Lucene search

K
CanonicalUbuntu Linux

4105 matches found

CVE
CVE
added 2008/12/17 11:30 p.m.82 views

CVE-2008-5507

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which genera...

6CVSS9.6AI score0.00535EPSS
CVE
CVE
added 2010/08/19 6:0 p.m.82 views

CVE-2010-2806

Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based ...

6.8CVSS9.8AI score0.09383EPSS
CVE
CVE
added 2010/08/19 6:0 p.m.82 views

CVE-2010-2807

FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

6.8CVSS9.5AI score0.05194EPSS
CVE
CVE
added 2012/06/05 10:55 p.m.82 views

CVE-2012-1610

Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component count for certain EXIF tags in a JPEG image. NOTE: this vulnerability exists because of an incomplete f...

7.5CVSS6.7AI score0.07033EPSS
CVE
CVE
added 2013/02/08 8:55 p.m.82 views

CVE-2013-0170

Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by trig...

6.8CVSS7.5AI score0.2022EPSS
CVE
CVE
added 2013/10/03 9:55 p.m.82 views

CVE-2013-4311

libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288...

4.6CVSS8.2AI score0.00033EPSS
CVE
CVE
added 2015/01/16 4:59 p.m.82 views

CVE-2015-0222

ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, when show_hidden_initial is set to True, allows remote attackers to cause a denial of service by submitting duplicate values, which triggers a large number of SQL queries.

5CVSS6.9AI score0.04573EPSS
CVE
CVE
added 2015/02/06 11:59 a.m.82 views

CVE-2015-1209

Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, allows remote attacker...

7.5CVSS7.2AI score0.01413EPSS
CVE
CVE
added 2015/10/01 8:59 p.m.82 views

CVE-2015-1338

kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log.

7.2CVSS6.7AI score0.00379EPSS
Web
CVE
CVE
added 2015/08/11 2:59 p.m.82 views

CVE-2015-5523

The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.

4.3CVSS6.3AI score0.04271EPSS
CVE
CVE
added 2016/03/29 10:59 a.m.82 views

CVE-2016-1647

Use-after-free vulnerability in the RenderWidgetHostImpl::Destroy function in content/browser/renderer_host/render_widget_host_impl.cc in the Navigation implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impac...

9.3CVSS8.7AI score0.01238EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.82 views

CVE-2016-1689

Heap-based buffer overflow in content/renderer/media/canvas_capture_handler.cc in Google Chrome before 51.0.2704.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site.

6.5CVSS7.6AI score0.01734EPSS
CVE
CVE
added 2017/01/06 9:59 p.m.82 views

CVE-2016-2368

Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could result in multiple buffer overflows, potentially resulting in code execution or memory disclosure.

8.1CVSS8.4AI score0.0591EPSS
CVE
CVE
added 2016/05/23 10:59 a.m.82 views

CVE-2016-4951

The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel through 4.6 does not verify socket existence, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a dumpit operation.

7.8CVSS7.5AI score0.00138EPSS
CVE
CVE
added 2018/03/12 3:29 p.m.82 views

CVE-2016-9600

JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.

6.5CVSS6.5AI score0.00295EPSS
CVE
CVE
added 2017/08/31 3:29 p.m.82 views

CVE-2017-14060

In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a malformed image file.

6.5CVSS6.7AI score0.00476EPSS
CVE
CVE
added 2017/09/18 1:29 a.m.82 views

CVE-2017-14532

ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c.

9.8CVSS7.5AI score0.01511EPSS
CVE
CVE
added 2017/10/05 1:29 a.m.82 views

CVE-2017-15015

ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c.

8.8CVSS7.1AI score0.00293EPSS
CVE
CVE
added 2017/10/05 1:29 a.m.82 views

CVE-2017-15017

ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c.

8.8CVSS7AI score0.00335EPSS
CVE
CVE
added 2017/10/12 8:29 a.m.82 views

CVE-2017-15281

ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s)."

8.8CVSS7.5AI score0.00591EPSS
CVE
CVE
added 2017/06/28 6:29 a.m.82 views

CVE-2017-9985

The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of th...

7.8CVSS7.5AI score0.00114EPSS
CVE
CVE
added 2018/04/29 3:29 a.m.82 views

CVE-2018-10528

An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer overflow in the utf2char function in libraw_cxx.cpp.

8.8CVSS8.7AI score0.0213EPSS
CVE
CVE
added 2018/05/24 6:29 p.m.82 views

CVE-2018-11412

In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode.

5.9CVSS5.8AI score0.11514EPSS
CVE
CVE
added 2018/06/19 9:29 p.m.82 views

CVE-2018-12293

The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer overflow, which coul...

8.8CVSS8.5AI score0.40114EPSS
CVE
CVE
added 2018/09/19 4:29 p.m.82 views

CVE-2018-17205

An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added (e.g., the flow action is a go-to for a group id that does not e...

7.5CVSS5.2AI score0.00771EPSS
CVE
CVE
added 2020/09/23 2:15 p.m.82 views

CVE-2020-25739

An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escape_mode parameter to escape fields as an XSS protection mechanism. To mitigate, json_dumper.rb in gon now does escaping for XSS by default without relying on MultiJson.

6.1CVSS6AI score0.00505EPSS
CVE
CVE
added 2007/06/26 10:30 p.m.81 views

CVE-2007-2442

The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.

10CVSS9.5AI score0.39316EPSS
CVE
CVE
added 2010/08/19 6:0 p.m.81 views

CVE-2010-2808

Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font.

6.8CVSS9.8AI score0.07802EPSS
CVE
CVE
added 2010/09/29 5:0 p.m.81 views

CVE-2010-2946

fs/jfs/xattr.c in the Linux kernel before 2.6.35.2 does not properly handle a certain legacy format for storage of extended attributes, which might allow local users by bypass intended xattr namespace restrictions via an "os2." substring at the beginning of a name.

2.1CVSS7.2AI score0.00036EPSS
CVE
CVE
added 2011/07/29 8:55 p.m.81 views

CVE-2011-2694

Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user f...

2.6CVSS4.7AI score0.02501EPSS
CVE
CVE
added 2012/05/17 11:0 a.m.81 views

CVE-2012-0044

Integer overflow in the drm_mode_dirtyfb_ioctl function in drivers/gpu/drm/drm_crtc.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.1.5 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted ioctl call.

7.8CVSS7.2AI score0.00091EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.81 views

CVE-2012-3956

Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial...

10CVSS9.4AI score0.02314EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.81 views

CVE-2012-5835

Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) v...

10CVSS9.1AI score0.02068EPSS
CVE
CVE
added 2013/02/08 8:55 p.m.81 views

CVE-2013-0189

cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or ...

5CVSS6.4AI score0.69891EPSS
CVE
CVE
added 2013/08/19 11:55 p.m.81 views

CVE-2013-1872

The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of service (reachable assertion and crash) and possibly execute arbitrary code via vectors involving 3d graphics that trigger an out-of-bounds array access, related to the fs_visitor::remove_dead_constants...

6.8CVSS7.5AI score0.03297EPSS
CVE
CVE
added 2013/10/03 9:55 p.m.81 views

CVE-2013-4288

Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --proce...

7.2CVSS6.4AI score0.00033EPSS
CVE
CVE
added 2013/10/28 10:55 p.m.81 views

CVE-2013-4402

The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message.

5CVSS7.2AI score0.04675EPSS
CVE
CVE
added 2014/01/07 6:55 p.m.81 views

CVE-2013-4969

Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.

2.1CVSS6.1AI score0.00045EPSS
CVE
CVE
added 2014/05/16 3:55 p.m.81 views

CVE-2014-1418

Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers.

6.4CVSS5.8AI score0.00512EPSS
CVE
CVE
added 2014/09/28 10:55 a.m.81 views

CVE-2014-3186

Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbit...

6.9CVSS6.9AI score0.00121EPSS
CVE
CVE
added 2014/09/28 10:55 a.m.81 views

CVE-2014-6416

Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, allows remote attackers to cause a denial of service (memory corruption and panic) or possibly have unspecified other impact via a long unencrypted auth ticket.

7.8CVSS8.1AI score0.03863EPSS
CVE
CVE
added 2015/03/09 12:59 a.m.81 views

CVE-2015-1214

Integer overflow in the SkAutoSTArray implementation in include/core/SkTemplates.h in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a reset act...

7.5CVSS6.9AI score0.00974EPSS
CVE
CVE
added 2015/04/19 10:59 a.m.81 views

CVE-2015-1241

Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a "tapjacking" attack.

4.3CVSS6AI score0.01566EPSS
CVE
CVE
added 2015/03/15 7:59 p.m.81 views

CVE-2015-2304

Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.

6.4CVSS7.4AI score0.02978EPSS
CVE
CVE
added 2016/01/21 3:0 a.m.81 views

CVE-2016-0504

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0503.

6.8CVSS5.5AI score0.0183EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.81 views

CVE-2016-1688

The regexp (aka regular expression) implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted JavaScript code.

6.5CVSS6.6AI score0.04867EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.81 views

CVE-2016-1699

WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to b...

6.5CVSS6.7AI score0.00575EPSS
Web
CVE
CVE
added 2016/05/23 10:59 a.m.81 views

CVE-2016-4558

The BPF subsystem in the Linux kernel before 4.5.5 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted application on (1) a system with more than 32 Gb of memory, related to the program reference...

7CVSS7AI score0.00272EPSS
CVE
CVE
added 2016/06/14 2:59 p.m.81 views

CVE-2016-5337

The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information.

5.5CVSS5.5AI score0.00062EPSS
CVE
CVE
added 2017/08/28 7:29 p.m.81 views

CVE-2017-12877

Use-after-free vulnerability in the DestroyImage function in image.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file.

6.5CVSS7AI score0.0119EPSS
Total number of security vulnerabilities4105