Lucene search
K
UbuntucveRecent

68528 matches found

UbuntuCve
UbuntuCve
added 2025/07/15 8:15 p.m.5 views

CVE-2025-50088

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4.9CVSS7AI score0.00564EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/07/15 8:15 p.m.4 views

CVE-2025-50077

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4.9CVSS7AI score0.00564EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/07/15 8:15 p.m.3 views

CVE-2025-53027

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle ...

8.2CVSS7.1AI score0.00233EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/07/15 8:15 p.m.4 views

CVE-2025-50080

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Stored Procedure. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

4.9CVSS7AI score0.00559EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/07/15 8:15 p.m.2 views

CVE-2025-50086

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Components Services. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

4.9CVSS7AI score0.00517EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/07/15 8:15 p.m.3 views

CVE-2025-50084

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MyS...

4.9CVSS7AI score0.00517EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/07/15 8:15 p.m.2 views

CVE-2025-50083

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQ...

6.5CVSS7AI score0.00529EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/07/15 8:15 p.m.3 views

CVE-2025-50076

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.0-8.0.25. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

6.5CVSS7AI score0.00525EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/07/15 8:15 p.m.6 views

CVE-2025-50079

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MyS...

4.9CVSS7AI score0.00564EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/07/15 8:15 p.m.8 views

CVE-2025-50059

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1...

8.6CVSS6.9AI score0.00501EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2025/07/15 8:15 p.m.5 views

CVE-2025-50099

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4.9CVSS7AI score0.00472EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/07/15 8:15 p.m.4 views

CVE-2025-50106

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1;...

8.1CVSS6.8AI score0.00611EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2025/07/15 8:15 p.m.2 views

CVE-2025-53023

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 8.0.0-8.0.42. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac...

4.9CVSS7AI score0.00485EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/07/15 8:15 p.m.4 views

CVE-2025-50102

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MyS...

4.9CVSS7AI score0.00468EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/07/15 8:15 p.m.6 views

CVE-2025-30749

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1;...

8.1CVSS6.8AI score0.01058EPSS
Exploits1References9
UbuntuCve
UbuntuCve
added 2025/07/15 6:15 p.m.5 views

CVE-2025-7657

Use after free in WebRTC in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.2AI score0.00497EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/07/15 6:15 p.m.4 views

CVE-2025-6558

Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.3AI score0.09185EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/07/15 6:15 p.m.4 views

CVE-2025-7656

Integer overflow in V8 in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.2AI score0.0863EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/07/15 1:15 p.m.5 views

CVE-2025-34104

An authenticated remote code execution vulnerability exists in Piwik now Matomo versions prior to 3.0.3 via the plugin upload mechanism. In vulnerable versions, an authenticated user with Superuser privileges can upload and activate a malicious plugin ZIP archive, leading to arbitrary PHP code...

9.4CVSS6.5AI score0.00893EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2025/07/15 12:0 a.m.8 views

CVE-2025-6965

There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above...

9.8CVSS6.8AI score0.73495EPSS
Exploits3References3
UbuntuCve
UbuntuCve
added 2025/07/14 9:15 p.m.5 views

CVE-2025-53643

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed i.e. without the...

7.5CVSS6.8AI score0.00297EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/07/14 9:15 p.m.6 views

CVE-2025-53819

Nix is a package manager for Linux and other Unix systems. Builds with Nix 2.30.0 on macOS were executed with elevated privileges root, instead of the build users. The fix was applied to Nix 2.30.1. No known workarounds are available...

7.9CVSS5.9AI score0.00122EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/07/14 8:15 p.m.6 views

CVE-2025-53019

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's magick stream command, specifying multiple consecutive %d format specifiers in a filename template causes a memory leak. Versions 7.1.2-0 and...

7.5CVSS5.9AI score0.00466EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/07/14 8:15 p.m.4 views

CVE-2025-53015

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0, infinite lines occur when writing during a specific XMP file conversion command. Version 7.1.2-0 fixes the issue...

7.5CVSS5.9AI score0.00707EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2025/07/14 8:15 p.m.5 views

CVE-2025-53101

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's magick mogrify command, specifying multiple consecutive %d format specifiers in a filename template causes internal pointer arithmetic to...

9.8CVSS5.9AI score0.00792EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2025/07/14 6:15 p.m.7 views

CVE-2025-53014

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the InterpretImageFilename function. The issue stems from an off-by-one error that causes out-of-bounds memory access when processi...

9.8CVSS6.1AI score0.00617EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2025/07/14 2:15 p.m.5 views

CVE-2025-7519

A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account i...

6.7CVSS6.7AI score0.00184EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/07/14 10:15 a.m.3 views

CVE-2025-53689

Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-core in Apache Jackrabbit 2.23.2 due to usage of an unsecured document build to load privileges. Users are recommended to upgrade to versions 2.20.17 Java 8, 2.22.1 Java 11 or 2.23.2 Java 11, beta versions, which fix this issue...

8.8CVSS7AI score0.00466EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/07/13 11:15 p.m.5 views

CVE-2025-1735

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. pgsql and pdopgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid...

7.5CVSS7AI score0.00953EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/07/13 11:15 p.m.4 views

CVE-2025-1220

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 some functions like fsockopen lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parseurl treat the hostname in different way, thus openin...

5.3CVSS6.6AI score0.00514EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2025/07/13 10:15 p.m.4 views

CVE-2025-7545

A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copysection of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the publ...

7.8CVSS5.4AI score0.00254EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/07/13 10:15 p.m.3 views

CVE-2025-7546

A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfdelfsetgroupcontents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has bee...

7.8CVSS5.3AI score0.00172EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/07/13 10:15 p.m.5 views

CVE-2025-6491

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 when parsing XML data in SOAP extensions, overly large 2Gb XML namespace prefix may lead to null pointer dereference. This may lead to crashes and affect the availability of the target server...

5.9CVSS7AI score0.00944EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2025/07/13 8:15 p.m.4 views

CVE-2025-53865

In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates devel and responsive...

6.4CVSS5.8AI score0.00184EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/07/12 7:15 a.m.2 views

CVE-2025-7464

A vulnerability classified as problematic has been found in osrg GoBGP up to 3.37.0. Affected is the function SplitRTR of the file pkg/packet/rtr/rtr.go. The manipulation leads to out-of-bounds read. It is possible to launch the attack remotely. The complexity of an attack is rather high. The...

6.3CVSS4.5AI score0.00406EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/07/12 6:15 a.m.4 views

CVE-2025-7462

A vulnerability was found in Artifex GhostPDL up to 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. It has been classified as problematic. This affects the function pdfferror of the file devices/vector/gdevpdf.c of the component New Output File Open Error Handler. The manipulation leads to null pointer...

5.3CVSS5.7AI score0.00388EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2025/07/12 4:15 a.m.4 views

CVE-2025-24294

The attack vector is a potential Denial of Service DoS. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses suc...

7.5CVSS6.7AI score0.00539EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/07/12 12:15 a.m.4 views

CVE-2025-5199

In Canonical Multipass up to and including version 1.15.1 on macOS, incorrect default permissions allow a local attacker to escalate privileges by modifying files executed with administrative privileges by a Launch Daemon during system startup...

7.8CVSS5.8AI score0.0015EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2025/07/11 5:15 p.m.8 views

CVE-2025-45582

GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file,...

4.1CVSS6.7AI score0.00433EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2025/07/11 3:15 p.m.1 views

CVE-2025-48924

Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass... can throw StackOverflowError on very long input...

5.3CVSS6.7AI score0.02164EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/07/11 2:15 p.m.2 views

CVE-2025-51591

A Server-Side Request Forgery SSRF in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. Note: Some users have stated that Pandoc by default can retrieve and parse untrusted HTML content which can enable SSRF vulnerabilitie...

3.7CVSS6.1AI score0.00609EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2025/07/11 12:0 a.m.3 views

CVE-2025-5992

When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QColorSpace::fromICCProfile.This issue affects Qt from 6.6.0 through 6.8.3, from 6.9.0 through 6.9.1...

2.3CVSS5.8AI score0.00278EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/07/11 12:0 a.m.3 views

CVE-2025-53864

Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the Connect2i...

5.8CVSS6.9AI score0.00806EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/07/10 8:15 p.m.3 views

CVE-2025-53630

llama.cpp is an inference of several LLM models in C/C++. Integer Overflow in the ggufinitfromfileimpl function in ggml/src/gguf.cpp can lead to Heap Out-of-Bounds Read/Write. This vulnerability is fixed in commit 26a48ad699d50b6268900062661bd22f3e792579...

9.3CVSS5.9AI score0.00318EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/07/10 8:15 p.m.5 views

CVE-2025-53506

Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1...

7.5CVSS7AI score0.01898EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/07/10 8:15 p.m.3 views

CVE-2025-53628

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.20.1, cpp-httplib does not have a limit for a unique line, permitting an attacker to explore this to allocate memory arbitrarily. This vulnerability is fixed in 0.20.1. NOTE: This vulnerability is related...

8.8CVSS5.7AI score0.00442EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2025/07/10 8:15 p.m.3 views

CVE-2025-53629

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.23.0, incoming requests using Transfer-Encoding: chunked in the header can allocate memory arbitrarily in the server, potentially leading to its exhaustion. This vulnerability is fixed in 0.23.0. NOTE: Th...

7.5CVSS5.7AI score0.00505EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2025/07/10 7:15 p.m.10 views

CVE-2025-52434

Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This issue affects Apache Tomcat: from 9.0.0.M1 throug...

7.5CVSS7AI score0.01819EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/07/10 7:15 p.m.9 views

CVE-2025-52520

For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. The following...

7.5CVSS7AI score0.0196EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/07/10 5:15 p.m.5 views

CVE-2024-42516

HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response. This vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP...

7.5CVSS6.8AI score0.00679EPSS
Exploits0References6
Total number of security vulnerabilities68528