Lucene search
K
UbuntucveRecent

68528 matches found

UbuntuCve
UbuntuCve
added 2025/08/12 4:15 p.m.1 views

CVE-2025-38500

In the Linux kernel, the following vulnerability has been resolved: xfrm: interface: fix use-after-free after changing collectmd xfrm interface collectmd property on xfrm interfaces can only be set on device creation, thus xfrmichangelink should fail when called on such interfaces. The check to...

7.8CVSS6.6AI score0.0014EPSS
Exploits0References23
UbuntuCve
UbuntuCve
added 2025/08/12 3:15 p.m.1 views

CVE-2024-38805

EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service...

6.3CVSS6.7AI score0.00193EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/08/12 10:15 a.m.4 views

CVE-2025-8885

Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcprov on All API modules, Legion of the Bouncy Castle Inc. BC-FJA bc-fips on All allows Excessive Allocation. This vulnerability is associated with program files...

6.3CVSS6.6AI score0.00505EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/08/12 3:15 a.m.7 views

CVE-2025-4390

The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.2 via the 'validaterestrictions' function. This makes it possible for unauthenticated attackers to extract sensitive data including the content of resticted...

5.3CVSS5.9AI score0.00307EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/08/11 11:15 p.m.2 views

CVE-2025-55158

Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1406, when processing nested tuples during Vim9 script import operations, an error during evaluation can trigger a double-free in Vim’s internal typed value typvalT management. Specifically, the cleartv...

8.8CVSS6AI score0.0033EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/08/11 11:15 p.m.2 views

CVE-2025-55157

Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1400, When processing nested tuples in Vim script, an error during evaluation can trigger a use-after-free in Vim’s internal tuple reference management. Specifically, the tupleunref function may access alread...

8.8CVSS5.9AI score0.00321EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/08/11 11:15 p.m.2 views

CVE-2025-55159

slab is a pre-allocated storage for a uniform data type. In version 0.4.10, the getdisjointmut method incorrectly checked if indices were within the slab's capacity instead of its length, allowing access to uninitialized memory. This could lead to undefined behavior or potential crashes. This has...

5.1CVSS5.8AI score0.00156EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/08/11 9:15 p.m.4 views

CVE-2025-40920

Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. Data::UUID does not use a strong cryptographic source for generating UUIDs. Data::UUID returns v3 UUIDs, which are generated from known information and are unsuitable...

8.6CVSS5.8AI score0.00388EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/08/11 7:15 p.m.4 views

CVE-2025-51824

libcsp 2.0 is vulnerable to Buffer Overflow in the cspusartopen function at drivers/usart/zephyr.c...

6.5CVSS5.9AI score0.00246EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/08/11 7:15 p.m.2 views

CVE-2025-51823

libcsp 2.0 is vulnerable to Buffer Overflow in the cspethinit function due to improper handling of the ifname parameter. The function uses strcpy to copy the interface name into a structure member ctx-name without validating the input length...

6.5CVSS5.9AI score0.00247EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/08/11 4:15 p.m.4 views

CVE-2025-38499

In the Linux kernel, the following vulnerability has been resolved: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns What we want is to verify there is that clone won't expose something hidden by a mount we wouldn't be able to undo. "Wouldn't be able to undo" may be a...

5.5CVSS6.3AI score0.00137EPSS
Exploits0References39
UbuntuCve
UbuntuCve
added 2025/08/11 2:15 p.m.1 views

CVE-2025-8851

A vulnerability was determined in LibTIFF up to 4.5.1. Affected by this issue is the function readSeparateStripsetoBuffer of the file tools/tiffcrop.c of the component tiffcrop. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The patch is...

5.3CVSS6AI score0.00162EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2025/08/11 1:15 p.m.3 views

CVE-2025-8672

MacOS version of GIMP bundles a Python interpreter that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the application...

7.8CVSS5.9AI score0.003EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/08/11 1:15 p.m.3 views

CVE-2025-8846

A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected is the function parseline of the file parser.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used...

7.8CVSS5.7AI score0.00247EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2025/08/11 1:15 p.m.3 views

CVE-2025-8845

A vulnerability was identified in NASM Netwide Assember 2.17rc0. This issue affects the function assemblefile of the file nasm.c. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be...

7.8CVSS6.3AI score0.00247EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2025/08/11 12:15 p.m.2 views

CVE-2025-8844

A vulnerability was determined in NASM Netwide Assember 2.17rc0. This vulnerability affects the function parsesmacrotemplate of the file preproc.c. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used...

5.5CVSS5.4AI score0.00248EPSS
Exploits1References8
UbuntuCve
UbuntuCve
added 2025/08/11 11:15 a.m.2 views

CVE-2025-8843

A vulnerability was found in NASM Netwide Assember 2.17rc0. This affects the function machonodeadstrip of the file outmacho.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used...

7.8CVSS5.9AI score0.00233EPSS
Exploits1References7
UbuntuCve
UbuntuCve
added 2025/08/11 11:15 a.m.3 views

CVE-2025-8842

A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected by this issue is the function dodirective of the file preproc.c. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used...

7.8CVSS5.5AI score0.00203EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2025/08/11 8:15 a.m.1 views

CVE-2025-8837

A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpcdecdump of the file src/libjasper/jpc/jpcdec.c of the component JPEG2000 File Handler. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public...

7.8CVSS5.2AI score0.00204EPSS
Exploits1References8
UbuntuCve
UbuntuCve
added 2025/08/11 8:15 a.m.1 views

CVE-2025-8747

A safe mode bypass vulnerability in the Model.loadmodel method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted .keras model archive...

8.6CVSS6AI score0.00112EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/08/11 8:15 a.m.1 views

CVE-2025-8836

A vulnerability was determined in JasPer up to 4.2.5. Affected by this issue is the function jpcfloorlog2 of the file src/libjasper/jpc/jpcenc.c of the component JPEG2000 Encoder. The manipulation leads to reachable assertion. The attack needs to be approached locally. The exploit has been...

4.8CVSS5.3AI score0.00184EPSS
Exploits1References7
UbuntuCve
UbuntuCve
added 2025/08/11 7:15 a.m.2 views

CVE-2025-8835

A vulnerability was found in JasPer up to 4.2.5. Affected by this vulnerability is the function jasimagechclrspc of the file src/libjasper/base/jasimage.c of the component Image Color Space Conversion Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack...

5.5CVSS5.4AI score0.00193EPSS
Exploits1References8
UbuntuCve
UbuntuCve
added 2025/08/09 3:15 p.m.2 views

CVE-2024-58238

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test This fixes the tx timeout issue seen while running a stress test on btnxpuart for couple of hours, such that the interval between two HCI commands coincide...

5.5CVSS5.9AI score0.00119EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/08/09 3:15 p.m.3 views

CVE-2022-50233

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: eir: Fix using strlen with hdev-devname,shortname Both devname and shortname are not guaranteed to be NULL terminated so this instead use strnlen and then attempt to determine if the resulting string needs to be...

5.5CVSS5.7AI score0.00121EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/08/09 6:15 a.m.2 views

CVE-2025-8746

A vulnerability, which was classified as problematic, was found in GNU libopts up to 27.6. Affected is the function strstrsse2. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. This issue w...

5.5CVSS5.2AI score0.00195EPSS
Exploits1References8
UbuntuCve
UbuntuCve
added 2025/08/08 9:15 p.m.5 views

CVE-2025-55188

7-Zip before 25.01 does not always properly handle symbolic links during extraction...

3.6CVSS6.9AI score0.0069EPSS
Exploits2References4
UbuntuCve
UbuntuCve
added 2025/08/08 7:15 p.m.3 views

CVE-2025-8735

A vulnerability classified as problematic was found in GNU cflow up to 1.8. Affected by this vulnerability is the function yylex of the file c.c of the component Lexer. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to th...

4.8CVSS4.7AI score0.00133EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2025/08/08 7:15 p.m.1 views

CVE-2025-8736

A vulnerability, which was classified as critical, has been found in GNU cflow up to 1.8. Affected by this issue is the function yylex of the file c.c of the component Lexer. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclose...

5.3CVSS5.7AI score0.00147EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2025/08/08 5:15 p.m.5 views

CVE-2025-8732

A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requirement. The exploit has been disclosed to...

4.8CVSS5.6AI score0.00143EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2025/08/08 12:0 a.m.2 views

CVE-2025-8734

Last updated 28 August 2025...

4.2AI score0.00019EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/08/08 12:0 a.m.2 views

CVE-2025-8733

Last updated 28 August 2025...

4.2AI score0.00019EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/08/07 9:15 p.m.6 views

CVE-2025-45765

ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective is "keysize is not something that is enforced by this library. Currently more recent versions of OpenSSL are enforcing some key sizes and those restrictions apply to the users of this gem also."...

9.1CVSS5.9AI score0.00152EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/08/07 8:15 p.m.3 views

CVE-2025-47806

In GStreamer through 1.26.1, the subparse plugin's parsesubriptime function may write data past the bounds of a stack buffer, leading to a crash...

5.6CVSS6.9AI score0.00259EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2025/08/07 8:15 p.m.1 views

CVE-2025-47219

In GStreamer through 1.26.1, the isomp4 plugin's qtdemuxparsetrak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure...

8.1CVSS6.8AI score0.00578EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2025/08/07 8:15 p.m.1 views

CVE-2025-47183

In GStreamer through 1.26.1, the isomp4 plugin's qtdemuxparsetree function may read past the end of a heap buffer while parsing an MP4 file, leading to information disclosure...

6.6CVSS6.8AI score0.00187EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2025/08/07 8:15 p.m.2 views

CVE-2025-47807

In GStreamer through 1.26.1, the subparse plugin's subripunescapeformatting function may dereference a NULL pointer while parsing a subtitle file, leading to a crash...

5.5CVSS6.8AI score0.00185EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2025/08/07 8:15 p.m.2 views

CVE-2025-47808

In GStreamer through 1.26.1, the subparse plugin's tmplayerparseline function may dereference a NULL pointer while parsing a subtitle file, leading to a crash...

5.6CVSS6.9AI score0.00428EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2025/08/07 4:15 p.m.2 views

CVE-2025-47907

Cancelling a query e.g. by cancelling the context passed to one of the query methods during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with...

7CVSS6.8AI score0.00331EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2025/08/07 3:15 p.m.4 views

CVE-2025-50952

openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c...

6.5CVSS6.9AI score0.00242EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/08/07 2:15 a.m.5 views

CVE-2025-8577

Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.9AI score0.00225EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/08/07 2:15 a.m.3 views

CVE-2025-8579

Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.9AI score0.00225EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/08/07 2:15 a.m.3 views

CVE-2025-8583

Inappropriate implementation in Permissions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.9AI score0.00209EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/08/07 2:15 a.m.4 views

CVE-2025-8578

Use after free in Cast in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS7.2AI score0.00313EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/08/07 2:15 a.m.5 views

CVE-2025-8580

Inappropriate implementation in Filesystems in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.9AI score0.00225EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/08/07 2:15 a.m.5 views

CVE-2025-8576

Use after free in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: Medium...

8.8CVSS7.2AI score0.003EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/08/07 2:15 a.m.5 views

CVE-2025-8581

Inappropriate implementation in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.9AI score0.00257EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/08/07 2:15 a.m.4 views

CVE-2025-8582

Insufficient validation of untrusted input in Core in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.9AI score0.00223EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/08/07 1:15 a.m.3 views

CVE-2025-3770

EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability...

7CVSS7.3AI score0.0014EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/08/07 12:0 a.m.3 views

CVE-2025-54799

Let's Encrypt client and ACME library written in Go Lego. In versions 4.25.1 and below, the github.com/go-acme/lego/v4/acme/api package thus the lego library and the lego cli as well don't enforce HTTPS when talking to CAs as an ACME client. Unlike the http-01 challenge which solves an ACME...

6CVSS5.9AI score0.00199EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/08/07 12:0 a.m.6 views

CVE-2025-54798

tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4...

5.3CVSS6.8AI score0.00309EPSS
Exploits1References4
Total number of security vulnerabilities68528