Lucene search

K
CanonicalUbuntu Linux

4105 matches found

CVE
CVE
added 2007/09/21 7:17 p.m.56 views

CVE-2007-4497

Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows users wit...

5.5CVSS6.1AI score0.00318EPSS
CVE
CVE
added 2008/03/06 9:44 p.m.56 views

CVE-2008-1195

Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java A...

9.3CVSS8.4AI score0.16311EPSS
CVE
CVE
added 2010/06/24 12:30 p.m.56 views

CVE-2010-2067

Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file.

6.8CVSS8.1AI score0.028EPSS
CVE
CVE
added 2010/08/24 8:0 p.m.56 views

CVE-2010-3113

Google Chrome before 5.0.375.127, and webkitgtk before 1.2.5, does not properly handle SVG documents, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors related to state changes when using DeleteButtonControll...

10CVSS9.2AI score0.03062EPSS
CVE
CVE
added 2011/03/25 7:55 p.m.56 views

CVE-2011-1400

The default configuration of the shell_escape_commands directive in conf/texmf.d/95NonPath.cnf in the tex-common package before 2.08.1 in Debian GNU/Linux squeeze, Ubuntu 10.10 and 10.04 LTS, and possibly other operating systems lists certain programs, which might allow remote attackers to execute ...

6.8CVSS7.5AI score0.02148EPSS
CVE
CVE
added 2011/11/29 5:55 p.m.56 views

CVE-2011-4405

The cupshelpers scripts in system-config-printer in Ubuntu 11.04 and 11.10, as used by the automatic printer driver download service, uses an "insecure connection" for queries to the OpenPrinting database, which allows remote attackers to execute arbitrary code via a man-in-the-middle (MITM) attack...

7.5CVSS7.5AI score0.01967EPSS
CVE
CVE
added 2013/10/09 2:54 p.m.56 views

CVE-2013-4256

Multiple stack-based and heap-based buffer overflows in Network Audio System (NAS) 1.9.3 allow local users to cause a denial of service (crash) or possibly execute arbitrary code via the (1) display command argument to the ProcessCommandLine function in server/os/utils.c; (2) ResetHosts function in...

4.6CVSS7.7AI score0.00144EPSS
CVE
CVE
added 2014/03/14 3:55 p.m.56 views

CVE-2013-6476

The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file.

4.4CVSS6.2AI score0.00115EPSS
CVE
CVE
added 2014/09/28 10:55 a.m.56 views

CVE-2014-6418

net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly validate auth replies, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via crafted data from the IP address of a Ceph Monitor.

7.1CVSS7.7AI score0.05251EPSS
CVE
CVE
added 2014/11/05 11:55 a.m.56 views

CVE-2014-8548

Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Quicktime Graphics (aka SMC) video data.

7.5CVSS8.9AI score0.00712EPSS
CVE
CVE
added 2015/03/09 12:59 a.m.56 views

CVE-2015-1216

Use-after-free vulnerability in the V8Window::namedPropertyGetterCustom function in bindings/core/v8/custom/V8WindowCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact vi...

7.5CVSS6.7AI score0.01073EPSS
CVE
CVE
added 2017/07/25 6:29 p.m.56 views

CVE-2015-1332

The oxide::JavaScriptDialogManager function in oxide-qt before 1.9.1 as packaged in Ubuntu 15.04 and Ubuntu 14.04 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted website.

8.8CVSS8.7AI score0.01138EPSS
CVE
CVE
added 2017/09/18 1:29 a.m.56 views

CVE-2017-14533

ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c.

6.5CVSS7AI score0.00467EPSS
CVE
CVE
added 2017/12/21 3:29 a.m.56 views

CVE-2017-17815

In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in is_mmacro() in asm/preproc.c that will cause a remote denial of service attack, because of a missing check for the relationship between minimum and maximum parameter counts.

5.5CVSS6.1AI score0.00198EPSS
CVE
CVE
added 2017/06/07 5:29 a.m.56 views

CVE-2017-9473

In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file.

5.5CVSS6.7AI score0.00262EPSS
CVE
CVE
added 2018/06/01 3:29 p.m.56 views

CVE-2018-11655

In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function GetImagePixelCache in MagickCore/cache.c, which allows attackers to cause a denial of service via a crafted CALS image file.

6.5CVSS6.5AI score0.00106EPSS
CVE
CVE
added 2019/03/29 5:29 a.m.56 views

CVE-2019-10269

BWA (aka Burrow-Wheeler Aligner) before 2019-01-23 has a stack-based buffer overflow in the bns_restore function in bntseq.c via a long sequence name in a .alt file.

10CVSS9.4AI score0.00833EPSS
CVE
CVE
added 2019/11/13 6:15 p.m.56 views

CVE-2019-2214

In binder_transaction of binder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ...

7.8CVSS8AI score0.00059EPSS
CVE
CVE
added 2020/08/06 11:15 p.m.56 views

CVE-2020-15701

An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7....

5.5CVSS5.4AI score0.0013EPSS
CVE
CVE
added 2024/06/04 10:15 p.m.56 views

CVE-2022-28655

is_closing_session() allows users to create arbitrary tcp dbus connections

7.1CVSS6.6AI score0.00039EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.55 views

CVE-2005-1111

Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.

4.7CVSS4.4AI score0.00075EPSS
CVE
CVE
added 2007/09/21 7:17 p.m.55 views

CVE-2007-5023

Unquoted Windows search path vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075, and Server before 1.0.4 Build 56528 allows local users to gain privile...

6.9CVSS6.7AI score0.00072EPSS
CVE
CVE
added 2010/07/06 5:17 p.m.55 views

CVE-2010-2648

The implementation of the Unicode Bidirectional Algorithm (aka Bidi algorithm or UBA) in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

9.3CVSS8.9AI score0.02851EPSS
CVE
CVE
added 2010/09/07 6:0 p.m.55 views

CVE-2010-3257

Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element focus.

9.3CVSS9AI score0.12151EPSS
CVE
CVE
added 2012/06/07 9:55 p.m.55 views

CVE-2012-0948

DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uses weak permissions for (1) apt-clone_system_state.tar.gz and (2) system_state.tar.gz, which allows local users to obtain repository credentials.

2.1CVSS6.3AI score0.00053EPSS
CVE
CVE
added 2014/05/21 2:55 p.m.55 views

CVE-2012-1166

The default keybindings for wwm in LTSP Display Manager (ldm) 2.2.x before 2.2.7 allow remote attackers to execute arbitrary commands via the KP_RETURN keybinding, which launches a terminal window.

10CVSS7.6AI score0.04374EPSS
CVE
CVE
added 2015/01/22 10:59 p.m.55 views

CVE-2015-1346

Multiple unspecified vulnerabilities in Google V8 before 3.30.33.15, as used in Google Chrome before 40.0.2214.91, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

7.5CVSS9.5AI score0.00313EPSS
CVE
CVE
added 2016/04/20 4:59 p.m.55 views

CVE-2015-7801

Use-after-free vulnerability in OptiPNG 0.6.4 allows remote attackers to execute arbitrary code via a crafted PNG file.

9.3CVSS8.6AI score0.02392EPSS
CVE
CVE
added 2016/06/09 4:59 p.m.55 views

CVE-2016-1581

LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecified vectors.

5.5CVSS5.2AI score0.00035EPSS
CVE
CVE
added 2016/06/13 7:59 p.m.55 views

CVE-2016-4353

ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service (abort) via crafted BER data.

7.5CVSS7.2AI score0.00796EPSS
CVE
CVE
added 2017/10/05 7:29 a.m.55 views

CVE-2017-15032

ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.

9.8CVSS9.1AI score0.00316EPSS
CVE
CVE
added 2017/12/27 5:8 p.m.55 views

CVE-2017-17886

In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service via a crafted psd image file.

6.5CVSS6.3AI score0.00447EPSS
CVE
CVE
added 2018/05/31 4:29 p.m.55 views

CVE-2018-11625

In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file allows attackers to cause a heap-based buffer over-read via a crafted file.

8.8CVSS8.1AI score0.00193EPSS
CVE
CVE
added 2018/07/01 10:29 p.m.55 views

CVE-2018-13043

scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing.

9.8CVSS9.4AI score0.01277EPSS
CVE
CVE
added 2019/02/06 11:29 p.m.55 views

CVE-2018-20761

GPAC version 0.7.1 and earlier has a Buffer Overflow vulnerability in the gf_sm_load_init function in scene_manager.c in libgpac_static.a.

7.8CVSS7.5AI score0.00293EPSS
CVE
CVE
added 2018/02/27 10:29 p.m.55 views

CVE-2018-7548

In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result.

9.8CVSS8.4AI score0.00222EPSS
CVE
CVE
added 2007/03/21 7:19 p.m.54 views

CVE-2007-1562

The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.

6.8CVSS5.5AI score0.29035EPSS
CVE
CVE
added 2007/09/21 7:17 p.m.54 views

CVE-2007-4496

Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows authentic...

6.5CVSS7AI score0.00336EPSS
CVE
CVE
added 2008/05/16 12:54 p.m.54 views

CVE-2008-2009

Xiph.org libvorbis before 1.0 does not properly check for underpopulated Huffman trees, which allows remote attackers to cause a denial of service (crash) via a crafted OGG file that triggers memory corruption during execution of the _make_decode_tree function.

4.3CVSS6.5AI score0.0434EPSS
CVE
CVE
added 2010/02/02 4:30 p.m.54 views

CVE-2009-4013

Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive information via vectors involving (1) control field names, (2) control field values, and (3) control ...

9.8CVSS9.3AI score0.00836EPSS
CVE
CVE
added 2010/08/24 8:0 p.m.54 views

CVE-2010-3116

Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to impr...

10CVSS9.2AI score0.12275EPSS
CVE
CVE
added 2013/04/03 12:55 a.m.54 views

CVE-2012-6129

Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted "micro transport protocol packets."

7.5CVSS8AI score0.02677EPSS
CVE
CVE
added 2013/02/13 1:55 a.m.54 views

CVE-2013-0241

The QXL display driver in QXL Virtual GPU 0.1.0 allows local users to cause a denial of service (guest crash or hang) via a SPICE connection that prevents other threads from obtaining the qemu_mutex mutex. NOTE: some of these details are obtained from third party information.

2.1CVSS6AI score0.00059EPSS
CVE
CVE
added 2013/10/03 9:55 p.m.54 views

CVE-2013-1061

dbus/SoftwarePropertiesDBus.py in Software Properties 0.92.17 before 0.92.17.3, 0.92.9 before 0.92.9.3, and 0.82.7 before 0.82.7.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess...

4.6CVSS6.1AI score0.00062EPSS
CVE
CVE
added 2013/12/14 5:21 p.m.54 views

CVE-2013-6391

The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2toke...

5.8CVSS6.6AI score0.00495EPSS
Web
CVE
CVE
added 2014/03/11 7:37 p.m.54 views

CVE-2014-0004

Stack-based buffer overflow in udisks before 1.0.5 and 2.x before 2.1.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long mount point.

6.9CVSS7.4AI score0.00057EPSS
Web
CVE
CVE
added 2014/06/01 4:29 a.m.54 views

CVE-2014-3925

sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux (RHEL) 5 produces an archive with an fstab file potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive info...

5CVSS7.2AI score0.00344EPSS
CVE
CVE
added 2014/07/29 2:55 p.m.54 views

CVE-2014-4909

Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.

6.8CVSS7.7AI score0.09187EPSS
CVE
CVE
added 2015/06/08 2:59 p.m.54 views

CVE-2015-3905

Buffer overflow in the set_cs_start function in t1disasm.c in t1utils before 1.39 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.

7.5CVSS7.7AI score0.04715EPSS
CVE
CVE
added 2016/06/13 7:59 p.m.54 views

CVE-2016-4355

Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 allow remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow.

7.5CVSS7.3AI score0.00791EPSS
Total number of security vulnerabilities4105