Lucene search

K
CanonicalUbuntu Linux

4105 matches found

CVE
CVE
added 2008/09/04 5:41 p.m.64 views

CVE-2007-6716

fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test.

5.5CVSS5.1AI score0.00042EPSS
CVE
CVE
added 2008/06/24 7:41 p.m.64 views

CVE-2008-2663

Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-20...

10CVSS7.2AI score0.04012EPSS
CVE
CVE
added 2010/02/18 6:0 p.m.64 views

CVE-2010-0650

WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event.

2.6CVSS8.2AI score0.01571EPSS
CVE
CVE
added 2010/09/09 10:0 p.m.64 views

CVE-2010-1815

Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars.

6.8CVSS9AI score0.05507EPSS
CVE
CVE
added 2010/09/30 3:0 p.m.64 views

CVE-2010-2538

Integer overflow in the btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 might allow local users to obtain sensitive information via a BTRFS_IOC_CLONE_RANGE ioctl call.

5.5CVSS5.8AI score0.00076EPSS
CVE
CVE
added 2013/02/13 4:55 p.m.64 views

CVE-2013-0208

The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter.

6.5CVSS6AI score0.01145EPSS
CVE
CVE
added 2014/05/15 2:55 p.m.64 views

CVE-2014-0209

Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buf...

4.6CVSS6.4AI score0.00111EPSS
CVE
CVE
added 2014/08/19 6:55 p.m.64 views

CVE-2014-3504

The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attacker...

4CVSS8AI score0.0307EPSS
CVE
CVE
added 2014/08/25 2:55 p.m.64 views

CVE-2014-5251

The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token.

4.9CVSS6.1AI score0.0031EPSS
CVE
CVE
added 2014/11/15 9:59 p.m.64 views

CVE-2014-5388

Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption.

4.6CVSS5AI score0.00095EPSS
CVE
CVE
added 2014/12/03 6:59 p.m.64 views

CVE-2014-8104

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.

6.8CVSS5.9AI score0.01465EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.64 views

CVE-2014-9656

The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font.

7.5CVSS7.8AI score0.01793EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.64 views

CVE-2014-9662

cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted OTF font.

7.5CVSS7.9AI score0.02738EPSS
CVE
CVE
added 2016/04/14 3:59 p.m.64 views

CVE-2015-5247

The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool.

6.5CVSS7.1AI score0.0039EPSS
CVE
CVE
added 2017/01/06 9:59 p.m.64 views

CVE-2016-2370

A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this vulnerability.

5.9CVSS6.2AI score0.01915EPSS
CVE
CVE
added 2017/01/06 9:59 p.m.64 views

CVE-2016-2374

An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT MultiMX message sent via the server can result in an out-of-bounds write leading to memory disclosure and code execution.

8.1CVSS8.2AI score0.02727EPSS
CVE
CVE
added 2016/06/13 7:59 p.m.64 views

CVE-2016-4356

The append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.3 allows remote attackers to cause a denial of service (out-of-bounds read) by clearing the high bit of the byte after invalid utf-8 encoded data.

7.5CVSS7.1AI score0.0109EPSS
CVE
CVE
added 2017/07/08 5:29 p.m.64 views

CVE-2017-11111

In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.

7.8CVSS6.9AI score0.00237EPSS
CVE
CVE
added 2017/09/09 8:29 a.m.64 views

CVE-2017-14228

In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function paste_tokens() in preproc.c, aka a NULL pointer dereference. It will lead to remote denial of service.

5.5CVSS5.4AI score0.00198EPSS
CVE
CVE
added 2017/09/12 8:29 a.m.64 views

CVE-2017-14325

In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function PersistPixelCache in magick/cache.c, which allows attackers to cause a denial of service (memory consumption in ReadMPCImage in coders/mpc.c) via a crafted file.

7.1CVSS6.5AI score0.00421EPSS
CVE
CVE
added 2017/09/21 5:29 a.m.64 views

CVE-2017-14626

ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c.

9.8CVSS7.5AI score0.01117EPSS
CVE
CVE
added 2017/10/10 8:29 p.m.64 views

CVE-2017-15218

ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c.

6.5CVSS7AI score0.00467EPSS
CVE
CVE
added 2017/12/21 3:29 a.m.64 views

CVE-2017-17813

In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors.

5.5CVSS6AI score0.00175EPSS
CVE
CVE
added 2018/01/05 7:29 p.m.64 views

CVE-2017-18022

In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand in MagickWand/montage.c.

6.5CVSS7.1AI score0.00127EPSS
CVE
CVE
added 2020/03/05 4:15 p.m.64 views

CVE-2020-10174

init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely reuses a preexisting temporary directory in the predictable location /tmp/timeshift. It follows symlinks in this location or uses directories owned by unprivileged users. Because Timeshift also executes scripts under this locatio...

7CVSS6.5AI score0.00124EPSS
CVE
CVE
added 2023/09/01 9:15 p.m.64 views

CVE-2023-3297

In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process.

8.1CVSS7.2AI score0.00061EPSS
CVE
CVE
added 2007/02/26 8:28 p.m.63 views

CVE-2007-0778

The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 can generate hash collisions that cause page data to be appended to the wrong page cache, which allows remote attackers to obtain sensitive information or enable further attack vectors when ...

5.4CVSS5.7AI score0.01036EPSS
CVE
CVE
added 2013/05/13 11:55 p.m.63 views

CVE-2013-2020

Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read.

5CVSS8.8AI score0.10664EPSS
CVE
CVE
added 2014/03/14 3:55 p.m.63 views

CVE-2013-6475

Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers a heap-based buffer overflow.

6.8CVSS7.5AI score0.05196EPSS
CVE
CVE
added 2014/05/08 2:29 p.m.63 views

CVE-2014-0056

The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command.

2.1CVSS6.2AI score0.00216EPSS
CVE
CVE
added 2014/08/25 2:55 p.m.63 views

CVE-2014-5252

The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification (1) GET or (2) HEAD request to v3/auth/tokens/.

4.9CVSS6.2AI score0.00287EPSS
CVE
CVE
added 2014/11/05 11:55 a.m.63 views

CVE-2014-8542

libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted JV data.

7.5CVSS9.2AI score0.0152EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.63 views

CVE-2014-9668

The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact vi...

7.5CVSS8AI score0.01507EPSS
CVE
CVE
added 2015/04/13 2:59 p.m.63 views

CVE-2015-0840

The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc).

4.3CVSS6.4AI score0.00741EPSS
CVE
CVE
added 2015/05/29 3:59 p.m.63 views

CVE-2015-0847

nbd-server.c in Network Block Device (nbd-server) before 3.11 does not properly handle signals, which allows remote attackers to cause a denial of service (deadlock) via unspecified vectors.

7.8CVSS6.4AI score0.02554EPSS
CVE
CVE
added 2015/04/29 8:59 p.m.63 views

CVE-2015-1321

Use-after-free vulnerability in the file picker implementation in Oxide before 1.6.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted webpage.

6.8CVSS8.1AI score0.01393EPSS
CVE
CVE
added 2015/05/19 6:59 p.m.63 views

CVE-2015-3408

Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest.

10CVSS7.6AI score0.03926EPSS
CVE
CVE
added 2015/08/16 11:59 p.m.63 views

CVE-2015-3743

WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVE...

6.8CVSS8.5AI score0.00998EPSS
CVE
CVE
added 2015/09/06 2:59 a.m.63 views

CVE-2015-6820

The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not check for a matching AAC frame syntax element before proceeding with Spectral Band Replication calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unsp...

7.5CVSS8.8AI score0.00887EPSS
CVE
CVE
added 2019/02/06 11:29 p.m.63 views

CVE-2018-20762

GPAC version 0.7.1 and earlier has a buffer overflow vulnerability in the cat_multiple_files function in applications/mp4box/fileimport.c when MP4Box is used for a local directory containing crafted filenames.

7.8CVSS7.7AI score0.0032EPSS
CVE
CVE
added 2018/01/29 5:29 p.m.63 views

CVE-2018-6381

In ZZIPlib 0.13.67, 0.13.66, 0.13.65, 0.13.64, 0.13.63, 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57 and 0.13.56 there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function (zzip/mmapped.c) because the size variable is not validated against the amount of fi...

6.5CVSS5.7AI score0.00317EPSS
CVE
CVE
added 2019/07/04 3:15 p.m.63 views

CVE-2019-13241

FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.

7.8CVSS7.4AI score0.01248EPSS
CVE
CVE
added 2006/05/09 8:2 p.m.62 views

CVE-2006-2275

Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (deadlock) via a large number of small messages to a receiver application that cannot process the messages quickly enough, which leads to "spillover of the receive buffer."

7.5CVSS7.2AI score0.03168EPSS
CVE
CVE
added 2007/07/04 3:30 p.m.62 views

CVE-2007-2949

Integer overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large (1) width or (2) height value.

6.8CVSS7.4AI score0.33942EPSS
CVE
CVE
added 2009/12/11 4:30 p.m.62 views

CVE-2009-4135

The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.

4.4CVSS6AI score0.00032EPSS
Web
CVE
CVE
added 2013/02/19 11:55 p.m.62 views

CVE-2013-0777

Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

9.3CVSS7.6AI score0.01397EPSS
CVE
CVE
added 2013/03/22 9:55 p.m.62 views

CVE-2013-1838

OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp functi...

4CVSS6.2AI score0.01427EPSS
CVE
CVE
added 2013/03/22 9:55 p.m.62 views

CVE-2013-1865

OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token.

6.8CVSS6.5AI score0.01162EPSS
CVE
CVE
added 2013/10/27 12:55 a.m.62 views

CVE-2013-4428

OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an imag...

3.5CVSS6.1AI score0.0024EPSS
CVE
CVE
added 2014/05/08 2:29 p.m.62 views

CVE-2013-4544

hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers or (3) interrupt indices. NOTE: some of these details are obtained from third party information.

4.9CVSS7.1AI score0.00133EPSS
Total number of security vulnerabilities4105