Lucene search

K
CanonicalUbuntu Linux

4098 matches found

CVE
CVE
added 2011/02/22 7:0 p.m.1811 views

CVE-2011-1002

avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.

5CVSS7.8AI score0.75281EPSS
CVE
CVE
added 2019/09/28 2:15 a.m.1792 views

CVE-2019-16935

The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary Jav...

6.1CVSS6.8AI score0.00649EPSS
CVE
CVE
added 2019/06/05 2:29 p.m.1703 views

CVE-2019-10149

A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

10CVSS9.6AI score0.93927EPSS
CVE
CVE
added 2014/03/18 5:18 a.m.1701 views

CVE-2013-6438

The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.

5CVSS8AI score0.36218EPSS
CVE
CVE
added 2020/05/11 2:15 p.m.1631 views

CVE-2020-12783

Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c.

7.5CVSS7.5AI score0.02632EPSS
CVE
CVE
added 2020/10/02 3:15 p.m.1590 views

CVE-2020-7069

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.

6.5CVSS6.2AI score0.08351EPSS
CVE
CVE
added 2019/02/22 11:29 p.m.1560 views

CVE-2019-9020

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrp...

9.8CVSS8.4AI score0.03999EPSS
CVE
CVE
added 2015/07/20 11:59 p.m.1519 views

CVE-2015-3185

The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions...

4.3CVSS6.6AI score0.07873EPSS
CVE
CVE
added 2018/10/09 5:29 p.m.1515 views

CVE-2018-18074

The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.

7.5CVSS6.7AI score0.00219EPSS
CVE
CVE
added 2020/02/03 11:15 p.m.1514 views

CVE-2020-8597

eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.

9.8CVSS8.4AI score0.67512EPSS
CVE
CVE
added 2018/09/25 9:29 p.m.1475 views

CVE-2018-11763

In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.

5.9CVSS5.6AI score0.18884EPSS
CVE
CVE
added 2022/02/18 6:15 p.m.1460 views

CVE-2020-25719

A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could...

9CVSS7.5AI score0.00182EPSS
CVE
CVE
added 2017/10/04 1:29 a.m.1449 views

CVE-2017-12617

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted ...

8.1CVSS7.5AI score0.94394EPSS
CVE
CVE
added 2019/07/17 1:15 p.m.1434 views

CVE-2019-13272

In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a par...

7.8CVSS7.7AI score0.75438EPSS
CVE
CVE
added 2016/07/19 2:0 a.m.1409 views

CVE-2016-5387

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary ...

8.1CVSS8AI score0.7312EPSS
CVE
CVE
added 2020/04/30 5:15 p.m.1380 views

CVE-2020-11651

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the sal...

9.8CVSS9.6AI score0.94367EPSS
CVE
CVE
added 2020/02/24 10:15 p.m.1370 views

CVE-2020-1935

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse prox...

5.8CVSS7.4AI score0.00618EPSS
CVE
CVE
added 2019/10/11 7:15 p.m.1367 views

CVE-2019-2215

A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network f...

7.8CVSS7.5AI score0.4903EPSS
CVE
CVE
added 2018/02/08 11:29 p.m.1318 views

CVE-2018-6789

An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.

9.8CVSS9.6AI score0.84925EPSS
CVE
CVE
added 2020/05/20 7:15 p.m.1317 views

CVE-2020-9484

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the Persisten...

7CVSS7.5AI score0.93416EPSS
CVE
CVE
added 2016/02/15 7:59 p.m.1313 views

CVE-2016-0746

Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing.

9.8CVSS9.5AI score0.11577EPSS
CVE
CVE
added 2018/01/04 1:29 p.m.1310 views

CVE-2017-5715

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

5.6CVSS6.2AI score0.91016EPSS
CVE
CVE
added 2020/04/30 5:15 p.m.1289 views

CVE-2020-11652

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.

6.5CVSS7.8AI score0.93939EPSS
CVE
CVE
added 2019/02/22 11:29 p.m.1281 views

CVE-2019-9021

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the fil...

9.8CVSS8.5AI score0.33234EPSS
CVE
CVE
added 2020/07/22 5:15 p.m.1275 views

CVE-2020-6514

Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream.

6.5CVSS7.3AI score0.11514EPSS
CVE
CVE
added 2019/02/22 11:29 p.m.1266 views

CVE-2019-9024

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c.

7.5CVSS8.3AI score0.16399EPSS
CVE
CVE
added 2018/06/18 6:29 p.m.1245 views

CVE-2018-1333

By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33).

7.5CVSS6.3AI score0.16313EPSS
CVE
CVE
added 2024/01/08 6:15 p.m.1238 views

CVE-2022-3328

Race condition in snap-confine's must_mkdir_and_open_with_perms()

7.8CVSS6.6AI score0.0011EPSS
CVE
CVE
added 2014/09/25 1:55 a.m.1237 views

CVE-2014-7169

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the F...

10CVSS8.4AI score0.9422EPSS
CVE
CVE
added 2010/12/14 4:0 p.m.1219 views

CVE-2010-4344

Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.

9.8CVSS9.7AI score0.57471EPSS
CVE
CVE
added 2013/07/10 8:55 p.m.1201 views

CVE-2013-1896

mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain hr...

4.3CVSS6.2AI score0.33441EPSS
CVE
CVE
added 2020/10/02 3:15 p.m.1197 views

CVE-2020-7070

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being...

5.3CVSS6.5AI score0.22886EPSS
CVE
CVE
added 2011/10/19 9:55 p.m.1189 views

CVE-2011-3544

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Script...

10CVSS8.5AI score0.93041EPSS
CVE
CVE
added 2021/04/17 5:15 a.m.1175 views

CVE-2021-3493

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivil...

8.8CVSS7.5AI score0.72208EPSS
CVE
CVE
added 2023/10/03 6:15 p.m.1171 views

CVE-2023-4911

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code...

7.8CVSS8.2AI score0.74608EPSS
CVE
CVE
added 2020/03/02 5:15 a.m.1170 views

CVE-2019-17026

Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox

8.8CVSS8.1AI score0.42007EPSS
CVE
CVE
added 2009/11/09 5:30 p.m.1166 views

CVE-2009-3555

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple ...

5.8CVSS6AI score0.04134EPSS
CVE
CVE
added 2020/01/29 4:15 p.m.1138 views

CVE-2020-7247

smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. ...

10CVSS9.5AI score0.94036EPSS
CVE
CVE
added 2019/12/23 5:15 p.m.1135 views

CVE-2019-17563

When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this...

7.5CVSS7.7AI score0.04359EPSS
CVE
CVE
added 2015/05/21 12:59 a.m.1130 views

CVE-2015-4000

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then ...

4.3CVSS4.8AI score0.94027EPSS
CVE
CVE
added 2020/02/04 3:15 p.m.1120 views

CVE-2019-9674

Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.

7.5CVSS7.1AI score0.0123EPSS
CVE
CVE
added 2019/02/22 11:29 p.m.1114 views

CVE-2019-9023

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regco...

9.8CVSS8.5AI score0.19063EPSS
CVE
CVE
added 2015/07/16 10:59 a.m.1105 views

CVE-2015-2590

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732.

10CVSS4.2AI score0.76849EPSS
CVE
CVE
added 2018/03/26 3:29 p.m.1101 views

CVE-2018-1301

A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level)...

5.9CVSS7.5AI score0.07833EPSS
CVE
CVE
added 2013/06/10 5:55 p.m.1098 views

CVE-2013-1862

mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.

5.1CVSS6.9AI score0.38401EPSS
CVE
CVE
added 2019/01/30 10:29 p.m.1091 views

CVE-2018-17189

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.

5.3CVSS6.1AI score0.04923EPSS
CVE
CVE
added 2013/06/26 3:19 a.m.1088 views

CVE-2013-1690

Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possi...

9.3CVSS7.4AI score0.48488EPSS
CVE
CVE
added 2013/04/17 6:55 p.m.1084 views

CVE-2013-2423

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented...

4.3CVSS8AI score0.93539EPSS
CVE
CVE
added 2018/03/26 3:29 p.m.1084 views

CVE-2018-1303

A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considere...

7.5CVSS7.3AI score0.31173EPSS
CVE
CVE
added 2013/01/10 9:55 p.m.1081 views

CVE-2013-0422

Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using t...

10CVSS8.2AI score0.9414EPSS
Total number of security vulnerabilities4098