Lucene search
K
UbuntucveRecent

68528 matches found

UbuntuCve
UbuntuCve
•added 2026/04/22 2:16 p.m.•8 views

CVE-2026-31436

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix possible wrong descriptor completion in llistabortdesc At the end of this function, d is the traversal cursor of flist, but the code completes found instead. This can lead to issues such as NULL pointer...

9.8CVSS5.7AI score0.00457EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/04/22 2:16 p.m.•8 views

CVE-2026-33596

A client might theoretically be able to cause a mismatch between queries sent to a backend and the received responses by sending a flood of perfectly timed queries that are routed to a TCP-only or DNS over TLS backend...

6.5CVSS5.8AI score0.00169EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/04/22 2:16 p.m.•7 views

CVE-2026-31511

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix dangling pointer on mgmtaddadvpatternsmonitorcomplete This fixes the condition checking so mgmtpendingvalid is executed whenever status != -ECANCELED otherwise calling mgmtpendingfreecmd would kfreecmd withou...

7.8CVSS5.8AI score0.00129EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/04/22 2:16 p.m.•6 views

CVE-2026-31521

In the Linux kernel, the following vulnerability has been resolved: module: Fix kernel panic when a symbol stshndx is out of bounds The module loader doesn't check for bounds of the ELF section index in simplifysymbols: for i = 1; i shsize / sizeofElfSym; i++ const char name = info-strtab +...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/04/22 12:0 p.m.•13 views

CVE-2026-35328

Infinite Loop When Handling Supported Versions TLS Extension...

5.7AI score
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/04/22 12:0 p.m.•12 views

CVE-2026-35333

Integer Underflow When Handling RADIUS Attributes...

5.7AI score
Exploits3References4
UbuntuCve
UbuntuCve
•added 2026/04/22 12:0 p.m.•9 views

CVE-2026-35334

Possible NULL-Pointer Dereference in RSA Decryption...

5.7AI score
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/04/22 12:0 p.m.•14 views

CVE-2026-35330

Integer Underflow When Handling EAP-SIM/AKA Attributes...

5.7AI score
Exploits3References4
UbuntuCve
UbuntuCve
•added 2026/04/22 12:0 p.m.•13 views

CVE-2026-35332

NULL-Pointer Dereference When Handling ECDH Public Value in TLS...

5.7AI score
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/04/22 12:0 p.m.•12 views

CVE-2026-35331

Accepting Certificates Violating Name Constraints...

5.8AI score
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/04/22 12:0 p.m.•11 views

CVE-2026-35329

NULL-Pointer Dereference When Processing Padding in PKCS7...

5.7AI score
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/04/22 10:16 a.m.•5 views

CVE-2026-33601

If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zone that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service...

4.9CVSS5.8AI score0.00512EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/04/22 10:16 a.m.•5 views

CVE-2026-33261

A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of service...

5.9CVSS5.8AI score0.00228EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/04/22 10:16 a.m.•7 views

CVE-2026-33258

By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC3 caches...

7.5CVSS5.8AI score0.00583EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/04/22 10:16 a.m.•7 views

CVE-2026-33259

Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free and/or a crash of the recursor. Normally concurrent transfers of the same RPZ zone can only occur with a malfunctioning RPZ provider...

5CVSS5.8AI score0.00225EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/04/22 10:16 a.m.•5 views

CVE-2026-33262

An attacker can send replies that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. Cookies are disabled by default...

5.9CVSS5.8AI score0.00418EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/04/22 10:16 a.m.•4 views

CVE-2026-33260

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...

7.5CVSS5.8AI score0.00524EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/04/22 10:16 a.m.•6 views

CVE-2026-33256

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...

7.5CVSS5.8AI score0.00606EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/04/22 10:16 a.m.•6 views

CVE-2026-33257

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...

7.5CVSS5.8AI score0.00514EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/04/22 10:16 a.m.•5 views

CVE-2026-33600

An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service...

4.9CVSS5.8AI score0.00523EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/04/22 9:16 a.m.•13 views

CVE-2026-6845

A flaw was found in binutils, specifically within the readelf utility. This vulnerability allows a local attacker to cause a Denial of Service DoS by tricking a user into processing a specially crafted Executable and Linkable Format ELF file. The exploitation of this flaw can lead to the system...

5CVSS5.7AI score0.00141EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/04/22 9:16 a.m.•10 views

CVE-2026-31433

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial OOB in getfileallinfo for compound requests When a compound request consists of QUERYDIRECTORY + QUERYINFO FILEALLINFORMATION and the first command consumes nearly the entire maxtranssize, getfileallinfo woul...

8.8CVSS5.9AI score0.006EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/04/22 9:16 a.m.•5 views

CVE-2026-6844

A flaw was found in the readelf utility of the binutils package. A local attacker could exploit two Denial of Service DoS vulnerabilities by providing a specially crafted Executable and Linkable Format ELF file. One vulnerability, a resource exhaustion CWE-400, can lead to an out-of-memory...

5.5CVSS5.7AI score0.00104EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/04/22 9:16 a.m.•16 views

CVE-2026-6846

A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF Extended Common Object File Format object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution,...

7.8CVSS5.9AI score0.00171EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/04/22 9:16 a.m.•6 views

CVE-2026-6843

A flaw was found in nano. A local user could exploit a format string vulnerability in the statusline function. By creating a directory with a name containing printf specifiers, the application attempts to display this name, leading to a segmentation fault SEGV. This results in a Denial of Service...

5.5CVSS5.7AI score0.00108EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/04/22 9:16 a.m.•5 views

CVE-2026-31432

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix OOB write in QUERYINFO for compound requests When a compound request such as READ + QUERYINFOSecurity is received, and the first command READ consumes most of the response buffer, ksmbd could write beyond the allocated...

8.8CVSS5.9AI score0.00507EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/04/22 9:16 a.m.•20 views

CVE-2026-31431

In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algifaead since the source and destination...

7.8CVSS6.8AI score0.96267EPSS
Exploits228References26
UbuntuCve
UbuntuCve
•added 2026/04/22 8:16 a.m.•4 views

CVE-2026-40542

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

7.3CVSS5.8AI score0.00456EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/04/22 8:16 a.m.•4 views

CVE-2026-6842

A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions 0777 instead of 0700 for the /.local directory. This allows the attacker to inject a malicious .desktop launcher, which could lead to unintended actions or...

2.5CVSS5.7AI score0.00085EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/04/22 12:0 a.m.•5 views

CVE-2026-22753

Vulnerability in Spring Spring Security. If an application is using securityMatchersString and a PathPatternRequestMatcher.Builder bean to prepend a servlet path, matching requests to that filter chain may fail and its related security components will not be exercised as intended by the...

7.5CVSS5.8AI score0.00248EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/04/22 12:0 a.m.•6 views

CVE-2026-33747

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for...

9.8CVSS5.8AI score0.00498EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/04/22 12:0 a.m.•7 views

CVE-2026-22747

Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user...

8.1CVSS5.8AI score0.00296EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/04/22 12:0 a.m.•5 views

CVE-2026-22748

Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtDecoder or NimbusReactiveJwtDecoder, it must configure an OAuth2TokenValidator separately, for example by calling setJwtValidator.This issue affects Spring Security: from 6.3.0 through 6.3.14, from...

6.5CVSS5.8AI score0.00203EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/04/22 12:0 a.m.•8 views

CVE-2026-33748

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is...

8.2CVSS5.8AI score0.00463EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2026/04/22 12:0 a.m.•7 views

CVE-2026-22746

Vulnerability in Spring Spring Security. If an application is using the UserDetailsisEnabled, isAccountNonExpired, or isAccountNonLocked user attributes, to enable, expire, or lock users, then DaoAuthenticationProvider's timing attack defense can be bypassed for users who are disabled, expired, o...

3.7CVSS5.8AI score0.00215EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/04/22 12:0 a.m.•5 views

CVE-2026-22754

Vulnerability in Spring Spring Security. If an application uses to define the servlet path for computing a path matcher, then the servlet path is not included and the related authorization rules are not exercised. This can lead to an authorization bypass.This issue affects Spring Security: from...

7.5CVSS5.8AI score0.00266EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/04/21 9:16 p.m.•11 views

CVE-2026-22003

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u481 and 8u481-b50; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows low privileged...

6CVSS7.3AI score0.00101EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/04/21 9:16 p.m.•5 views

CVE-2026-34270

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

6.5CVSS7.2AI score0.00303EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/04/21 9:16 p.m.•9 views

CVE-2026-34276

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

6.5CVSS7.2AI score0.00303EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/04/21 9:16 p.m.•6 views

CVE-2026-35238

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4.9CVSS7.2AI score0.00242EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/04/21 9:16 p.m.•6 views

CVE-2026-34308

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: JSON. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...

6.5CVSS7.2AI score0.00303EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/04/21 9:16 p.m.•10 views

CVE-2026-22004

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4.9CVSS7.2AI score0.00323EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/04/21 9:16 p.m.•5 views

CVE-2026-35240

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MyS...

4.9CVSS7.2AI score0.00242EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/04/21 9:16 p.m.•7 views

CVE-2026-34271

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

6.5CVSS7.2AI score0.00303EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/04/21 9:16 p.m.•13 views

CVE-2026-22008

Vulnerability in Oracle Java SE component: Libraries. The supported version that is affected is Oracle Java SE: 25.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this...

3.7CVSS7.3AI score0.00206EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2026/04/21 9:16 p.m.•10 views

CVE-2026-34282

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10;...

7.5CVSS7.3AI score0.00635EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2026/04/21 9:16 p.m.•4 views

CVE-2026-35248

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle...

5CVSS7.2AI score0.00096EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/04/21 9:16 p.m.•11 views

CVE-2026-22017

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQ...

6.5CVSS7.2AI score0.00303EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/04/21 9:16 p.m.•6 views

CVE-2026-34319

Vulnerability in the MySQL Shell product of Oracle MySQL component: Shell: Core Client. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Shell executes t...

5CVSS7.2AI score0.00153EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/04/21 9:16 p.m.•6 views

CVE-2026-35234

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Partition. Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks ...

4.9CVSS7.2AI score0.00299EPSS
Exploits0References1
Total number of security vulnerabilities68528