Lucene search

K
CanonicalUbuntu Linux

4105 matches found

CVE
CVE
added 2013/06/10 5:55 p.m.1103 views

CVE-2013-1862

mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.

5.1CVSS6.9AI score0.3021EPSS
Web
CVE
CVE
added 2018/03/26 3:29 p.m.1100 views

CVE-2018-1303

A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considere...

7.5CVSS7.3AI score0.22292EPSS
CVE
CVE
added 2019/03/08 9:29 p.m.1086 views

CVE-2019-9636

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse...

9.8CVSS9.4AI score0.09135EPSS
CVE
CVE
added 2014/06/07 2:55 p.m.1084 views

CVE-2014-3153

The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.

7.8CVSS6.5AI score0.80511EPSS
In wild
CVE
CVE
added 2016/05/05 6:59 p.m.1066 views

CVE-2016-3715

The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.

5.8CVSS6.3AI score0.86045EPSS
In wild
CVE
CVE
added 2016/05/05 6:59 p.m.1062 views

CVE-2016-3718

The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.

5.5CVSS6.7AI score0.87335EPSS
In wild
CVE
CVE
added 2019/06/19 11:15 p.m.1062 views

CVE-2019-12900

BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.

9.8CVSS9.6AI score0.01371EPSS
CVE
CVE
added 2018/01/04 1:29 p.m.1059 views

CVE-2017-5753

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

5.6CVSS6.1AI score0.94304EPSS
CVE
CVE
added 2022/02/16 7:15 p.m.1055 views

CVE-2021-3560

It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vu...

7.8CVSS6.1AI score0.08682EPSS
In wild
CVE
CVE
added 2010/12/14 4:0 p.m.1051 views

CVE-2010-4345

Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.

7.8CVSS8.8AI score0.05675EPSS
In wildWeb
CVE
CVE
added 2005/09/06 11:3 p.m.1048 views

CVE-2005-2700

ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.

10CVSS9.3AI score0.0622EPSS
CVE
CVE
added 2013/05/16 11:45 a.m.1039 views

CVE-2013-1675

Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sen...

6.5CVSS8.7AI score0.02572EPSS
In wild
CVE
CVE
added 2017/09/07 6:29 a.m.1021 views

CVE-2017-14174

In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "length" field in the header but does not contain sufficient backing data, is provided, the loop ove...

7.1CVSS6.2AI score0.00646EPSS
CVE
CVE
added 2016/03/29 10:59 a.m.1007 views

CVE-2016-1646

The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted ...

9.3CVSS8.7AI score0.71722EPSS
In wild
CVE
CVE
added 2018/03/26 3:29 p.m.1004 views

CVE-2018-1302

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter a...

5.9CVSS6.4AI score0.08446EPSS
CVE
CVE
added 2019/12/20 5:15 p.m.1003 views

CVE-2019-17571

Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2...

9.8CVSS8.8AI score0.48499EPSS
CVE
CVE
added 2010/04/01 4:30 p.m.1002 views

CVE-2010-0840

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from t...

9.8CVSS7.9AI score0.92554EPSS
In wild
CVE
CVE
added 2017/04/06 9:59 p.m.997 views

CVE-2016-8735

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency wit...

9.8CVSS8AI score0.94003EPSS
In wild
CVE
CVE
added 2020/04/01 4:15 a.m.994 views

CVE-2020-7065

In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.

8.8CVSS8.2AI score0.05387EPSS
In wild
CVE
CVE
added 2022/02/21 3:15 p.m.967 views

CVE-2021-44142

The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and w...

9CVSS8.9AI score0.24962EPSS
Web
CVE
CVE
added 2020/04/23 3:15 p.m.965 views

CVE-2020-11945

An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if...

9.8CVSS9.7AI score0.22073EPSS
CVE
CVE
added 2022/03/04 7:15 p.m.961 views

CVE-2021-3737

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.

7.5CVSS7.6AI score0.00138EPSS
CVE
CVE
added 2020/06/15 2:15 p.m.953 views

CVE-2020-0543

Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

5.5CVSS6.3AI score0.00533EPSS
CVE
CVE
added 2019/03/23 6:29 p.m.944 views

CVE-2019-9948

urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.

9.1CVSS9.4AI score0.01118EPSS
CVE
CVE
added 2019/12/23 6:15 p.m.935 views

CVE-2019-12418

When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user na...

7CVSS7.2AI score0.012EPSS
CVE
CVE
added 2019/01/27 2:29 a.m.926 views

CVE-2019-6977

gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to tri...

8.8CVSS8.6AI score0.90016EPSS
Web
CVE
CVE
added 2015/08/08 12:59 a.m.925 views

CVE-2015-4495

The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wi...

8.8CVSS6.6AI score0.69924EPSS
In wildWeb
CVE
CVE
added 2017/05/23 4:29 a.m.925 views

CVE-2016-9843

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

9.8CVSS9.9AI score0.05001EPSS
CVE
CVE
added 2019/03/09 12:29 a.m.905 views

CVE-2019-9637

An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to a...

7.5CVSS8.3AI score0.06947EPSS
CVE
CVE
added 2020/07/14 3:15 p.m.899 views

CVE-2020-13935

The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of se...

7.5CVSS7.5AI score0.92195EPSS
CVE
CVE
added 2009/07/10 3:30 p.m.877 views

CVE-2009-1891

The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).

7.1CVSS7.3AI score0.14811EPSS
CVE
CVE
added 2019/06/07 6:29 p.m.874 views

CVE-2019-10160

A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. Wh...

9.8CVSS9.7AI score0.09135EPSS
CVE
CVE
added 2015/04/01 2:0 a.m.859 views

CVE-2015-2808

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic tha...

5CVSS4.8AI score0.4884EPSS
CVE
CVE
added 2022/02/18 6:15 p.m.843 views

CVE-2020-25717

A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.

8.5CVSS8.1AI score0.00154EPSS
CVE
CVE
added 2014/04/15 10:55 a.m.842 views

CVE-2013-5704

The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."

5CVSS5.7AI score0.8313EPSS
CVE
CVE
added 2020/05/19 2:15 p.m.841 views

CVE-2020-8617

Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration doe...

7.5CVSS7.2AI score0.92276EPSS
Web
CVE
CVE
added 2019/07/11 7:15 p.m.837 views

CVE-2019-12525

An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends wi...

9.8CVSS9.2AI score0.46527EPSS
CVE
CVE
added 2020/04/01 4:15 a.m.833 views

CVE-2020-7064

In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.

6.5CVSS6.8AI score0.01617EPSS
In wild
CVE
CVE
added 2019/03/09 12:29 a.m.832 views

CVE-2019-9638

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.

7.5CVSS8.3AI score0.091EPSS
CVE
CVE
added 2019/11/20 6:15 p.m.826 views

CVE-2019-3466

The pg_ctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation.

7.8CVSS7.4AI score0.00131EPSS
CVE
CVE
added 2019/02/27 11:29 p.m.825 views

CVE-2019-1559

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is receiv...

5.9CVSS6.3AI score0.0708EPSS
CVE
CVE
added 2019/03/09 12:29 a.m.820 views

CVE-2019-9639

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.

7.5CVSS8.3AI score0.10432EPSS
CVE
CVE
added 2017/10/03 1:29 a.m.802 views

CVE-2017-14496

Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.

7.8CVSS8.1AI score0.15737EPSS
Web
CVE
CVE
added 2020/06/17 10:15 p.m.797 views

CVE-2020-8619

In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry ...

4.9CVSS5.3AI score0.05531EPSS
CVE
CVE
added 2020/02/04 8:15 p.m.793 views

CVE-2020-8450

An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.

7.5CVSS7.5AI score0.44655EPSS
CVE
CVE
added 2017/10/03 1:29 a.m.791 views

CVE-2017-14493

Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.

9.8CVSS9AI score0.05615EPSS
CVE
CVE
added 2020/09/27 4:15 a.m.790 views

CVE-2020-26116

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.

7.2CVSS7.3AI score0.00579EPSS
CVE
CVE
added 2019/08/13 9:15 p.m.789 views

CVE-2019-9514

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STR...

7.8CVSS7.9AI score0.04545EPSS
CVE
CVE
added 2018/05/16 4:29 p.m.784 views

CVE-2018-8014

The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their e...

9.8CVSS8.6AI score0.5706EPSS
CVE
CVE
added 2020/03/12 7:15 p.m.775 views

CVE-2020-10531

An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.

8.8CVSS8.7AI score0.00538EPSS
Total number of security vulnerabilities4105