Lucene search

K
CanonicalUbuntu Linux

4105 matches found

cve
cve
added 2016/04/13 2:59 p.m.85 views

CVE-2016-1577

Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137.

7.6CVSS6.9AI score0.31457EPSS
cve
cve
added 2016/06/16 6:59 p.m.85 views

CVE-2016-2391

The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers.

5CVSS6AI score0.00061EPSS
cve
cve
added 2016/09/27 3:59 p.m.85 views

CVE-2016-7044

The unformat_24bit_color function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service (heap corruption and crash) via an incomplete 24bit color code.

7.5CVSS7.5AI score0.01934EPSS
cve
cve
added 2017/03/23 6:59 p.m.85 views

CVE-2016-9388

The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.

5.5CVSS5.8AI score0.00263EPSS
cve
cve
added 2017/09/07 6:29 a.m.85 views

CVE-2017-14173

In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRange(depth)+1" when "depth" is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted TXT file that claims ...

6.5CVSS7.1AI score0.01402EPSS
cve
cve
added 2017/12/14 6:29 a.m.85 views

CVE-2017-17682

In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file that triggers a ReadWPGImage call.

7.1CVSS6.6AI score0.01465EPSS
cve
cve
added 2018/02/15 8:29 p.m.85 views

CVE-2018-7053

An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected order.

9.8CVSS9.2AI score0.00821EPSS
cve
cve
added 2023/04/07 2:15 a.m.85 views

CVE-2020-11935

It was discovered that aufs improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service attack.

5.5CVSS5.1AI score0.00026EPSS
cve
cve
added 2020/05/07 12:15 a.m.85 views

CVE-2020-12689

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially...

8.8CVSS8.3AI score0.00595EPSS
cve
cve
added 2008/08/27 8:41 p.m.84 views

CVE-2008-3281

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.

6.5CVSS6.3AI score0.00802EPSS
cve
cve
added 2009/04/17 2:30 p.m.84 views

CVE-2009-1186

Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments.

2.1CVSS6AI score0.00087EPSS
cve
cve
added 2009/04/23 5:30 p.m.84 views

CVE-2009-1191

mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.

5CVSS7.2AI score0.14981EPSS
cve
cve
added 2012/08/29 10:56 a.m.84 views

CVE-2012-3968

Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via vectors related to deletion of a frag...

10CVSS9.2AI score0.01852EPSS
cve
cve
added 2012/10/10 5:55 p.m.84 views

CVE-2012-4182

Use-after-free vulnerability in the nsTextEditRules::WillInsert function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of serv...

9.3CVSS9.4AI score0.04752EPSS
cve
cve
added 2013/12/03 7:55 p.m.84 views

CVE-2012-6150

The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances...

3.6CVSS7.6AI score0.00149EPSS
cve
cve
added 2014/12/05 4:59 p.m.84 views

CVE-2012-6656

iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8.

5CVSS7AI score0.01382EPSS
cve
cve
added 2013/03/22 11:59 a.m.84 views

CVE-2013-1860

Heap-based buffer overflow in the wdm_in_callback function in drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted cdc-wdm USB device.

6.9CVSS6.6AI score0.00087EPSS
cve
cve
added 2013/10/16 5:55 p.m.84 views

CVE-2013-5807

Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication.

4.9CVSS4.8AI score0.00338EPSS
cve
cve
added 2014/01/18 7:55 p.m.84 views

CVE-2013-6424

Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.

5CVSS6.9AI score0.05566EPSS
cve
cve
added 2014/11/07 7:55 p.m.84 views

CVE-2014-3640

The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket.

2.1CVSS6AI score0.00059EPSS
cve
cve
added 2014/10/29 10:55 a.m.84 views

CVE-2014-3694

The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and o...

6.4CVSS8.5AI score0.01448EPSS
cve
cve
added 2015/04/05 9:59 p.m.84 views

CVE-2015-1465

The IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allows remote attackers to cause a denial of service (memory consumption or system crash) via a flood o...

7.8CVSS5.7AI score0.07718EPSS
cve
cve
added 2015/08/11 2:59 p.m.84 views

CVE-2015-5522

Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href.

6.8CVSS6.8AI score0.04193EPSS
cve
cve
added 2016/06/05 11:59 p.m.84 views

CVE-2016-1680

Use-after-free vulnerability in ports/SkFontHost_FreeType.cpp in Skia, as used in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via unknown vectors.

8.8CVSS8.7AI score0.01532EPSS
cve
cve
added 2016/02/12 5:59 a.m.84 views

CVE-2016-2330

libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a buffer size, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .tga file, related to the gif_image_write_image, gif_encode_init, and gi...

8.8CVSS8.9AI score0.01007EPSS
cve
cve
added 2016/04/07 7:59 p.m.84 views

CVE-2016-2858

QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption.

6.5CVSS6.9AI score0.00124EPSS
cve
cve
added 2016/06/01 10:59 p.m.84 views

CVE-2016-4453

The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command.

4.9CVSS5.8AI score0.0006EPSS
cve
cve
added 2019/01/31 4:29 p.m.84 views

CVE-2018-11790

When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length calculation.

7.8CVSS7.6AI score0.00736EPSS
cve
cve
added 2018/02/15 8:29 p.m.84 views

CVE-2018-7050

An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. A NULL pointer dereference occurs for an "empty" nick.

7.5CVSS8.3AI score0.01142EPSS
cve
cve
added 2020/05/07 12:15 a.m.84 views

CVE-2020-12691

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. T...

8.8CVSS8.3AI score0.02953EPSS
cve
cve
added 2020/04/22 10:15 p.m.84 views

CVE-2020-8833

Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protected_symlinks is disabled, this can be exploited between the os.open and os.chown calls when the Apport cron script clears out crash f...

5.6CVSS5.2AI score0.00047EPSS
cve
cve
added 2005/01/10 5:0 a.m.83 views

CVE-2004-1018

Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via (1) a negative offset value to the shmop_write function, (2) an "integer overflow/underflow" in the pack function, or (3) an "integer over...

10CVSS7.4AI score0.36629EPSS
cve
cve
added 2007/03/06 8:19 p.m.83 views

CVE-2007-1285

The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.

7.5CVSS7.3AI score0.09983EPSS
cve
cve
added 2007/03/24 9:19 p.m.83 views

CVE-2007-1667

Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negativ...

9.3CVSS7.7AI score0.01986EPSS
cve
cve
added 2008/07/09 12:41 a.m.83 views

CVE-2008-2812

The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/ir...

7.8CVSS7.5AI score0.00054EPSS
cve
cve
added 2008/12/17 11:30 p.m.83 views

CVE-2008-5507

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which genera...

6CVSS9.6AI score0.00535EPSS
cve
cve
added 2009/06/10 6:0 p.m.83 views

CVE-2009-1699

The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///e...

7.5CVSS6.9AI score0.05627EPSS
Web
cve
cve
added 2010/08/19 6:0 p.m.83 views

CVE-2010-2806

Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based ...

6.8CVSS9.8AI score0.09383EPSS
cve
cve
added 2010/09/30 3:0 p.m.83 views

CVE-2010-3297

The eql_g_master_cfg function in drivers/net/eql.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an EQL_GETMASTRCFG ioctl call.

2.1CVSS5.5AI score0.00071EPSS
cve
cve
added 2010/09/30 3:0 p.m.83 views

CVE-2010-3298

The hso_get_count function in drivers/net/usb/hso.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.

2.1CVSS6.8AI score0.00071EPSS
cve
cve
added 2020/02/20 6:15 p.m.83 views

CVE-2011-4915

fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts.

5.5CVSS5.2AI score0.0008EPSS
cve
cve
added 2013/02/08 8:55 p.m.83 views

CVE-2013-0170

Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by trig...

6.8CVSS7.5AI score0.2022EPSS
cve
cve
added 2014/02/28 6:18 a.m.83 views

CVE-2014-1690

The help function in net/netfilter/nf_nat_irc.c in the Linux kernel before 3.12.8 allows remote attackers to obtain sensitive information from kernel memory by establishing an IRC DCC session in which incorrect packet data is transmitted during use of the NAT mangle feature.

2.6CVSS6.7AI score0.00694EPSS
cve
cve
added 2015/09/14 8:59 p.m.83 views

CVE-2014-9745

The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a "broken number-with-base" in a Postscript stream, as demonstrated by 8#garbage.

5CVSS6.2AI score0.02685EPSS
cve
cve
added 2015/01/16 4:59 p.m.83 views

CVE-2015-0220

The django.util.http.is_safe_url function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL, related to redirect URLs, as demonstrated by a ...

4.3CVSS5.3AI score0.02316EPSS
cve
cve
added 2015/11/09 3:59 a.m.83 views

CVE-2015-2696

lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call.

7.1CVSS7AI score0.10768EPSS
cve
cve
added 2016/09/20 2:15 p.m.83 views

CVE-2015-8923

The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file.

6.5CVSS6.7AI score0.02215EPSS
cve
cve
added 2016/09/20 2:15 p.m.83 views

CVE-2015-8930

bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself.

7.5CVSS7.5AI score0.04803EPSS
cve
cve
added 2016/03/29 10:59 a.m.83 views

CVE-2016-1647

Use-after-free vulnerability in the RenderWidgetHostImpl::Destroy function in content/browser/renderer_host/render_widget_host_impl.cc in the Navigation implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impac...

9.3CVSS8.7AI score0.01238EPSS
cve
cve
added 2016/06/05 11:59 p.m.83 views

CVE-2016-1689

Heap-based buffer overflow in content/renderer/media/canvas_capture_handler.cc in Google Chrome before 51.0.2704.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site.

6.5CVSS7.6AI score0.01734EPSS
Total number of security vulnerabilities4105