Lucene search

K
CanonicalUbuntu Linux

4105 matches found

CVE
CVE
added 2016/02/12 5:59 a.m.83 views

CVE-2016-2330

libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a buffer size, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .tga file, related to the gif_image_write_image, gif_encode_init, and gi...

8.8CVSS8.9AI score0.01007EPSS
CVE
CVE
added 2016/09/07 6:59 p.m.83 views

CVE-2016-6351

The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the QEMU host via vectors inv...

7.2CVSS7.4AI score0.00237EPSS
CVE
CVE
added 2018/06/28 2:29 p.m.83 views

CVE-2018-12931

ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.

7.8CVSS7.8AI score0.00113EPSS
CVE
CVE
added 2023/04/07 2:15 a.m.83 views

CVE-2020-11935

It was discovered that aufs improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service attack.

5.5CVSS5.1AI score0.00026EPSS
CVE
CVE
added 2020/05/07 12:15 a.m.83 views

CVE-2020-12689

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially...

8.8CVSS8.3AI score0.00595EPSS
CVE
CVE
added 2008/12/17 11:30 p.m.82 views

CVE-2008-5512

Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to run arbitrary JavaScript with chrome privileges via unknown vectors in which "page content can pollute XPCNati...

6.8CVSS9.8AI score0.05142EPSS
CVE
CVE
added 2009/06/10 6:0 p.m.82 views

CVE-2009-1699

The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///e...

7.5CVSS6.9AI score0.05627EPSS
CVE
CVE
added 2010/02/22 1:0 p.m.82 views

CVE-2010-0159

The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlock...

10CVSS8.8AI score0.02147EPSS
CVE
CVE
added 2012/06/05 10:55 p.m.82 views

CVE-2012-1610

Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component count for certain EXIF tags in a JPEG image. NOTE: this vulnerability exists because of an incomplete f...

7.5CVSS6.7AI score0.07033EPSS
CVE
CVE
added 2013/12/03 7:55 p.m.82 views

CVE-2012-6150

The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances...

3.6CVSS7.6AI score0.00149EPSS
CVE
CVE
added 2014/12/05 4:59 p.m.82 views

CVE-2012-6656

iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8.

5CVSS7AI score0.01382EPSS
CVE
CVE
added 2013/02/19 11:55 p.m.82 views

CVE-2013-0778

The ClusterIterator::NextCluster function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.

9.3CVSS7.6AI score0.01558EPSS
CVE
CVE
added 2014/02/28 6:18 a.m.82 views

CVE-2014-1690

The help function in net/netfilter/nf_nat_irc.c in the Linux kernel before 3.12.8 allows remote attackers to obtain sensitive information from kernel memory by establishing an IRC DCC session in which incorrect packet data is transmitted during use of the NAT mangle feature.

2.6CVSS6.7AI score0.00694EPSS
CVE
CVE
added 2015/09/14 8:59 p.m.82 views

CVE-2014-9745

The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a "broken number-with-base" in a Postscript stream, as demonstrated by 8#garbage.

5CVSS6.2AI score0.02685EPSS
CVE
CVE
added 2015/01/16 4:59 p.m.82 views

CVE-2015-0220

The django.util.http.is_safe_url function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL, related to redirect URLs, as demonstrated by a ...

4.3CVSS5.3AI score0.02316EPSS
CVE
CVE
added 2015/02/06 11:59 a.m.82 views

CVE-2015-1209

Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, allows remote attacker...

7.5CVSS7.2AI score0.01413EPSS
CVE
CVE
added 2015/10/01 8:59 p.m.82 views

CVE-2015-1338

kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log.

7.2CVSS6.7AI score0.00379EPSS
CVE
CVE
added 2015/11/09 3:59 a.m.82 views

CVE-2015-2696

lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call.

7.1CVSS7AI score0.10768EPSS
CVE
CVE
added 2015/10/21 11:59 p.m.82 views

CVE-2015-4866

Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.

4CVSS5AI score0.00625EPSS
CVE
CVE
added 2015/08/11 2:59 p.m.82 views

CVE-2015-5523

The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.

4.3CVSS6.3AI score0.04271EPSS
CVE
CVE
added 2016/09/20 2:15 p.m.82 views

CVE-2015-8923

The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file.

6.5CVSS6.7AI score0.02186EPSS
CVE
CVE
added 2018/03/12 3:29 p.m.82 views

CVE-2016-9600

JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.

6.5CVSS6.5AI score0.00295EPSS
CVE
CVE
added 2017/08/31 3:29 p.m.82 views

CVE-2017-14060

In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a malformed image file.

6.5CVSS6.7AI score0.00476EPSS
CVE
CVE
added 2017/09/18 1:29 a.m.82 views

CVE-2017-14532

ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c.

9.8CVSS7.5AI score0.01511EPSS
CVE
CVE
added 2017/10/05 1:29 a.m.82 views

CVE-2017-15015

ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c.

8.8CVSS7.1AI score0.00293EPSS
CVE
CVE
added 2018/04/03 6:29 a.m.82 views

CVE-2017-7153

An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit" comp...

6.1CVSS5.5AI score0.00779EPSS
CVE
CVE
added 2018/04/03 6:29 a.m.82 views

CVE-2018-4128

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers ...

8.8CVSS8.7AI score0.00579EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.82 views

CVE-2019-2923

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to comprom...

5.3CVSS4.3AI score0.01795EPSS
CVE
CVE
added 2020/05/07 12:15 a.m.82 views

CVE-2020-12691

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. T...

8.8CVSS8.3AI score0.02953EPSS
CVE
CVE
added 2020/09/23 2:15 p.m.82 views

CVE-2020-25739

An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escape_mode parameter to escape fields as an XSS protection mechanism. To mitigate, json_dumper.rb in gon now does escaping for XSS by default without relying on MultiJson.

6.1CVSS6AI score0.00505EPSS
CVE
CVE
added 2005/01/10 5:0 a.m.81 views

CVE-2004-1018

Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via (1) a negative offset value to the shmop_write function, (2) an "integer overflow/underflow" in the pack function, or (3) an "integer over...

10CVSS7.4AI score0.36629EPSS
CVE
CVE
added 2007/03/24 9:19 p.m.81 views

CVE-2007-1667

Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negativ...

9.3CVSS7.7AI score0.01986EPSS
CVE
CVE
added 2010/08/19 6:0 p.m.81 views

CVE-2010-2806

Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based ...

6.8CVSS9.8AI score0.09383EPSS
CVE
CVE
added 2010/08/19 6:0 p.m.81 views

CVE-2010-2807

FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

6.8CVSS9.5AI score0.05194EPSS
CVE
CVE
added 2010/09/29 5:0 p.m.81 views

CVE-2010-2946

fs/jfs/xattr.c in the Linux kernel before 2.6.35.2 does not properly handle a certain legacy format for storage of extended attributes, which might allow local users by bypass intended xattr namespace restrictions via an "os2." substring at the beginning of a name.

2.1CVSS7.2AI score0.0007EPSS
CVE
CVE
added 2011/07/29 8:55 p.m.81 views

CVE-2011-2694

Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user f...

2.6CVSS4.7AI score0.03385EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.81 views

CVE-2012-3968

Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via vectors related to deletion of a frag...

10CVSS9.2AI score0.01852EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.81 views

CVE-2012-4182

Use-after-free vulnerability in the nsTextEditRules::WillInsert function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of serv...

9.3CVSS9.4AI score0.04752EPSS
CVE
CVE
added 2013/02/08 8:55 p.m.81 views

CVE-2013-0189

cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or ...

5CVSS6.4AI score0.69891EPSS
CVE
CVE
added 2013/03/22 11:59 a.m.81 views

CVE-2013-1860

Heap-based buffer overflow in the wdm_in_callback function in drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted cdc-wdm USB device.

6.9CVSS6.6AI score0.00149EPSS
CVE
CVE
added 2013/10/03 9:55 p.m.81 views

CVE-2013-4311

libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288...

4.6CVSS8.2AI score0.00033EPSS
CVE
CVE
added 2014/01/07 6:55 p.m.81 views

CVE-2013-4969

Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.

2.1CVSS6.1AI score0.00045EPSS
CVE
CVE
added 2014/01/18 7:55 p.m.81 views

CVE-2013-6424

Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.

5CVSS6.9AI score0.05566EPSS
CVE
CVE
added 2013/12/11 3:55 p.m.81 views

CVE-2013-6673

Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a vali...

5.9CVSS6.9AI score0.00545EPSS
CVE
CVE
added 2014/05/16 3:55 p.m.81 views

CVE-2014-1418

Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers.

6.4CVSS5.8AI score0.00512EPSS
CVE
CVE
added 2014/11/07 7:55 p.m.81 views

CVE-2014-3640

The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket.

2.1CVSS6AI score0.00059EPSS
CVE
CVE
added 2014/09/28 10:55 a.m.81 views

CVE-2014-6416

Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, allows remote attackers to cause a denial of service (memory corruption and panic) or possibly have unspecified other impact via a long unencrypted auth ticket.

7.8CVSS8.1AI score0.03863EPSS
CVE
CVE
added 2015/01/16 4:59 p.m.81 views

CVE-2015-0222

ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, when show_hidden_initial is set to True, allows remote attackers to cause a denial of service by submitting duplicate values, which triggers a large number of SQL queries.

5CVSS6.9AI score0.04573EPSS
CVE
CVE
added 2015/03/09 12:59 a.m.81 views

CVE-2015-1214

Integer overflow in the SkAutoSTArray implementation in include/core/SkTemplates.h in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a reset act...

7.5CVSS6.9AI score0.00974EPSS
CVE
CVE
added 2016/03/29 10:59 a.m.81 views

CVE-2016-1647

Use-after-free vulnerability in the RenderWidgetHostImpl::Destroy function in content/browser/renderer_host/render_widget_host_impl.cc in the Navigation implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impac...

9.3CVSS8.7AI score0.01238EPSS
Total number of security vulnerabilities4105