Lucene search

K
CanonicalUbuntu Linux

4105 matches found

CVE
CVE
added 2006/10/10 4:6 a.m.77 views

CVE-2006-4997

The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (freed pointer dereference).

7.5CVSS7AI score0.35021EPSS
CVE
CVE
added 2007/02/13 11:28 p.m.77 views

CVE-2007-0908

The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name befor...

5CVSS7.3AI score0.10827EPSS
CVE
CVE
added 2007/09/24 10:17 p.m.77 views

CVE-2007-4988

Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow.

7.8CVSS7.8AI score0.0199EPSS
CVE
CVE
added 2008/10/15 8:8 p.m.77 views

CVE-2008-4577

The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.

7.5CVSS7.3AI score0.01099EPSS
CVE
CVE
added 2009/04/06 2:30 p.m.77 views

CVE-2009-1242

The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX implementation in the KVM subsystem in the Linux kernel before 2.6.29.1 on the i386 platform allows guest OS users to cause a denial of service (OOPS) by setting the EFER_LME (aka "Long mode enable") bit in the Extended Feature Enable Regist...

4.9CVSS4.2AI score0.00068EPSS
CVE
CVE
added 2009/07/31 7:0 p.m.77 views

CVE-2009-1721

The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer.

6.8CVSS7.5AI score0.25346EPSS
CVE
CVE
added 2009/09/17 10:30 a.m.77 views

CVE-2009-3232

pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an "empty selection" for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote attackers to bypass authentication.

9.3CVSS6.8AI score0.00539EPSS
CVE
CVE
added 2010/09/29 5:0 p.m.77 views

CVE-2010-2478

Integer overflow in the ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.33.7 on 32-bit platforms allows local users to cause a denial of service or possibly have unspecified other impact via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value that...

7.2CVSS7.6AI score0.00091EPSS
CVE
CVE
added 2012/05/17 11:0 a.m.77 views

CVE-2012-0879

The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle the CLONE_IO feature, which allows local users to cause a denial of service (I/O instability) by starting multiple processes that share an I/O context.

5.5CVSS5AI score0.00016EPSS
CVE
CVE
added 2013/01/22 11:55 p.m.77 views

CVE-2012-2137

Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to Message Signaled Interrupts (MSI), irq routing entries, and an incorrect check by the setu...

6.9CVSS7.5AI score0.00049EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.77 views

CVE-2012-4205

Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks or obtain sensitive info...

6.8CVSS8.5AI score0.00875EPSS
CVE
CVE
added 2013/01/17 1:55 a.m.77 views

CVE-2012-5096

Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors.

3.5CVSS4.5AI score0.00845EPSS
CVE
CVE
added 2012/12/12 11:38 a.m.77 views

CVE-2012-5144

Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, do not properly perform AAC decoding, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via vectors related to "an off-by-one overwrit...

10CVSS7.1AI score0.03505EPSS
CVE
CVE
added 2013/03/08 10:55 p.m.77 views

CVE-2013-0249

Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/curl_sasl.c in curl and libcurl 7.26.0 through 7.28.1, when negotiating SASL DIGEST-MD5 authentication, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long ...

7.5CVSS8AI score0.38792EPSS
Web
CVE
CVE
added 2013/01/17 1:55 a.m.77 views

CVE-2013-0367

Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition.

4CVSS4.3AI score0.00713EPSS
CVE
CVE
added 2013/02/19 11:55 p.m.77 views

CVE-2013-0779

The nsCodingStateMachine::NextState function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.

9.3CVSS7.6AI score0.02362EPSS
CVE
CVE
added 2013/05/13 11:55 p.m.77 views

CVE-2013-1940

X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty.

2.1CVSS6AI score0.00111EPSS
CVE
CVE
added 2013/09/30 9:55 p.m.77 views

CVE-2013-4296

The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a crafted RPC ca...

4CVSS7.6AI score0.03294EPSS
CVE
CVE
added 2013/12/11 3:55 p.m.77 views

CVE-2013-5610

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10CVSS9.9AI score0.00881EPSS
CVE
CVE
added 2014/11/14 3:59 p.m.77 views

CVE-2014-3689

The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling.

7.2CVSS6.7AI score0.0009EPSS
CVE
CVE
added 2014/11/26 3:59 p.m.77 views

CVE-2014-7142

The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.

6.4CVSS8.1AI score0.47313EPSS
CVE
CVE
added 2014/12/19 3:59 p.m.77 views

CVE-2014-8136

The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.

2.1CVSS7.1AI score0.00131EPSS
CVE
CVE
added 2015/01/07 7:59 p.m.77 views

CVE-2014-9221

strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025.

5CVSS8.7AI score0.07905EPSS
CVE
CVE
added 2015/04/17 5:59 p.m.77 views

CVE-2015-1856

OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container.

5.5CVSS6AI score0.0087EPSS
CVE
CVE
added 2015/07/16 10:59 a.m.77 views

CVE-2015-2611

Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.

4CVSS4.5AI score0.0077EPSS
CVE
CVE
added 2015/09/02 2:59 p.m.77 views

CVE-2015-3308

Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point.

7.5CVSS7.3AI score0.01394EPSS
CVE
CVE
added 2015/04/24 2:59 p.m.77 views

CVE-2015-3310

Buffer overflow in the rc_mksid function in plugins/radius/util.c in Paul's PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is greater than 65535, allows remote attackers to cause a denial of service (crash) via a start accounting message to the RADIUS server.

4.3CVSS9AI score0.01715EPSS
CVE
CVE
added 2015/06/10 6:59 p.m.77 views

CVE-2015-4171

strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain ...

2.6CVSS7.5AI score0.01012EPSS
CVE
CVE
added 2018/02/27 10:29 p.m.77 views

CVE-2016-10714

In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters.

9.8CVSS7AI score0.00226EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.77 views

CVE-2016-1675

Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy by leveraging the mishandling of Document reattachment during destruction, related to FrameLoader.cpp and LocalFrame.cpp.

8.8CVSS8.2AI score0.01024EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.77 views

CVE-2016-1679

The ToV8Value function in content/child/v8_value_converter_impl.cc in the V8 bindings in Google Chrome before 51.0.2704.63 does not properly restrict use of getters and setters, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via...

8.8CVSS8.8AI score0.01532EPSS
CVE
CVE
added 2017/01/06 9:59 p.m.77 views

CVE-2016-2372

An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle attacker can send an invalid size for a file transfer which will trigger an ou...

5.9CVSS6.1AI score0.0154EPSS
CVE
CVE
added 2016/05/23 10:59 a.m.77 views

CVE-2016-4558

The BPF subsystem in the Linux kernel before 4.5.5 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted application on (1) a system with more than 32 Gb of memory, related to the program reference...

7CVSS7AI score0.00272EPSS
CVE
CVE
added 2017/09/01 9:29 p.m.77 views

CVE-2017-12691

The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.

7.1CVSS6AI score0.00818EPSS
CVE
CVE
added 2017/09/21 5:29 a.m.77 views

CVE-2017-14625

ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_output_create in coders/sixel.c.

9.8CVSS7.5AI score0.01511EPSS
CVE
CVE
added 2018/03/15 7:29 p.m.77 views

CVE-2017-18233

An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .avi file.

5.5CVSS6AI score0.00299EPSS
CVE
CVE
added 2019/05/20 5:29 p.m.77 views

CVE-2019-12216

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a heap-based buffer overflow in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c.

6.5CVSS7.4AI score0.01087EPSS
CVE
CVE
added 2006/07/05 6:5 p.m.76 views

CVE-2006-2935

The dvd_read_bca function in the DVD handling code in drivers/cdrom/cdrom.c in Linux kernel 2.2.16, and later versions, assigns the wrong value to a length variable, which allows local users to execute arbitrary code via a crafted USB Storage device that triggers a buffer overflow.

4.6CVSS7.4AI score0.00215EPSS
CVE
CVE
added 2007/02/26 8:28 p.m.76 views

CVE-2007-0780

browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in comb...

6.8CVSS5.3AI score0.01684EPSS
CVE
CVE
added 2007/04/22 7:19 p.m.76 views

CVE-2007-2172

A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 causes RTA_MAX to be used as an array size instead of RTN_MAX, which leads to an "out of bound access" by the (1) dn_fib_props (dn_fib.c, DECNet) and (2) fib_props (fib_semantics.c, IPv4) functions.

4.7CVSS5.4AI score0.00068EPSS
CVE
CVE
added 2007/06/26 10:30 p.m.76 views

CVE-2007-2798

Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.

9CVSS9.4AI score0.1489EPSS
CVE
CVE
added 2008/05/02 4:5 p.m.76 views

CVE-2008-1375

Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors.

6.9CVSS6AI score0.00048EPSS
CVE
CVE
added 2008/08/12 11:41 p.m.76 views

CVE-2008-3275

The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 do not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allows local users to cause a denial of service ("overflow" of the UBIFS orphan area...

5.5CVSS5.2AI score0.00077EPSS
Web
CVE
CVE
added 2010/04/07 3:30 p.m.76 views

CVE-2010-0629

Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.

6.5CVSS5.9AI score0.02284EPSS
CVE
CVE
added 2010/09/08 8:0 p.m.76 views

CVE-2010-2960

The keyctl_session_to_parent function in security/keys/keyctl.c in the Linux kernel 2.6.35.4 and earlier expects that a certain parent session keyring exists, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact ...

7.8CVSS7.5AI score0.001EPSS
CVE
CVE
added 2011/08/15 9:55 p.m.76 views

CVE-2011-2749

The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet.

7.8CVSS6.2AI score0.87787EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.76 views

CVE-2012-4187

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage a certain insPos variable, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory cor...

9.3CVSS9.6AI score0.24843EPSS
CVE
CVE
added 2012/10/12 10:44 a.m.76 views

CVE-2012-4191

The mozilla::net::FailDelayManager::Lookup function in the WebSockets implementation in Mozilla Firefox before 16.0.1, Thunderbird before 16.0.1, and SeaMonkey before 2.13.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary ...

9.3CVSS9.7AI score0.01678EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.76 views

CVE-2012-4208

The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote attackers to bypass intended chrome-only restrictions on reading DOM object properties via a crafted web...

4.3CVSS8.1AI score0.0035EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.76 views

CVE-2012-4209

Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross...

4.3CVSS7.8AI score0.02065EPSS
Total number of security vulnerabilities4105