Lucene search
K
UbuntucveRecent

68528 matches found

UbuntuCve
UbuntuCve
•added 2025/08/15 3:15 p.m.•3 views

CVE-2025-24975

Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when...

8.8CVSS5.8AI score0.00474EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2025/08/15 3:15 p.m.•4 views

CVE-2025-54989

Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, there is an XDR message parsing NULL pointer dereference denial-of-service vulnerability in Firebird. This specific flaw exists within the parsing of xdr message from client. It leads to NULL pointer dereference and Do...

7.5CVSS6.5AI score0.0051EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/08/15 12:0 a.m.•3 views

CVE-2025-9019

A vulnerability has been found in tcpreplay 4.5.1. This vulnerability affects the function maskcidr6 of the file cidr.c of the component tcpprep. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitatio...

5.9CVSS5.4AI score0.00918EPSS
Exploits1References12
UbuntuCve
UbuntuCve
•added 2025/08/15 12:0 a.m.•3 views

CVE-2025-53859

NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happe...

6.3CVSS6AI score0.00371EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2025/08/14 5:15 p.m.•2 views

CVE-2025-50817

A vulnerability in the Python-Future 1.0.0 module allows for arbitrary code execution via the unintended import of a file named test.py. When the module is loaded, it automatically imports test.py, if present in the same directory or in the sys.path. This behavior can be exploited by an attacker...

5.4CVSS6.7AI score0.00271EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/08/14 4:15 p.m.•4 views

CVE-2025-50518

A use-after-free vulnerability exists in the coapdeletepdulkd function within coappdu.c of the libcoap library. This issue occurs due to improper handling of memory after the freeing of a PDU object, leading to potential memory corruption or the possibility of executing arbitrary code. NOTE: this...

9.8CVSS6AI score0.00415EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/08/14 2:0 p.m.•3 views

CVE-2025-54389

AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamp...

6.2CVSS6.7AI score0.0021EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2025/08/14 2:0 p.m.•3 views

CVE-2025-54409

AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An attacker can crash the program during report printing or database listing after setting extended file attributes with an empty attribute value or with a...

6.2CVSS5.8AI score0.00216EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2025/08/14 1:15 p.m.•2 views

CVE-2025-8713

PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this...

3.1CVSS6.8AI score0.00205EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/08/14 1:15 p.m.•5 views

CVE-2025-8961

A weakness has been identified in LibTIFF 4.7.0. This affects the function main of the file tiffcrop.c of the component tiffcrop. Executing manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to the public and could be exploited...

4.8CVSS6AI score0.00186EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2025/08/14 1:15 p.m.•3 views

CVE-2025-8714

Untrusted data inclusion in pgdump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pgdumpall is also affected. pgrestore is affected...

8.8CVSS7.4AI score0.00709EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2025/08/14 1:15 p.m.•5 views

CVE-2025-8715

Improper neutralization of newlines in pgdump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks...

8.8CVSS7.5AI score0.00385EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/08/13 11:15 p.m.•3 views

CVE-2025-55193

Active Record connects classes to relational database tables. Prior to versions 7.1.5.2, 7.2.2.2, and 8.0.2.1, the ID passed to find or similar methods may be logged without escaping. If this is directly to the terminal it may include unescaped ANSI sequences. This issue has been patched in...

6.9CVSS6.9AI score0.00527EPSS
Exploits0References8
UbuntuCve
UbuntuCve
•added 2025/08/13 11:15 p.m.•2 views

CVE-2025-55197

pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM being exhausted. This requires just reading the file if a series of FlateDecode filters is used on a malicious cross-reference stream. Other content streams are...

8.7CVSS6.9AI score0.00408EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2025/08/13 9:15 p.m.•5 views

CVE-2012-10059

Dolibarr ERP/CRM versions = 3.1.1 and = 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup feature. The export.php script fails to sanitize the sqlcompat parameter, allowing authenticated users to inject arbitrary system commands, resulting in remote code...

9.4CVSS6.6AI score0.03182EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2025/08/13 6:15 p.m.•3 views

CVE-2025-1477

An issue has been discovered in GitLab CE/EE affecting all versions from 8.14 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an unauthenticated user to create a denial of service condition by sending specially crafted payloads to specific integration API endpoin...

7.5CVSS5.8AI score0.00423EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/08/13 6:15 p.m.•3 views

CVE-2025-7739

An issue has been discovered in GitLab CE/EE affecting all versions from 18.2 before 18.2.2 that, under certain conditions, could have allowed authenticated users to achieve stored cross-site scripting by injecting malicious HTML content in scoped label descriptions...

8.7CVSS5.9AI score0.00293EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/08/13 6:15 p.m.•2 views

CVE-2025-7734

An issue has been discovered in GitLab CE/EE affecting all versions from 14.2 before 18.0.6, 18.1 before 18.1.4 and 18.2 before 18.2.2 that, under certain conditions, could have allowed a successful attacker to execute actions on behalf of users by injecting malicious content...

8.7CVSS6AI score0.00289EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/08/13 6:15 p.m.•2 views

CVE-2025-8770

An issue has been discovered in GitLab EE affecting all versions from 18.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that could have allowed authenticated users with specific access to bypass merge request approval policies by manipulating approval rule identifiers...

6.5CVSS5.8AI score0.00264EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/08/13 6:15 p.m.•3 views

CVE-2025-5819

An issue has been discovered in GitLab CE/EE affecting all versions from 15.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users with developer access to obtain ID tokens for protected branches under certain circumstances...

5CVSS5.8AI score0.00216EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/08/13 6:15 p.m.•4 views

CVE-2025-2937

An issue has been discovered in GitLab CE/EE affecting all versions from 13.2 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to create a denial of service condition by sending specially crafted markdown payloads to the Wiki feature...

6.5CVSS5.8AI score0.00337EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/08/13 6:15 p.m.•10 views

CVE-2025-6186

An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to achieve account takeover by injecting malicious HTML into work item names...

8.7CVSS6AI score0.00289EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/08/13 6:15 p.m.•1 views

CVE-2024-12303

An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users with specific roles and permissions to delete issues including confidential ones by inviting...

6.7CVSS5.8AI score0.00374EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/08/13 6:15 p.m.•3 views

CVE-2025-2498

An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that under certain conditions could have allowed users to view assigned issues from restricted groups by bypassing IP restrictions...

4.3CVSS5.9AI score0.00228EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/08/13 6:15 p.m.•3 views

CVE-2024-10219

An issue has been discovered in GitLab CE/EE affecting all versions from 15.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users to bypass access controls and download private artifacts by accessing specific API endpoints...

6.5CVSS5.8AI score0.00398EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/08/13 6:15 p.m.•4 views

CVE-2025-2614

An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an authenticated user to cause a denial of service condition by creating specially crafted content that consumes excessive server resourc...

6.5CVSS5.8AI score0.00337EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/08/13 3:15 p.m.•5 views

CVE-2025-8941

A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020...

7.8CVSS7AI score0.00254EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/08/13 3:15 p.m.•2 views

CVE-2025-55163

Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the max concurrent...

8.2CVSS6.8AI score0.00979EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2025/08/13 2:15 p.m.•2 views

CVE-2025-55668

Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 ...

6.5CVSS6.8AI score0.00775EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2025/08/13 2:15 p.m.•2 views

CVE-2025-55160

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, there is undefined behavior function-type-mismatch in splay tree cloning callback. This results in a deterministic abort under UBSan DoS in sanitizer builds, wit...

6.1CVSS6.4AI score0.0038EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/08/13 2:15 p.m.•4 views

CVE-2025-55154

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, the magnified size calculations in ReadOneMNGIMage in coders/png.c are unsafe and can overflow, leading to memory corruption. This issue has been patched in...

8.8CVSS7.2AI score0.00933EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2025/08/13 2:15 p.m.•1 views

CVE-2025-55005

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, when preparing to transform from Log to sRGB colorspaces, the logmap construction fails to handle cases where the reference-black or reference-white value is larger than 1024...

5.5CVSS5.9AI score0.00243EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/08/13 2:15 p.m.•2 views

CVE-2025-55004

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, ImageMagick is vulnerable to heap-buffer overflow read around the handling of images with separate alpha channels when performing image magnification in ReadOneMNGIMage. This c...

7.6CVSS6AI score0.00503EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/08/13 1:15 p.m.•4 views

CVE-2025-8671

A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive server resource consumption leading to denial-of-service DoS. By opening streams and then rapidly triggering the serv...

7.5CVSS6AI score0.04604EPSS
Exploits3References12
UbuntuCve
UbuntuCve
•added 2025/08/13 1:15 p.m.•3 views

CVE-2025-48989

Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected...

7.5CVSS6.9AI score0.03389EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2025/08/13 10:15 a.m.•1 views

CVE-2025-8916

Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcpkix on All API modules, Legion of the Bouncy Castle Inc. BC Java bcprov on All API modules, Legion of the Bouncy Castle Inc. BCPKIX FIPS bcpkix-fips on All API modules allows Excessiv...

6.3CVSS6.8AI score0.0043EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/08/13 3:15 a.m.•3 views

CVE-2025-8901

Out of bounds write in ANGLE in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.2AI score0.00289EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/08/13 3:15 a.m.•2 views

CVE-2025-8879

Heap buffer overflow in libaom in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to potentially exploit heap corruption via a curated set of gestures. Chromium security severity: High...

8.8CVSS7.4AI score0.00265EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/08/13 3:15 a.m.•4 views

CVE-2025-8880

Race in V8 in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.5AI score0.00247EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/08/13 3:15 a.m.•2 views

CVE-2025-8881

Inappropriate implementation in File Picker in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS6.6AI score0.0023EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/08/13 3:15 a.m.•3 views

CVE-2025-8882

Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS7.2AI score0.00246EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/08/12 5:15 p.m.•1 views

CVE-2025-22840

Sequence of processor instructions leads to unexpected behavior for some IntelR XeonR 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access...

7.4CVSS7AI score0.00125EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/08/12 5:15 p.m.•3 views

CVE-2025-32086

Improperly implemented security check for standard in the DDRIO configuration for some IntelR XeonR 6 Processors when using IntelR SGX or IntelR TDX may allow a privileged user to potentially enable escalation of privilege via local access...

7.2CVSS7AI score0.00132EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/08/12 5:15 p.m.•1 views

CVE-2025-24305

Insufficient control flow management in the Alias Checking Trusted Module ACTM firmware for some IntelR XeonR processors may allow a privileged user to potentially enable escalation of privilege via local access...

7.2CVSS7AI score0.00134EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/08/12 5:15 p.m.•4 views

CVE-2025-20109

Improper Isolation or Compartmentalization in the stream cache mechanism for some IntelR Processors may allow an authenticated user to potentially enable escalation of privilege via local access...

7.8CVSS7AI score0.0013EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/08/12 5:15 p.m.•3 views

CVE-2025-20053

Improper buffer restrictions for some IntelR XeonR Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access...

7.2CVSS7.2AI score0.00143EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/08/12 5:15 p.m.•2 views

CVE-2025-26403

Out-of-bounds write in the memory subsystem for some IntelR XeonR 6 processors when using IntelR SGX or IntelR TDX may allow a privileged user to potentially enable escalation of privilege via local access...

7.2CVSS7AI score0.00132EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/08/12 5:15 p.m.•5 views

CVE-2025-22889

Improper handling of overlap between protected memory ranges for some IntelR XeonR 6 processor with IntelR TDX may allow a privileged user to potentially enable escalation of privilege via local access...

7.9CVSS7.1AI score0.00139EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/08/12 5:15 p.m.•2 views

CVE-2025-22839

Insufficient granularity of access control in the OOB-MSM for some IntelR XeonR 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access...

7.5CVSS7.1AI score0.00169EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/08/12 5:15 p.m.•2 views

CVE-2025-21090

Missing reference to active allocated resource for some IntelR XeonR processors may allow an authenticated user to potentially enable denial of service via local access...

6.5CVSS6.6AI score0.00134EPSS
Exploits0References4
Total number of security vulnerabilities68528