Lucene search
K
UbuntucveRecent

68528 matches found

UbuntuCve
UbuntuCve
•added 2025/08/06 9:15 p.m.•3 views

CVE-2025-47908

Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers ACRH header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt...

7.5CVSS6.8AI score0.00533EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/08/06 8:15 p.m.•4 views

CVE-2025-45766

poco v1.14.1-release was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is...

7CVSS5.8AI score0.00124EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2025/08/06 4:15 p.m.•6 views

CVE-2024-8244

The filepath.Walk and filepath.WalkDir functions are documented as not following symbolic links, but both functions are susceptible to a TOCTOU time of check/time of use race condition where a portion of the path being walked is replaced with a symbolic link while the walk is in progress...

3.7CVSS5.9AI score0.0019EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/08/06 9:15 a.m.•3 views

CVE-2025-8556

A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange...

3.7CVSS6.7AI score0.00452EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2025/08/06 12:15 a.m.•1 views

CVE-2025-54869

FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. In versions 2.6.2 and below, any application that uses FPDI to process user-supplied PDF files is at risk, causing a Denial of Service DoS vulnerability. An attacker...

6CVSS5.9AI score0.00279EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/08/06 12:15 a.m.•6 views

CVE-2025-54571

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we have demonstrate...

6.9CVSS6.7AI score0.00263EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2025/08/05 8:15 p.m.•4 views

CVE-2012-10024

XBMC version 11.0 contains a path traversal vulnerability in its embedded HTTP server. When accessed via HTTP Basic Authentication, the server fails to properly sanitize URI input, allowing authenticated users to request files outside the intended document root. An attacker can exploit this flaw ...

7.1CVSS5.9AI score0.0106EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2025/08/05 7:15 p.m.•3 views

CVE-2025-45512

A lack of signature verification in the bootloader of DENX Software Engineering Das U-Boot U-Boot v1.1.3 allows attackers to install crafted firmware files, leading to arbitrary code execution...

6.5CVSS6AI score0.00301EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2025/08/05 5:15 p.m.•5 views

CVE-2025-8585

A vulnerability, which was classified as critical, has been found in libav up to 12.3. Affected by this issue is the function main of the file /avtools/avconv.c of the component DSS File Demuxer. The manipulation leads to double free. Attacking locally is a requirement. The exploit has been...

5.3CVSS5.6AI score0.00202EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2025/08/05 12:0 a.m.•5 views

CVE-2025-8584

A vulnerability classified as problematic was found in libav up to 12.3. Affected by this vulnerability is the function avbufferunref of the file libavutil/buffer.c of the component AVI File Parser. The manipulation leads to null pointer dereference. Local access is required to approach this...

4.8CVSS4.9AI score0.00198EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2025/08/05 12:0 a.m.•4 views

CVE-2025-8586

A vulnerability, which was classified as problematic, was found in libav up to 12.3. This affects the function ffseekframebinary of the file /libavformat/utils.c of the component MPEG File Parser. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local...

4.8CVSS5.2AI score0.00212EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2025/08/05 12:0 a.m.•7 views

CVE-2025-54119

ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. In versions 5.22.9 and below, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database a...

10CVSS6AI score0.00463EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/08/05 12:0 a.m.•3 views

CVE-2025-54874

OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG from 2.5.1 through 2.5.3, a call to opjjp2readheader may lead to OOB heap memory write when the data stream pstream is too short and pimage is not initialized...

9.8CVSS7.2AI score0.00599EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/08/05 12:0 a.m.•4 views

CVE-2025-8534

A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PSLvl2page of the file tools/tiff2ps.c of the component tiff2ps. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The complexity ...

2.5CVSS5.1AI score0.00182EPSS
Exploits1References10
UbuntuCve
UbuntuCve
•added 2025/08/04 8:15 p.m.•4 views

CVE-2025-50340

An Insecure Direct Object Reference IDOR vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in the email-sending request. The server fails to verify whether the authenticated...

4.3CVSS5.9AI score0.00317EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/08/04 8:15 p.m.•4 views

CVE-2025-55014

The YouDao plugin for StarDict, as used in stardict 3.0.7+git20220909+dfsg-6 in Debian trixie and elsewhere, sends an X11 selection to the dict.youdao.com and dict.cn servers via cleartext HTTP...

4.7CVSS5.9AI score0.00377EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/08/04 6:15 p.m.•5 views

CVE-2025-46206

An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service via an infinite recursion in the mutool clean utility. When processing a crafted PDF file containing cyclic /Next references in the outline structure, the stripoutline function enters infinite recursion...

6.5CVSS6.6AI score0.004EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2025/08/04 5:15 p.m.•4 views

CVE-2025-50420

An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an infinite recursion via supplying a crafted PDF file. This can lead to a Denial of Service DoS...

6.5CVSS6.6AI score0.00313EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/08/04 5:15 p.m.•3 views

CVE-2025-50422

Cairo through 1.18.4, as used in Poppler through 25.08.0, has an "unscaled-face == NULL" assertion failure for cairoftunscaledfontfini in cairo-ft-font.c...

2.9CVSS6.1AI score0.00213EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/08/03 6:15 p.m.•3 views

CVE-2025-54956

The gh package before 1.5.0 for R delivers an HTTP response in a data structure that includes the Authorization header from the corresponding HTTP request...

3.2CVSS5.9AI score0.0014EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/08/03 2:15 a.m.•6 views

CVE-2025-54349

In iperf before 3.19.1, iperfauth.c has an off-by-one error and resultant heap-based buffer overflow...

10CVSS6.4AI score0.00381EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/08/03 2:15 a.m.•4 views

CVE-2025-54350

In iperf before 3.19.1, iperfauth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt...

5.3CVSS6.1AI score0.00398EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/08/03 2:15 a.m.•6 views

CVE-2025-54351

In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used for MSGTRUNC in recv...

10CVSS6.1AI score0.004EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/08/03 12:15 a.m.•6 views

CVE-2025-54955

OpenNebula Community Edition CE before 7.0.0 and Enterprise Edition EE before 6.10.3 have a critical FireEdge race condition that can lead to full account takeover. By exploiting this, an unauthenticated attacker can obtain a valid JSON Web Token JWT belonging to a legitimate user without knowled...

8.1CVSS5.9AI score0.00343EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2025/08/02 11:15 p.m.•2 views

CVE-2023-32253

A flaw was found in the Linux kernel's ksmbd component. A deadlock is triggered by sending multiple concurrent session setup requests, possibly leading to a denial of service...

5.9CVSS6.2AI score0.00298EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/08/02 11:15 p.m.•2 views

CVE-2023-32255

A flaw was found in the Linux kernel's ksmbd component. A memory leak can occur if a client sends a session setup request with an unknown NTLMSSP message type, potentially leading to resource exhaustion...

5.3CVSS6AI score0.00473EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2025/08/02 10:15 p.m.•2 views

CVE-2025-23279

NVIDIA .run Installer for Linux and Solaris contains a vulnerability where an attacker could use a race condition to escalate privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, denial of service, or data tampering...

7CVSS6AI score0.00097EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/08/02 10:15 p.m.•5 views

CVE-2025-23286

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where an attacker could read invalid memory. A successful exploit of this vulnerability might lead to information disclosure...

4.4CVSS5.9AI score0.00139EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/08/01 10:15 p.m.•8 views

CVE-2024-13978

A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as problematic. Affected by this vulnerability is the function t2preadtiffinit of the file tools/tiff2pdf.c of the component fax2ps. The manipulation leads to null pointer dereference. The attack needs to be approached locally...

2.5CVSS5.3AI score0.00187EPSS
Exploits1References10
UbuntuCve
UbuntuCve
•added 2025/08/01 6:15 p.m.•24 views

CVE-2025-54574

Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work around this issue, disable URN access...

9.8CVSS7.7AI score0.22744EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/08/01 6:15 p.m.•3 views

CVE-2025-49832

Asterisk is an open source private branch exchange and telephony toolkit. In versions up to and including 18.26.2, between 20.00.0 and 20.15.0, 20.7-cert6, 21.00.0, 22.00.0 through 22.5.0, there is a remote DoS and possible RCE condition in asterisk/res/resstirshaken /verification.c that can be...

6.5CVSS6AI score0.00446EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2025/08/01 6:15 p.m.•3 views

CVE-2023-32256

A flaw was found in the Linux kernel's ksmbd component. A race condition between smb2 close operation and logoff in multichannel connections could result in a use-after-free issue...

7.5CVSS7AI score0.00526EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2025/08/01 5:15 p.m.•2 views

CVE-2025-48074

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocation and performance...

5.5CVSS5.9AI score0.00259EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2025/08/01 3:15 p.m.•2 views

CVE-2025-45767

jose v6.0.10 was discovered to contain weak encryption. NOTE: this is disputed by a third party because the claim of "do not meet recommended security standards" does not reflect guidance in a final publication...

7CVSS6.4AI score0.00145EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2025/08/01 12:0 a.m.•6 views

CVE-2025-8454

It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts a collection of scripts to make the life of a Debian Package maintainer easier, skips OpenPGP verification if the upstream source is already downloaded from a previous run even...

9.8CVSS5.9AI score0.00235EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/08/01 12:0 a.m.•3 views

CVE-2025-53399

In Sipwise rtpengine before 13.4.1.1, an origin-validation error in the endpoint-learning logic of the media-relay core allows remote attackers to inject or intercept RTP/SRTP media streams via RTP packets except when the relay is configured for strict source and learning disabled. Version 13.4.1...

6.9CVSS5.9AI score0.04982EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2025/07/31 9:15 p.m.•3 views

CVE-2025-48073

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, when reading a deep scanline image with a large sample count in reduceMemory mode, it is possible to crash a target application with a...

6.2CVSS5.9AI score0.00198EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/07/31 9:15 p.m.•1 views

CVE-2023-32251

A vulnerability has been identified in the Linux kernel's ksmbd component kernel SMB/CIFS server. A security control designed to prevent dictionary attacks, which introduces a 5-second delay during session setup, can be bypassed through the use of asynchronous requests. This bypass negates the...

3.7CVSS5.8AI score0.00433EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/07/31 9:15 p.m.•4 views

CVE-2025-45768

pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the application that uses the library admittedly, library users may benefit from a minimum value and a mechanism for opting in to strict enforcement...

7CVSS5.9AI score0.0016EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/07/31 9:15 p.m.•2 views

CVE-2025-48072

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Version 3.3.2 is vulnerable to a heap-based buffer overflow during a read operation due to bad pointer math when decompressing DWAA-packed scan-line EXR...

9.1CVSS6.1AI score0.00496EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2025/07/31 9:15 p.m.•4 views

CVE-2025-48071

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.2 through 3.3.0, there is a heap-based buffer overflow during a write operation when decompressing ZIPS-packed deep scan-line EXR files...

8.4CVSS7.3AI score0.00312EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2025/07/31 8:15 p.m.•9 views

CVE-2025-45770

jwt v5.4.3 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant ...

7CVSS5.8AI score0.00124EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2025/07/31 9:15 a.m.•3 views

CVE-2025-24853

A carefully crafted request when creating a header link using the wiki markup syntax, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Further research by the JSPWiki team showed that the markdown parser allowed this...

7.5CVSS5.9AI score0.00525EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/07/31 9:15 a.m.•3 views

CVE-2025-24854

A carefully crafted request using the Image plugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.3 or later...

6.1CVSS5.9AI score0.00447EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/07/30 8:15 p.m.•2 views

CVE-2025-53022

TrustedFirmware-M aka Trusted Firmware for M profile Arm CPUs before 2.1.3 and 2.2.x before 2.2.1 lacks length validation during a firmware upgrade. While processing a new image, the Firmware Upgrade FWU module does not validate the length field of the Type-Length-Value TLV structure for dependen...

8.6CVSS6AI score0.0043EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/07/30 4:15 p.m.•4 views

CVE-2023-2593

A flaw exists within the Linux kernel's handling of new TCP connections. The issue results from the lack of memory release after its effective lifetime. This vulnerability allows an unauthenticated attacker to create a denial of service condition on the system...

5.9CVSS6.2AI score0.00726EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2025/07/30 3:15 p.m.•1 views

CVE-2025-53112

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 9.1.0 through 10.0.18, a lack of permission checks can result in unauthorized removal of some specific resources. This is fixed in version 10.0.1...

4.3CVSS5.8AI score0.00194EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/07/30 3:15 p.m.•1 views

CVE-2025-53111

GLPI is a Free Asset and IT Management Software package. In versions 0.80 through 10.0.18, a lack of permission checks can result in unauthorized access to some resources. This is fixed in version 10.0.19...

6.5CVSS5.8AI score0.00256EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/07/30 3:15 p.m.•1 views

CVE-2025-53357

GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 0.78 through 10.0.18, a connected user can alter the reservations of another user. Thi...

5.4CVSS5.9AI score0.00176EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/07/30 3:15 p.m.•1 views

CVE-2025-53113

GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 0.65 through 10.0.18, a technician can use the external links feature to fetch...

2.7CVSS5.9AI score0.00228EPSS
Exploits0References2
Total number of security vulnerabilities68528