Lucene search

K
CanonicalUbuntu Linux16.04

2225 matches found

CVE
CVE
added 2018/04/03 6:29 a.m.99 views

CVE-2017-13885

An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attacker...

8.8CVSS7.7AI score0.00385EPSS
CVE
CVE
added 2018/05/12 4:29 a.m.99 views

CVE-2018-10998

An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call.

6.5CVSS6.2AI score0.01214EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.99 views

CVE-2018-12407

A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module. This results in a potentially exploitable crash. This vulnerability affects Firefox

9.8CVSS7.3AI score0.05316EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.99 views

CVE-2018-2777

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

4.9CVSS5AI score0.0009EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.99 views

CVE-2018-2786

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

5.5CVSS5.4AI score0.00074EPSS
CVE
CVE
added 2018/12/07 10:29 p.m.99 views

CVE-2018-5800

An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.

6.5CVSS7.2AI score0.02261EPSS
CVE
CVE
added 2016/05/14 9:59 p.m.98 views

CVE-2016-1669

The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impa...

9.3CVSS8.8AI score0.05801EPSS
CVE
CVE
added 2016/07/03 9:59 p.m.98 views

CVE-2016-1704

Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.103 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

8.8CVSS8.7AI score0.00802EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.98 views

CVE-2016-1836

Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.

5.5CVSS6.5AI score0.01468EPSS
CVE
CVE
added 2016/06/13 10:59 a.m.98 views

CVE-2016-2819

Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG element.

8.8CVSS9AI score0.66282EPSS
CVE
CVE
added 2016/04/12 2:0 a.m.98 views

CVE-2016-2857

The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.

8.4CVSS6.6AI score0.00058EPSS
CVE
CVE
added 2016/05/11 9:59 p.m.98 views

CVE-2016-3712

Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.

5.5CVSS6.4AI score0.00138EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.98 views

CVE-2018-12358

Service workers can use redirection to avoid the tainting of cross-origin resources in some instances, allowing a malicious site to read responses which are supposed to be opaque. This vulnerability affects Firefox

4.3CVSS5.1AI score0.00399EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.98 views

CVE-2018-12398

By using the reflected URL in some special resource URIs, such as chrome:, it is possible to inject stylesheets and bypass Content Security Policy (CSP). This vulnerability affects Firefox

6.5CVSS7AI score0.00431EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.98 views

CVE-2018-12402

The internal WebBrowserPersist code does not use correct origin context for a resource being saved. This manifests when sub-resources are loaded as part of "Save Page As..." functionality. For example, a malicious page could recover a visitor's Windows username and NTLM hash by including resources ...

6.5CVSS7.1AI score0.0012EPSS
CVE
CVE
added 2018/08/25 9:29 p.m.98 views

CVE-2018-15864

Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created.

5.5CVSS5.9AI score0.00059EPSS
CVE
CVE
added 2018/04/03 6:29 a.m.98 views

CVE-2018-4161

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" compon...

8.8CVSS8.6AI score0.00759EPSS
CVE
CVE
added 2018/06/08 6:29 p.m.98 views

CVE-2018-4190

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attacker...

8.8CVSS6.9AI score0.01516EPSS
CVE
CVE
added 2018/06/08 6:29 p.m.98 views

CVE-2018-4218

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" co...

8.8CVSS8.7AI score0.53585EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.98 views

CVE-2018-5161

Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird

4.3CVSS5.9AI score0.01228EPSS
CVE
CVE
added 2020/03/23 2:15 p.m.98 views

CVE-2020-1951

A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23.

5.5CVSS5.5AI score0.00341EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.97 views

CVE-2016-1835

Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document.

8.8CVSS7.2AI score0.04733EPSS
CVE
CVE
added 2016/06/13 2:59 p.m.97 views

CVE-2016-5104

The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket.

5.3CVSS5.3AI score0.00744EPSS
CVE
CVE
added 2017/08/30 9:29 a.m.97 views

CVE-2017-13768

Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file.

6.5CVSS6.1AI score0.00874EPSS
CVE
CVE
added 2018/08/25 9:29 p.m.97 views

CVE-2018-15854

Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly.

5.5CVSS5.9AI score0.00059EPSS
CVE
CVE
added 2018/11/07 4:29 p.m.97 views

CVE-2018-19059

An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.

6.5CVSS6.3AI score0.00131EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.97 views

CVE-2018-2839

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful atta...

4.9CVSS5AI score0.0038EPSS
CVE
CVE
added 2018/04/03 6:29 a.m.97 views

CVE-2018-4119

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers ...

8.8CVSS8.7AI score0.00579EPSS
CVE
CVE
added 2018/03/23 9:29 p.m.97 views

CVE-2018-8960

The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation, leading to a heap-based buffer over-read.

8.8CVSS7.1AI score0.00385EPSS
CVE
CVE
added 2016/06/13 10:59 a.m.96 views

CVE-2016-2818

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

8.8CVSS9.3AI score0.00426EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.96 views

CVE-2018-12388

Mozilla developers and community members reported memory safety bugs present in Firefox 62. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox

8.8CVSS9.4AI score0.00457EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.96 views

CVE-2018-12401

Some special resource URIs will cause a non-exploitable crash if loaded with optional parameters following a '?' in the parsed string. This could lead to denial of service (DOS) attacks. This vulnerability affects Firefox

7.5CVSS7.4AI score0.0255EPSS
CVE
CVE
added 2018/08/25 9:29 p.m.96 views

CVE-2018-15858

Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file.

5.5CVSS5.7AI score0.00082EPSS
CVE
CVE
added 2018/08/25 9:29 p.m.96 views

CVE-2018-15861

Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure.

5.5CVSS5.9AI score0.00059EPSS
CVE
CVE
added 2018/09/05 1:29 p.m.96 views

CVE-2018-16513

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact.

7.8CVSS8AI score0.00309EPSS
CVE
CVE
added 2019/03/21 4:0 p.m.96 views

CVE-2018-18898

The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing.

7.5CVSS7.2AI score0.01297EPSS
CVE
CVE
added 2018/11/10 7:29 p.m.96 views

CVE-2018-19149

Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.

6.5CVSS6.4AI score0.002EPSS
CVE
CVE
added 2018/04/03 6:29 a.m.96 views

CVE-2018-4114

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" compon...

8.8CVSS8.6AI score0.00567EPSS
CVE
CVE
added 2018/04/03 6:29 a.m.96 views

CVE-2018-4122

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" compon...

8.8CVSS8.7AI score0.00567EPSS
CVE
CVE
added 2018/04/03 6:29 a.m.96 views

CVE-2018-4125

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" compon...

8.8CVSS8.6AI score0.00567EPSS
CVE
CVE
added 2018/04/03 6:29 a.m.96 views

CVE-2018-4146

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" compon...

6.5CVSS6.1AI score0.00848EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.96 views

CVE-2018-5152

WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the "webRequest" API. For example, this allows for the interception of username and an encrypted password during login to Firefox...

6.5CVSS6.3AI score0.00633EPSS
CVE
CVE
added 2018/01/06 4:29 p.m.96 views

CVE-2018-5205

When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string.

7.5CVSS8.4AI score0.00625EPSS
CVE
CVE
added 2016/09/20 2:15 p.m.95 views

CVE-2015-8933

Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file.

5.5CVSS6AI score0.00311EPSS
CVE
CVE
added 2016/06/01 10:59 p.m.95 views

CVE-2016-5126

Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.

7.8CVSS7.9AI score0.0017EPSS
CVE
CVE
added 2017/06/02 7:29 p.m.95 views

CVE-2017-9403

In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file.

6.5CVSS6.2AI score0.00962EPSS
CVE
CVE
added 2019/02/05 9:29 p.m.95 views

CVE-2018-18503

When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatch in some situations. This vulnerability affects Firefox

8.8CVSS5.2AI score0.02345EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.95 views

CVE-2018-2759

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

4.9CVSS5AI score0.00085EPSS
CVE
CVE
added 2018/04/03 6:29 a.m.95 views

CVE-2018-4113

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves a JavaScriptCore fu...

6.5CVSS6.1AI score0.01156EPSS
CVE
CVE
added 2019/08/29 3:15 p.m.95 views

CVE-2019-11476

An integer overflow in whoopsie before versions 0.2.52.5ubuntu0.1, 0.2.62ubuntu0.1, 0.2.64ubuntu0.1, 0.2.66, results in an out-of-bounds write to a heap allocated buffer when processing large crash dumps. This results in a crash or possible code-execution in the context of the whoopsie process.

7.8CVSS7.1AI score0.00104EPSS
Total number of security vulnerabilities2225