Lucene search

K
CanonicalUbuntu Linux

4105 matches found

CVE
CVE
added 2018/02/15 8:29 p.m.85 views

CVE-2018-7053

An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected order.

9.8CVSS9.2AI score0.00821EPSS
CVE
CVE
added 2007/04/06 1:19 a.m.84 views

CVE-2007-1216

Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary co...

9CVSS9.3AI score0.11518EPSS
CVE
CVE
added 2007/07/30 11:17 p.m.84 views

CVE-2007-3387

Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that trigg...

6.8CVSS7.9AI score0.11401EPSS
CVE
CVE
added 2007/09/04 6:17 p.m.84 views

CVE-2007-3998

The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""'...

5CVSS7.4AI score0.05186EPSS
CVE
CVE
added 2008/03/17 9:44 p.m.84 views

CVE-2008-0888

The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.

9.3CVSS9.6AI score0.21439EPSS
CVE
CVE
added 2009/01/26 3:30 p.m.84 views

CVE-2009-0269

fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel before 2.6.28.1 allows local users to cause a denial of service (fault or memory corruption), or possibly have unspecified other impact, via a readlink call that results in an error, leading to use of a -1 return value as an array in...

4.9CVSS5AI score0.00082EPSS
CVE
CVE
added 2009/01/28 6:30 p.m.84 views

CVE-2009-0322

drivers/firmware/dell_rbu.c in the Linux kernel before 2.6.27.13, and 2.6.28.x before 2.6.28.2, allows local users to cause a denial of service (system crash) via a read system call that specifies zero bytes from the (1) image_type or (2) packet_size file in /sys/devices/platform/dell_rbu/.

4.9CVSS4.3AI score0.00045EPSS
Web
CVE
CVE
added 2009/04/17 2:30 p.m.84 views

CVE-2009-1186

Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments.

2.1CVSS6AI score0.00087EPSS
CVE
CVE
added 2009/06/25 1:30 a.m.84 views

CVE-2009-1888

The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory...

5.8CVSS6.2AI score0.05822EPSS
CVE
CVE
added 2011/07/07 9:55 p.m.84 views

CVE-2011-2192

The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.

4.3CVSS6.8AI score0.0151EPSS
CVE
CVE
added 2011/07/17 8:55 p.m.84 views

CVE-2011-2501

The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of erro...

6.5CVSS7AI score0.02457EPSS
CVE
CVE
added 2012/06/05 10:55 p.m.84 views

CVE-2012-0259

The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read.

6.5CVSS6.8AI score0.01434EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.84 views

CVE-2012-3989

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly perform a cast of an unspecified variable during use of the instanceof operator on a JavaScript object, which allows remote attackers to execute arbitrary code or cause a denial of service (assertion fai...

9.3CVSS9.5AI score0.00854EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.84 views

CVE-2012-4180

Heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecifie...

9.3CVSS9.6AI score0.09485EPSS
CVE
CVE
added 2013/01/17 1:55 a.m.84 views

CVE-2013-0371

Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability, related to MyISAM.

4CVSS4.5AI score0.00713EPSS
CVE
CVE
added 2013/02/19 11:55 p.m.84 views

CVE-2013-0765

Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent multiple wrapping of WebIDL objects, which allows remote attackers to bypass intended access restrictions via unspecified vectors.

9.3CVSS6.3AI score0.01424EPSS
CVE
CVE
added 2014/02/28 6:18 a.m.84 views

CVE-2014-2038

The nfs_can_extend_write function in fs/nfs/write.c in the Linux kernel before 3.13.3 relies on a write delegation to extend a write operation without a certain up-to-date verification, which allows local users to obtain sensitive information from kernel memory in opportunistic circumstances by wri...

2.1CVSS6.7AI score0.00051EPSS
CVE
CVE
added 2014/12/16 11:59 p.m.84 views

CVE-2014-5353

The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demo...

3.5CVSS6.4AI score0.00458EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.84 views

CVE-2015-0825

Stack-based buffer underflow in the mozilla::MP3FrameParser::ParseBuffer function in Mozilla Firefox before 36.0 allows remote attackers to obtain sensitive information from process memory via a malformed MP3 file that improperly interacts with memory allocation during playback.

4.3CVSS8.8AI score0.00758EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.84 views

CVE-2015-0830

The WebGL implementation in Mozilla Firefox before 36.0 does not properly allocate memory for copying an unspecified string to a shader's compilation log, which allows remote attackers to cause a denial of service (application crash) via crafted WebGL content.

5CVSS8.8AI score0.01074EPSS
CVE
CVE
added 2015/04/05 9:59 p.m.84 views

CVE-2015-1465

The IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allows remote attackers to cause a denial of service (memory consumption or system crash) via a flood o...

7.8CVSS5.7AI score0.07718EPSS
CVE
CVE
added 2015/08/11 2:59 p.m.84 views

CVE-2015-5522

Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href.

6.8CVSS6.8AI score0.04193EPSS
CVE
CVE
added 2015/11/16 11:59 a.m.84 views

CVE-2015-7312

Multiple race conditions in the Advanced Union Filesystem (aufs) aufs3-mmap.patch and aufs4-mmap.patch patches for the Linux kernel 3.x and 4.x allow local users to cause a denial of service (use-after-free and BUG) or possibly gain privileges via a (1) madvise or (2) msync system call, related to ...

4.4CVSS5.8AI score0.00039EPSS
CVE
CVE
added 2015/12/29 10:59 p.m.84 views

CVE-2015-7540

The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) via crafted packets.

7.5CVSS5.9AI score0.10967EPSS
CVE
CVE
added 2016/06/16 6:59 p.m.84 views

CVE-2016-2391

The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers.

5CVSS6AI score0.00061EPSS
CVE
CVE
added 2016/04/07 7:59 p.m.84 views

CVE-2016-2858

QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption.

6.5CVSS6.9AI score0.00124EPSS
CVE
CVE
added 2016/06/01 10:59 p.m.84 views

CVE-2016-4453

The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command.

4.9CVSS5.8AI score0.0006EPSS
CVE
CVE
added 2017/09/07 6:29 a.m.84 views

CVE-2017-14173

In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRange(depth)+1" when "depth" is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted TXT file that claims ...

6.5CVSS7.1AI score0.01402EPSS
CVE
CVE
added 2019/01/31 4:29 p.m.84 views

CVE-2018-11790

When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length calculation.

7.8CVSS7.6AI score0.00736EPSS
CVE
CVE
added 2018/12/20 11:29 p.m.84 views

CVE-2018-20191

hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference).

7.5CVSS6.9AI score0.01625EPSS
CVE
CVE
added 2018/02/15 8:29 p.m.84 views

CVE-2018-7050

An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. A NULL pointer dereference occurs for an "empty" nick.

7.5CVSS8.3AI score0.01142EPSS
CVE
CVE
added 2020/04/22 10:15 p.m.84 views

CVE-2020-8833

Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protected_symlinks is disabled, this can be exploited between the os.open and os.chown calls when the Apport cron script clears out crash f...

5.6CVSS5.2AI score0.00047EPSS
CVE
CVE
added 2025/05/30 6:15 p.m.84 views

CVE-2025-5054

Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function _check_global_pid_and_forward, which detects if the crashing process resided in a container, was being call...

4.7CVSS6.1AI score0.00013EPSS
CVE
CVE
added 2006/12/20 1:28 a.m.83 views

CVE-2006-6503

Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to bypass cross-site scripting (XSS) protection by changing the src attribute of an IMG element to a javascript: URI.

6.8CVSS5.5AI score0.21579EPSS
CVE
CVE
added 2007/06/26 10:30 p.m.83 views

CVE-2007-2443

Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value.

8.3CVSS9.5AI score0.2536EPSS
CVE
CVE
added 2008/06/16 9:41 p.m.83 views

CVE-2008-2712

Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the ...

9.3CVSS9.2AI score0.09987EPSS
CVE
CVE
added 2008/08/08 6:41 p.m.83 views

CVE-2008-3272

The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux kernel before 2.6.27-rc2 does not verify that the device number is within the range defined by max_synthdev before returning certain data to the caller, which allows local users to obt...

2.1CVSS5.8AI score0.00063EPSS
Web
CVE
CVE
added 2008/08/27 8:41 p.m.83 views

CVE-2008-3281

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.

6.5CVSS6.3AI score0.00802EPSS
CVE
CVE
added 2008/11/13 11:30 a.m.83 views

CVE-2008-5017

Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors.

10CVSS9.4AI score0.17422EPSS
CVE
CVE
added 2009/04/23 5:30 p.m.83 views

CVE-2009-1191

mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.

5CVSS7.2AI score0.09351EPSS
CVE
CVE
added 2010/09/08 8:0 p.m.83 views

CVE-2010-2955

The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in the Linux kernel before 2.6.36-rc3-next-20100831 does not properly initialize certain structure members, which allows local users to leverage an off-by-one error in the ioctl_standard_iw_point function in net/wireless/wext-core.c,...

2.1CVSS5.7AI score0.00093EPSS
CVE
CVE
added 2020/02/20 6:15 p.m.83 views

CVE-2011-4915

fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts.

5.5CVSS5.2AI score0.0008EPSS
CVE
CVE
added 2012/05/29 8:55 p.m.83 views

CVE-2012-1988

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pa...

6CVSS7AI score0.00492EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.83 views

CVE-2012-3967

The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 on Linux, when a large number of sampler uniforms are used, does not properly interact with Mesa drivers, which allows remo...

9.3CVSS9.3AI score0.00593EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.83 views

CVE-2012-4202

Heap-based buffer overflow in the image::RasterImage::DrawFrameTo function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via a crafted GIF ima...

9.3CVSS9AI score0.06753EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.83 views

CVE-2012-4213

Use-after-free vulnerability in the nsEditor::FindNextLeafNode function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

9.3CVSS8.8AI score0.02868EPSS
CVE
CVE
added 2013/12/11 3:55 p.m.83 views

CVE-2013-5611

Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation.

5.8CVSS9AI score0.00882EPSS
CVE
CVE
added 2014/10/29 10:55 a.m.83 views

CVE-2014-3694

The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and o...

6.4CVSS8.5AI score0.01448EPSS
CVE
CVE
added 2016/09/20 2:15 p.m.83 views

CVE-2015-8930

bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself.

7.5CVSS7.5AI score0.04803EPSS
CVE
CVE
added 2016/04/21 10:59 a.m.83 views

CVE-2016-0661

Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Options.

4.7CVSS4.8AI score0.00229EPSS
Total number of security vulnerabilities4105