Lucene search

K
CanonicalUbuntu Linux10.04

509 matches found

CVE
CVE
added 2013/11/19 4:50 a.m.13016 views

CVE-2013-6629

The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG mark...

5CVSS6.1AI score0.0021EPSS
CVE
CVE
added 2014/04/16 12:55 a.m.12567 views

CVE-2014-0429

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

10CVSS6.5AI score0.07383EPSS
CVE
CVE
added 2014/04/16 12:55 a.m.12316 views

CVE-2014-0446

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

7.5CVSS6.5AI score0.04367EPSS
CVE
CVE
added 2011/08/29 3:55 p.m.4281 views

CVE-2011-3192

The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different ...

7.8CVSS6.3AI score0.9334EPSS
CVE
CVE
added 2014/09/24 6:48 p.m.2726 views

CVE-2014-6271

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cg...

10CVSS9.9AI score0.9422EPSS
CVE
CVE
added 2014/12/29 11:59 p.m.2013 views

CVE-2014-8109

mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restricti...

4.3CVSS6.7AI score0.17172EPSS
CVE
CVE
added 2014/03/18 5:18 a.m.1883 views

CVE-2014-0098

The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.

5CVSS8AI score0.49465EPSS
CVE
CVE
added 2011/02/22 7:0 p.m.1811 views

CVE-2011-1002

avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.

5CVSS7.8AI score0.75281EPSS
CVE
CVE
added 2014/03/18 5:18 a.m.1701 views

CVE-2013-6438

The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.

5CVSS8AI score0.36218EPSS
CVE
CVE
added 2014/09/25 1:55 a.m.1235 views

CVE-2014-7169

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the F...

10CVSS8.4AI score0.9422EPSS
CVE
CVE
added 2013/07/10 8:55 p.m.1201 views

CVE-2013-1896

mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain hr...

4.3CVSS6.2AI score0.33441EPSS
CVE
CVE
added 2011/10/19 9:55 p.m.1187 views

CVE-2011-3544

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Script...

10CVSS8.5AI score0.93041EPSS
CVE
CVE
added 2009/11/09 5:30 p.m.1166 views

CVE-2009-3555

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple ...

5.8CVSS6AI score0.04134EPSS
CVE
CVE
added 2013/06/10 5:55 p.m.1098 views

CVE-2013-1862

mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.

5.1CVSS6.9AI score0.38401EPSS
CVE
CVE
added 2010/12/14 4:0 p.m.1017 views

CVE-2010-4345

Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.

7.8CVSS8.8AI score0.11704EPSS
CVE
CVE
added 2014/04/15 10:55 a.m.828 views

CVE-2013-5704

The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."

5CVSS5.7AI score0.8475EPSS
CVE
CVE
added 2014/12/15 6:59 p.m.673 views

CVE-2014-3583

The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers.

5CVSS8AI score0.19785EPSS
CVE
CVE
added 2015/03/08 2:59 a.m.659 views

CVE-2015-0228

The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.

5CVSS8.8AI score0.14678EPSS
CVE
CVE
added 2011/09/06 7:55 p.m.608 views

CVE-2011-3389

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP...

4.3CVSS6.5AI score0.05563EPSS
CVE
CVE
added 2010/12/06 8:13 p.m.563 views

CVE-2010-3904

The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg sy...

7.8CVSS6.4AI score0.02116EPSS
CVE
CVE
added 2014/05/07 10:55 a.m.525 views

CVE-2014-0196

The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition in...

6.9CVSS6.3AI score0.5836EPSS
CVE
CVE
added 2014/10/10 10:55 a.m.408 views

CVE-2014-3581

The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header.

5CVSS6.2AI score0.03873EPSS
CVE
CVE
added 2010/11/05 5:0 p.m.355 views

CVE-2010-2941

ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.

9.8CVSS9.6AI score0.27685EPSS
CVE
CVE
added 2012/10/17 12:55 a.m.335 views

CVE-2012-3163

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.

9CVSS4.2AI score0.00866EPSS
CVE
CVE
added 2014/07/29 2:55 p.m.328 views

CVE-2014-5031

The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors.

5CVSS7.1AI score0.01618EPSS
CVE
CVE
added 2014/03/11 1:1 p.m.312 views

CVE-2014-0101

The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system cra...

7.8CVSS5.9AI score0.03342EPSS
CVE
CVE
added 2014/03/24 4:40 p.m.277 views

CVE-2014-2523

net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet...

10CVSS7.2AI score0.03555EPSS
CVE
CVE
added 2015/03/30 10:59 a.m.260 views

CVE-2015-2301

Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name o...

7.5CVSS7.9AI score0.10318EPSS
CVE
CVE
added 2013/08/18 2:52 a.m.248 views

CVE-2013-4248

The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL se...

4.3CVSS6.1AI score0.09892EPSS
CVE
CVE
added 2017/01/27 10:59 p.m.237 views

CVE-2017-3313

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure wher...

4.7CVSS4.9AI score0.00042EPSS
CVE
CVE
added 2012/07/03 7:55 p.m.235 views

CVE-2012-0876

The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.

4.3CVSS7.4AI score0.00399EPSS
CVE
CVE
added 2013/08/18 2:52 a.m.225 views

CVE-2013-4238

The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate iss...

4.3CVSS6.2AI score0.03786EPSS
CVE
CVE
added 2011/11/29 12:55 a.m.221 views

CVE-2011-4566

Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a diff...

6.4CVSS8.5AI score0.79373EPSS
CVE
CVE
added 2013/07/23 11:3 a.m.213 views

CVE-2013-4002

XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlie...

7.1CVSS6.7AI score0.01422EPSS
CVE
CVE
added 2014/11/05 11:55 a.m.210 views

CVE-2014-3710

The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.

5CVSS7.1AI score0.07784EPSS
CVE
CVE
added 2011/03/02 8:0 p.m.207 views

CVE-2011-0762

The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.

4CVSS7.2AI score0.38386EPSS
CVE
CVE
added 2015/03/30 10:59 a.m.204 views

CVE-2015-2305

Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a...

6.8CVSS8.1AI score0.37283EPSS
CVE
CVE
added 2013/03/28 11:55 p.m.200 views

CVE-2013-1861

MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number o...

5CVSS5.1AI score0.45963EPSS
CVE
CVE
added 2012/12/03 12:49 p.m.194 views

CVE-2012-5612

Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain varia...

6.5CVSS5.7AI score0.6089EPSS
CVE
CVE
added 2011/10/10 10:55 a.m.192 views

CVE-2011-2189

net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires a separate namespac...

7.8CVSS7AI score0.10905EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.192 views

CVE-2013-0753

Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.1...

9.3CVSS9.5AI score0.8806EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.190 views

CVE-2013-0758

Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging impr...

9.3CVSS9.4AI score0.87365EPSS
CVE
CVE
added 2013/04/04 5:55 p.m.190 views

CVE-2013-1899

Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection ...

6.5CVSS6.5AI score0.88079EPSS
CVE
CVE
added 2010/11/26 8:0 p.m.187 views

CVE-2010-3705

The sctp_auth_asoc_get_hmac function in net/sctp/auth.c in the Linux kernel before 2.6.36 does not properly validate the hmac_ids array of an SCTP peer, which allows remote attackers to cause a denial of service (memory corruption and panic) via a crafted value in the last element of this array.

8.3CVSS5.8AI score0.01215EPSS
CVE
CVE
added 2013/11/28 4:37 a.m.186 views

CVE-2013-6712

The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification.

5CVSS5.5AI score0.22786EPSS
CVE
CVE
added 2014/11/04 4:55 p.m.186 views

CVE-2014-3660

parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a va...

5CVSS5.9AI score0.04812EPSS
CVE
CVE
added 2014/07/29 2:55 p.m.184 views

CVE-2014-5030

CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py.

1.9CVSS7AI score0.00052EPSS
CVE
CVE
added 2015/01/21 6:59 p.m.184 views

CVE-2015-0408

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.

10CVSS3.8AI score0.09938EPSS
CVE
CVE
added 2012/02/01 4:55 p.m.178 views

CVE-2012-0444

Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute...

10CVSS8.9AI score0.02228EPSS
CVE
CVE
added 2015/02/24 3:59 p.m.178 views

CVE-2013-7423

The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.

5CVSS7.3AI score0.03151EPSS
Total number of security vulnerabilities509