Lucene search

K
CanonicalUbuntu Linux

4105 matches found

CVE
CVE
added 2020/09/11 7:15 p.m.62 views

CVE-2013-7490

An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption.

5.3CVSS5.2AI score0.00392EPSS
CVE
CVE
added 2014/02/06 5:44 a.m.62 views

CVE-2014-1478

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the MPostWriteBarrier class in ...

10CVSS9.8AI score0.01231EPSS
CVE
CVE
added 2017/03/20 4:59 p.m.62 views

CVE-2014-9842

Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.

7.5CVSS7.1AI score0.02361EPSS
CVE
CVE
added 2017/03/20 4:59 p.m.62 views

CVE-2014-9850

Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption).

7.5CVSS7.1AI score0.01602EPSS
CVE
CVE
added 2015/03/09 12:59 a.m.62 views

CVE-2015-1219

Integer overflow in the SkMallocPixelRef::NewAllocate function in core/SkMallocPixelRef.cpp in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted allocation of a lar...

7.5CVSS6.8AI score0.00897EPSS
CVE
CVE
added 2017/08/25 6:29 p.m.62 views

CVE-2015-1325

Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files a...

7CVSS6.9AI score0.00858EPSS
CVE
CVE
added 2015/07/26 10:59 p.m.62 views

CVE-2015-1872

The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg before 2.5.4 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via craf...

6.8CVSS7AI score0.00725EPSS
CVE
CVE
added 2015/05/12 7:59 p.m.62 views

CVE-2015-2222

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file.

5CVSS6.2AI score0.01553EPSS
CVE
CVE
added 2017/09/12 5:29 p.m.62 views

CVE-2017-14343

ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file.

6.5CVSS6.2AI score0.00406EPSS
CVE
CVE
added 2018/01/12 8:29 p.m.62 views

CVE-2017-18027

In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.

6.5CVSS6.6AI score0.00615EPSS
CVE
CVE
added 2018/06/29 2:29 p.m.62 views

CVE-2018-13005

An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read in isomedia/box_code_base.c has a heap-based buffer over-read.

9.8CVSS9.3AI score0.00593EPSS
CVE
CVE
added 2019/02/06 11:29 p.m.62 views

CVE-2018-20763

In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because of missing szLineConv bounds checking.

7.8CVSS7.6AI score0.00253EPSS
CVE
CVE
added 2018/02/01 5:29 a.m.62 views

CVE-2018-6484

In ZZIPlib 0.13.67, there is a memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

6.5CVSS5.5AI score0.00416EPSS
Web
CVE
CVE
added 2018/02/09 6:29 a.m.62 views

CVE-2018-6869

In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

6.5CVSS5.5AI score0.01067EPSS
CVE
CVE
added 2019/09/11 7:15 p.m.62 views

CVE-2019-16236

Dino before 2019-09-10 does not check roster push authorization in module/roster/module.vala.

7.5CVSS7.3AI score0.00778EPSS
CVE
CVE
added 2005/05/13 4:0 a.m.61 views

CVE-2005-0758

zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.

4.6CVSS6.8AI score0.0015EPSS
CVE
CVE
added 2006/12/20 1:28 a.m.61 views

CVE-2006-6500

Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by setting the CSS cursor to certain images that cause an i...

6.8CVSS7.7AI score0.37533EPSS
CVE
CVE
added 2008/07/18 4:41 p.m.61 views

CVE-2008-2934

Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file that triggers a free of an uninitialized pointer.

8.8CVSS9AI score0.05575EPSS
CVE
CVE
added 2008/08/08 7:41 p.m.61 views

CVE-2008-3535

Off-by-one error in the iov_iter_advance function in mm/filemap.c in the Linux kernel before 2.6.27-rc2 allows local users to cause a denial of service (system crash) via a certain sequence of file I/O operations with readv and writev, as demonstrated by testcases/kernel/fs/ftest/ftest03 from the L...

4.9CVSS4.9AI score0.00047EPSS
CVE
CVE
added 2013/02/24 7:55 p.m.61 views

CVE-2012-5624

The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application.

4.3CVSS5.8AI score0.0147EPSS
CVE
CVE
added 2013/03/26 9:55 p.m.61 views

CVE-2013-0454

The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) trigg...

4CVSS6.2AI score0.01878EPSS
CVE
CVE
added 2013/03/21 5:55 p.m.61 views

CVE-2013-1051

apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories.

4.3CVSS6.4AI score0.00125EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.61 views

CVE-2014-9665

The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact by embedding a PNG fi...

7.5CVSS8.3AI score0.02167EPSS
CVE
CVE
added 2015/03/24 5:59 p.m.61 views

CVE-2015-2265

The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707.

7.5CVSS7.4AI score0.05767EPSS
CVE
CVE
added 2015/08/16 11:59 p.m.61 views

CVE-2015-3748

WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVE...

6.8CVSS8.5AI score0.00998EPSS
CVE
CVE
added 2015/08/16 11:59 p.m.61 views

CVE-2015-3752

The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain sensitive informatio...

5CVSS6.9AI score0.01115EPSS
CVE
CVE
added 2015/09/08 3:59 p.m.61 views

CVE-2015-5199

Directory traversal vulnerability in dlopen in libvdpau before 1.1.1 allows local users to gain privileges via the VDPAU_DRIVER environment variable.

7.2CVSS6.2AI score0.00022EPSS
CVE
CVE
added 2018/02/02 2:29 p.m.61 views

CVE-2017-14177

Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an...

7.8CVSS7.6AI score0.00109EPSS
CVE
CVE
added 2017/09/12 5:29 p.m.61 views

CVE-2017-14342

ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file.

6.5CVSS6.8AI score0.00266EPSS
CVE
CVE
added 2017/12/21 3:29 a.m.61 views

CVE-2017-17812

In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read in the function detoken() in asm/preproc.c that will cause a remote denial of service attack.

5.5CVSS6.1AI score0.00198EPSS
CVE
CVE
added 2017/12/21 3:29 a.m.61 views

CVE-2017-17817

In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack.

5.5CVSS6.1AI score0.00176EPSS
CVE
CVE
added 2017/12/21 3:29 a.m.61 views

CVE-2017-17818

In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in paste_tokens in asm/preproc.c.

7.5CVSS7.3AI score0.00683EPSS
CVE
CVE
added 2018/01/01 8:29 a.m.61 views

CVE-2017-18008

In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in coders/pwp.c.

6.5CVSS7.1AI score0.00469EPSS
CVE
CVE
added 2018/01/12 8:29 p.m.61 views

CVE-2017-18029

In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.

6.5CVSS6.6AI score0.00897EPSS
CVE
CVE
added 2018/06/29 2:29 p.m.61 views

CVE-2018-13006

An issue was discovered in MP4Box in GPAC 0.7.1. There is a heap-based buffer over-read in the isomedia/box_dump.c function hdlr_dump.

9.8CVSS9.3AI score0.00697EPSS
CVE
CVE
added 2018/12/17 7:29 p.m.61 views

CVE-2018-20185

In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits.

5.3CVSS5.2AI score0.00896EPSS
CVE
CVE
added 2019/02/12 5:29 p.m.61 views

CVE-2018-20781

In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.

7.8CVSS7.5AI score0.06244EPSS
CVE
CVE
added 2018/03/07 11:29 p.m.61 views

CVE-2018-7752

GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps function in media_tools/av_parsers.c, a different vulnerability than CVE-2018-1000100.

7.8CVSS7.5AI score0.00213EPSS
CVE
CVE
added 2005/09/30 10:5 a.m.60 views

CVE-2005-3106

Race condition in Linux 2.6, when threads are sharing memory mapping via CLONE_VM (such as linuxthreads and vfork), might allow local users to cause a denial of service (deadlock) by triggering a core dump while waiting for a thread that has just performed an exec.

4.7CVSS4.8AI score0.00078EPSS
CVE
CVE
added 2006/10/05 4:4 a.m.60 views

CVE-2006-5158

The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (process crash) and deny access to NFS exports via unspecified vectors that trigger a kernel oops (null dereference) and a deadlock.

7.5CVSS7.1AI score0.03256EPSS
CVE
CVE
added 2010/09/24 7:0 p.m.60 views

CVE-2010-1773

Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory corruption and application crash), or possibly e...

8.8CVSS9AI score0.01781EPSS
CVE
CVE
added 2014/03/01 12:55 a.m.60 views

CVE-2011-3634

methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors.

2.6CVSS6.2AI score0.00163EPSS
CVE
CVE
added 2013/08/14 3:55 p.m.60 views

CVE-2013-2126

Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed full-color (1) Foveon or (2) sRAW image file.

7.5CVSS8.1AI score0.03225EPSS
CVE
CVE
added 2013/11/23 11:55 a.m.60 views

CVE-2013-4474

Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename.

5CVSS7.1AI score0.29757EPSS
CVE
CVE
added 2014/04/28 2:9 p.m.60 views

CVE-2014-0187

The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied.

9CVSS6.1AI score0.00523EPSS
CVE
CVE
added 2014/04/30 2:22 p.m.60 views

CVE-2014-0471

Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting."

5CVSS6.5AI score0.00291EPSS
CVE
CVE
added 2014/08/25 2:55 p.m.60 views

CVE-2014-5356

OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service (disk consumption) b...

4CVSS6.1AI score0.00759EPSS
CVE
CVE
added 2015/01/22 10:59 p.m.60 views

CVE-2014-7943

Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5CVSS8.7AI score0.01712EPSS
CVE
CVE
added 2017/03/20 4:59 p.m.60 views

CVE-2014-9844

The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.

5.5CVSS5.7AI score0.00308EPSS
CVE
CVE
added 2015/03/09 12:59 a.m.60 views

CVE-2015-1220

Use-after-free vulnerability in the GIFImageReader::parseData function in platform/image-decoders/gif/GIFImageReader.cpp in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted frame size in...

6.8CVSS6.8AI score0.03072EPSS
Total number of security vulnerabilities4105