Lucene search
K
UbuntucveRecent

68528 matches found

UbuntuCve
UbuntuCve
•added 2025/07/17 8:15 p.m.•5 views

CVE-2024-41148

A code injection vulnerability has been discovered in the Robot Operating System ROS 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'hz' verb, which reports the publishing rate of a topic and accepts a user-provided Python...

7.8CVSS5.9AI score0.0019EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/07/17 8:15 p.m.•6 views

CVE-2024-39835

A code injection vulnerability has been identified in the Robot Operating System ROS 'roslaunch' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval method to process user-supplied, unsanitized parameter values within the...

7.8CVSS6AI score0.00175EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/07/17 8:15 p.m.•4 views

CVE-2025-3753

A code execution vulnerability has been identified in the Robot Operating System ROS 'rosbag' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval function to process unsanitized, user-supplied input in the 'rosbag filter' command. This...

7.8CVSS6.4AI score0.00195EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/07/17 8:15 p.m.•4 views

CVE-2024-39289

A code execution vulnerability has been discovered in the Robot Operating System ROS 'rosparam' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability stems from the use of the eval function to process unsanitized, user-supplied parameter values via special converters fo...

7.8CVSS6.4AI score0.00177EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/07/17 8:15 p.m.•4 views

CVE-2024-41921

A code injection vulnerability has been discovered in the Robot Operating System ROS 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'echo' verb, which allows a user to introspect a ROS topic and accepts a user-provided Python...

7.8CVSS6AI score0.0019EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/07/17 7:15 p.m.•4 views

CVE-2025-53816

7-Zip is a file archiver with a high compression ratio. Zeroes written outside heap buffer in RAR5 handler may lead to memory corruption and denial of service in versions of 7-Zip prior to 25.0.0. Version 25.0.0 contains a fix for the issue...

7.5CVSS7.2AI score0.00635EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2025/07/17 7:15 p.m.•2 views

CVE-2025-53817

7-Zip is a file archiver with a high compression ratio. 7-Zip supports extracting from Compound Documents. Prior to version 25.0.0, a null pointer dereference in the Compound handler may lead to denial of service. Version 25.0.0 contains a fix cor the issue...

7.5CVSS7AI score0.00614EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2025/07/17 6:15 p.m.•5 views

CVE-2025-53644

OpenCV is an Open Source Computer Vision Library. Versions 4.10.0 and 4.11.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability...

9.8CVSS6AI score0.00371EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2025/07/17 4:15 p.m.•5 views

CVE-2025-7339

on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions 1.1.0 may result in response headers being inadvertently modified when an array is passed to response.writeHead. Users should upgrade to version 1.1.0 to receive a patch. Uses are...

3.4CVSS6.7AI score0.00174EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/07/17 2:15 p.m.•18 views

CVE-2025-1713

When setting up interrupt remapping for legacy PCI-X devices, including PCI-X bridges, a lookup of the upstream bridge is required. This lookup, itself involving acquiring of a lock, is done in a context where acquiring that lock is unsafe. This can lead to a deadlock...

7.5CVSS6.6AI score0.00723EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/07/17 11:15 a.m.•6 views

CVE-2025-3415

Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01,...

4.3CVSS6.3AI score0.0089EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/07/17 12:0 a.m.•4 views

CVE-2025-5994

A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet ECS. Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information along with queries to...

8.7CVSS6.8AI score0.00188EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/07/17 12:0 a.m.•4 views

CVE-2025-40924

Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a usually SHA-1 hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID wil...

6.5CVSS5.8AI score0.00252EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/07/16 2:15 p.m.•6 views

CVE-2025-53840

Icinga DB Web provides a graphical interface for Icinga monitoring. Starting in version 1.2.0 and prior to version 1.2.2, users with access to Icinga Dependency Views, are allowed to see hosts and services that they weren't meant to on the dependency map. However, the name of an object will not b...

2.4CVSS5.8AI score0.0026EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/07/16 2:15 p.m.•7 views

CVE-2025-40918

Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce client nonce is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, i...

6.5CVSS5.8AI score0.00394EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/07/16 2:15 p.m.•18 views

CVE-2025-40776

A named caching resolver that is configured to send ECS EDNS Client Subnet options may be vulnerable to a cache-poisoning attack. This issue affects BIND 9 versions 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.37-S1, and 9.20.9-S1 through 9.20.10-S1...

8.6CVSS7.2AI score0.00197EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/07/16 1:15 p.m.•4 views

CVE-2025-40923

Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if i...

7.3CVSS5.8AI score0.00329EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2025/07/16 9:15 a.m.•5 views

CVE-2025-27465

Certain instructions need intercepting and emulating by Xen. In some cases Xen emulates the instruction by replaying it, using an executable stub. Some instructions may raise an exception, which is supposed to be handled gracefully. Certain replayed instructions have additional logic to set up an...

4.3CVSS5.9AI score0.00554EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/07/16 12:0 a.m.•7 views

CVE-2025-40777

If a named caching resolver is configured with serve-stale-enable yes, and with stale-answer-client-timeout set to 0 the only allowable value other than disabled, and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of cached or...

7.5CVSS7.2AI score0.00877EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/07/15 9:15 p.m.•8 views

CVE-2025-53906

Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim’s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction. However, successful...

4.1CVSS6.9AI score0.00731EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2025/07/15 9:15 p.m.•4 views

CVE-2025-53905

Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim’s tar.vim plugin can allow overwriting of arbitrary files when opening specially crafted tar archives. Impact is low because this exploit requires direct user interaction. However, successful...

4.1CVSS6.6AI score0.00242EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2025/07/15 9:15 p.m.•3 views

CVE-2025-30761

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Scripting. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf and 11.0.27; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows...

5.9CVSS6.8AI score0.00551EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2025/07/15 8:15 p.m.•3 views

CVE-2025-30754

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0....

4.8CVSS6.8AI score0.00381EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2025/07/15 8:15 p.m.•3 views

CVE-2025-50078

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...

6.5CVSS7AI score0.00525EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/07/15 8:15 p.m.•4 views

CVE-2025-50101

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MyS...

4.9CVSS7AI score0.00468EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/07/15 8:15 p.m.•3 views

CVE-2025-50085

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

5.5CVSS7AI score0.00425EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/07/15 8:15 p.m.•3 views

CVE-2025-50104

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

2.7CVSS7AI score0.00423EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/07/15 8:15 p.m.•4 views

CVE-2025-50095

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks ...

4.9CVSS7AI score0.00485EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/07/15 8:15 p.m.•5 views

CVE-2025-50100

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Thread Pooling. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to...

2.2CVSS7AI score0.00358EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/07/15 8:15 p.m.•5 views

CVE-2025-50103

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: LDAP Auth. Supported versions that are affected are 9.0.0-9.3.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4.4CVSS7AI score0.0041EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/07/15 8:15 p.m.•5 views

CVE-2025-50092

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4.9CVSS7AI score0.00559EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/07/15 8:15 p.m.•3 views

CVE-2025-50087

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MyS...

4.9CVSS7AI score0.00424EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/07/15 8:15 p.m.•6 views

CVE-2025-50097

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

4.9CVSS7AI score0.00468EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/07/15 8:15 p.m.•4 views

CVE-2025-50063

Vulnerability in Oracle Java SE component: Install. The supported version that is affected is Oracle Java SE: 8u451. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE executes to compromise Oracle Java SE. Successful attacks...

7.3CVSS6.9AI score0.00245EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/07/15 8:15 p.m.•4 views

CVE-2025-50096

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to...

4.4CVSS7AI score0.00185EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/07/15 8:15 p.m.•4 views

CVE-2025-50093

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

4.9CVSS7AI score0.00559EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/07/15 8:15 p.m.•5 views

CVE-2025-50098

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MyS...

2.7CVSS7AI score0.00426EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/07/15 8:15 p.m.•2 views

CVE-2025-53029

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle ...

2.3CVSS7.1AI score0.00219EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/07/15 8:15 p.m.•2 views

CVE-2025-53025

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle ...

6CVSS6.7AI score0.00291EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/07/15 8:15 p.m.•4 views

CVE-2025-53030

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle ...

6CVSS7.1AI score0.00238EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/07/15 8:15 p.m.•3 views

CVE-2025-30752

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE component: Compiler. The supported version that is affected is Oracle Java SE: 24.0.1; Oracle GraalVM for JDK: 24.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

3.7CVSS7.1AI score0.0057EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/07/15 8:15 p.m.•2 views

CVE-2025-53024

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle ...

8.2CVSS7.1AI score0.00238EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/07/15 8:15 p.m.•2 views

CVE-2025-53032

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 9.0.0-9.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks ...

4.9CVSS7AI score0.00485EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/07/15 8:15 p.m.•4 views

CVE-2025-50082

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQ...

6.5CVSS7AI score0.00525EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/07/15 8:15 p.m.•2 views

CVE-2025-53026

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle ...

6CVSS6.7AI score0.00291EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/07/15 8:15 p.m.•4 views

CVE-2025-50089

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 9.0.0-9.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks ...

4.9CVSS7AI score0.00592EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/07/15 8:15 p.m.•3 views

CVE-2025-50081

Vulnerability in the MySQL Client product of Oracle MySQL component: Client: mysqldump. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

3.1CVSS7AI score0.00244EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/07/15 8:15 p.m.•3 views

CVE-2025-53028

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle ...

8.2CVSS7.1AI score0.00233EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/07/15 8:15 p.m.•4 views

CVE-2025-50094

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 8.0.42, 8.4.5 and 9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4.9CVSS7AI score0.00485EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/07/15 8:15 p.m.•4 views

CVE-2025-50091

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MyS...

4.9CVSS7AI score0.00564EPSS
Exploits0References4
Total number of security vulnerabilities68528