ThumbnailImage divides by these zer...

7.5CVSS7AI score0.00851EPSS
Exploits1References10
UbuntuCve
UbuntuCve
•added 2025/08/26 1:15 p.m.•5 views

CVE-2025-38676

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Avoid stack buffer overflow from kernel cmdline While the kernel command line is considered trusted in most environments, avoid writing 1 byte past the end of "acpiid" if the "str" argument is maximum length...

7.8CVSS6.8AI score0.0037EPSS
Exploits1References28
UbuntuCve
UbuntuCve
•added 2025/08/25 9:15 p.m.•2 views

CVE-2025-57804

h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without...

6.9CVSS7.1AI score0.01596EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/08/25 3:15 p.m.•1 views

CVE-2025-46407

A memory corruption vulnerability exists in the BMPv3 Palette Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be made to occur which will cause a heap-based buffer to overflow when reading the palette from the...

8.8CVSS6.2AI score0.00614EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2025/08/25 3:15 p.m.•4 views

CVE-2025-35984

A memory corruption vulnerability exists in the PCX Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decoding the image data from a specially crafted .pcx file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to...

8.8CVSS6.2AI score0.0094EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2025/08/25 3:15 p.m.•2 views

CVE-2025-32468

A memory corruption vulnerability exists in the BMPv3 Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based...

8.8CVSS6.1AI score0.00636EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2025/08/25 3:15 p.m.•1 views

CVE-2025-53085

A memory corruption vulnerability exists in the PSD RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a specially crafted .psd file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to...

8.8CVSS6.1AI score0.00691EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2025/08/25 3:15 p.m.•4 views

CVE-2025-53510

A memory corruption vulnerability exists in the PSD Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .psd file, an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffe...

8.8CVSS6.1AI score0.00636EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2025/08/25 3:15 p.m.•1 views

CVE-2025-52930

A memory corruption vulnerability exists in the BMPv3 RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a specially crafted .bmp file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to...

8.8CVSS6.1AI score0.00691EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2025/08/25 3:15 p.m.•0 views

CVE-2025-50129

A memory corruption vulnerability exists in the PCX Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decoding the image data from a specially crafted .tga file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to...

8.8CVSS6.2AI score0.00691EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2025/08/25 3:15 p.m.•1 views

CVE-2025-52456

A memory corruption vulnerability exists in the WebP Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .webp animation an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based...

8.8CVSS6.1AI score0.00636EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2025/08/25 2:15 p.m.•1 views

CVE-2025-43960

Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service memory consumption via a crafted serialized payload e.g., using s:1000000000, leading to a PHP Object Injection issue. Remote, unauthenticated attackers can trigger this by sending a malicious serialized object, which force...

8.6CVSS5.9AI score0.00681EPSS
Exploits2References5
UbuntuCve
UbuntuCve
•added 2025/08/25 2:15 p.m.•2 views

CVE-2025-54482

A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch 35a819fa. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This...

9.8CVSS6.3AI score0.00636EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/08/25 2:15 p.m.•1 views

CVE-2025-54494

A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch 35a819fa. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This...

9.8CVSS6.3AI score0.00636EPSS
Exploits1References3
Total number of security vulnerabilities68528