Lucene search

K
CanonicalUbuntu Linux

4105 matches found

cve
cve
added 2016/06/05 11:59 p.m.81 views

CVE-2016-1680

Use-after-free vulnerability in ports/SkFontHost_FreeType.cpp in Skia, as used in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via unknown vectors.

8.8CVSS8.7AI score0.01532EPSS
cve
cve
added 2017/01/06 9:59 p.m.81 views

CVE-2016-2368

Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could result in multiple buffer overflows, potentially resulting in code execution or memory disclosure.

8.1CVSS8.4AI score0.01712EPSS
Web
cve
cve
added 2016/06/13 10:59 a.m.81 views

CVE-2016-2825

Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL.

6.5CVSS7.1AI score0.00682EPSS
cve
cve
added 2016/06/14 2:59 p.m.81 views

CVE-2016-5337

The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information.

5.5CVSS5.5AI score0.00062EPSS
cve
cve
added 2017/09/18 1:29 a.m.81 views

CVE-2017-14531

ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c.

7.1CVSS7AI score0.00707EPSS
cve
cve
added 2017/10/05 1:29 a.m.81 views

CVE-2017-15017

ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c.

8.8CVSS7AI score0.00335EPSS
cve
cve
added 2017/06/28 6:29 a.m.81 views

CVE-2017-9985

The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of th...

7.8CVSS7.5AI score0.00114EPSS
cve
cve
added 2018/06/19 9:29 p.m.81 views

CVE-2018-12293

The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer overflow, which coul...

8.8CVSS8.5AI score0.40114EPSS
Web
cve
cve
added 2018/07/19 1:29 p.m.81 views

CVE-2018-12911

WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the get_simple_globs functions in ThirdParty/xdgmime/src/xdgmimecache.c and ThirdParty/xdgmime/src/xdgmimeglob.c.

9.8CVSS9.2AI score0.00518EPSS
cve
cve
added 2018/04/03 6:29 a.m.81 views

CVE-2018-4088

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affect...

8.8CVSS7.6AI score0.00673EPSS
cve
cve
added 2007/03/06 8:19 p.m.80 views

CVE-2007-1285

The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.

7.5CVSS7.3AI score0.09983EPSS
cve
cve
added 2007/06/26 10:30 p.m.80 views

CVE-2007-2442

The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.

10CVSS9.5AI score0.39316EPSS
cve
cve
added 2008/07/09 12:41 a.m.80 views

CVE-2008-2812

The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/ir...

7.8CVSS7.5AI score0.00054EPSS
cve
cve
added 2008/09/24 8:37 p.m.80 views

CVE-2008-4061

Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via an mtd ele...

10CVSS10AI score0.01429EPSS
cve
cve
added 2008/12/17 11:30 p.m.80 views

CVE-2008-5507

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which genera...

6CVSS9.6AI score0.00535EPSS
cve
cve
added 2010/08/19 6:0 p.m.80 views

CVE-2010-2808

Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font.

6.8CVSS9.8AI score0.07802EPSS
cve
cve
added 2012/05/17 11:0 a.m.80 views

CVE-2012-0044

Integer overflow in the drm_mode_dirtyfb_ioctl function in drivers/gpu/drm/drm_crtc.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.1.5 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted ioctl call.

7.8CVSS7.2AI score0.00091EPSS
cve
cve
added 2012/08/29 10:56 a.m.80 views

CVE-2012-3976

Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page.

4.3CVSS8.6AI score0.00776EPSS
cve
cve
added 2013/02/08 8:55 p.m.80 views

CVE-2013-0170

Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by trig...

6.8CVSS7.5AI score0.2022EPSS
cve
cve
added 2014/09/28 10:55 a.m.80 views

CVE-2014-3186

Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbit...

6.9CVSS6.9AI score0.00121EPSS
cve
cve
added 2014/12/16 6:59 p.m.80 views

CVE-2014-9323

The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status.

5CVSS8.1AI score0.01731EPSS
cve
cve
added 2015/04/01 10:59 a.m.80 views

CVE-2015-0804

The HTMLSourceElement::BindToTree function in Mozilla Firefox before 37.0 does not properly constrain a data type after omitting namespace validation during certain tree-binding operations, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a c...

7.5CVSS9.3AI score0.01906EPSS
cve
cve
added 2015/03/15 7:59 p.m.80 views

CVE-2015-2304

Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.

6.4CVSS7.4AI score0.02978EPSS
cve
cve
added 2016/01/21 3:0 a.m.80 views

CVE-2016-0504

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0503.

6.8CVSS5.5AI score0.0183EPSS
cve
cve
added 2016/06/05 11:59 p.m.80 views

CVE-2016-1689

Heap-based buffer overflow in content/renderer/media/canvas_capture_handler.cc in Google Chrome before 51.0.2704.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site.

6.5CVSS7.6AI score0.01734EPSS
cve
cve
added 2016/06/05 11:59 p.m.80 views

CVE-2016-1699

WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to b...

6.5CVSS6.7AI score0.00575EPSS
Web
cve
cve
added 2017/01/06 9:59 p.m.80 views

CVE-2016-2365

A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a null pointer dereference. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this...

5.9CVSS6.2AI score0.01961EPSS
Web
cve
cve
added 2017/03/23 4:59 p.m.80 views

CVE-2016-9774

The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u8 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14....

7.8CVSS8AI score0.0007EPSS
cve
cve
added 2017/07/27 6:29 a.m.80 views

CVE-2017-11683

There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.

6.5CVSS6.5AI score0.00408EPSS
cve
cve
added 2017/10/12 8:29 a.m.80 views

CVE-2017-15281

ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s)."

8.8CVSS7.5AI score0.00591EPSS
cve
cve
added 2018/04/29 3:29 a.m.80 views

CVE-2018-10528

An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer overflow in the utf2char function in libraw_cxx.cpp.

8.8CVSS8.7AI score0.0213EPSS
cve
cve
added 2018/05/24 6:29 p.m.80 views

CVE-2018-11412

In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode.

5.9CVSS5.8AI score0.11514EPSS
cve
cve
added 2018/12/12 1:29 p.m.80 views

CVE-2018-16867

A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may ...

7.8CVSS7.8AI score0.0009EPSS
cve
cve
added 2018/09/19 4:29 p.m.80 views

CVE-2018-17205

An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added (e.g., the flow action is a go-to for a group id that does not e...

7.5CVSS5.2AI score0.00771EPSS
cve
cve
added 2018/01/05 7:29 p.m.80 views

CVE-2018-5248

In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function.

8.8CVSS7.1AI score0.01676EPSS
cve
cve
added 2018/02/19 1:29 p.m.80 views

CVE-2018-5380

The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.

4.3CVSS6.5AI score0.01402EPSS
cve
cve
added 2020/05/26 1:15 p.m.80 views

CVE-2020-3812

qmail-verify as used in netqmail 1.06 is prone to an information disclosure vulnerability. A local attacker can test for the existence of files and directories anywhere in the filesystem because qmail-verify runs as root and tests for the existence of files in the attacker's home directory, without...

5.5CVSS6.7AI score0.00054EPSS
cve
cve
added 2005/08/15 4:0 a.m.79 views

CVE-2005-1527

Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call.

5CVSS7.4AI score0.0133EPSS
cve
cve
added 2006/12/20 1:28 a.m.79 views

CVE-2006-6504

Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption.

9.3CVSS7.2AI score0.41553EPSS
cve
cve
added 2007/02/26 7:28 p.m.79 views

CVE-2007-0777

The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption.

9.3CVSS7.3AI score0.41894EPSS
cve
cve
added 2007/06/26 6:30 p.m.79 views

CVE-2007-3409

Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop.

7.5CVSS7.2AI score0.12389EPSS
cve
cve
added 2008/11/13 11:30 a.m.79 views

CVE-2008-5024

Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X documen...

7.5CVSS9.8AI score0.07219EPSS
cve
cve
added 2010/03/03 7:30 p.m.79 views

CVE-2010-0205

The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of ser...

4.3CVSS8.8AI score0.08131EPSS
cve
cve
added 2010/09/30 3:0 p.m.79 views

CVE-2010-3297

The eql_g_master_cfg function in drivers/net/eql.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an EQL_GETMASTRCFG ioctl call.

2.1CVSS5.5AI score0.00071EPSS
cve
cve
added 2010/09/30 3:0 p.m.79 views

CVE-2010-3298

The hso_get_count function in drivers/net/usb/hso.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.

2.1CVSS6.8AI score0.00071EPSS
cve
cve
added 2011/08/15 9:55 p.m.79 views

CVE-2011-2748

The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet.

7.8CVSS6.2AI score0.87787EPSS
cve
cve
added 2012/08/29 10:56 a.m.79 views

CVE-2012-3956

Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial...

10CVSS9.4AI score0.02314EPSS
cve
cve
added 2012/11/21 12:55 p.m.79 views

CVE-2012-5835

Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) v...

10CVSS9.1AI score0.02068EPSS
cve
cve
added 2013/10/03 9:55 p.m.79 views

CVE-2013-4288

Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --proce...

7.2CVSS6.4AI score0.00033EPSS
cve
cve
added 2013/10/28 10:55 p.m.79 views

CVE-2013-4402

The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message.

5CVSS7.2AI score0.04675EPSS
Total number of security vulnerabilities4105