Lucene search

K
CanonicalUbuntu Linux16.04

2225 matches found

CVE
CVE
added 2016/04/18 10:59 a.m.63 views

CVE-2016-1655

Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted extension.

8.8CVSS9.2AI score0.02987EPSS
CVE
CVE
added 2016/06/14 2:59 p.m.63 views

CVE-2016-5238

The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode.

4.4CVSS6.1AI score0.00094EPSS
CVE
CVE
added 2017/09/12 8:29 a.m.63 views

CVE-2017-14326

In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file.

6.5CVSS6.5AI score0.00377EPSS
CVE
CVE
added 2018/12/07 10:29 p.m.63 views

CVE-2017-16909

An error related to the "LibRaw::panasonic_load_raw()" function (dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image.

8.8CVSS8.4AI score0.00584EPSS
CVE
CVE
added 2017/12/13 10:29 p.m.63 views

CVE-2017-17669

There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack.

5.5CVSS6.1AI score0.00167EPSS
CVE
CVE
added 2017/12/27 5:8 p.m.63 views

CVE-2017-17882

In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file.

6.5CVSS6.5AI score0.0045EPSS
CVE
CVE
added 2018/03/15 7:29 p.m.63 views

CVE-2017-18236

An issue was discovered in Exempi before 2.4.4. The ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted .asf file.

5.5CVSS5.7AI score0.00173EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.63 views

CVE-2018-2776

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Group Replication GCS). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via XCom to compromise MySQL Server. Successful attacks ...

4.9CVSS5.1AI score0.0038EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.62 views

CVE-2016-1702

The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted serialized data.

6.5CVSS6.7AI score0.01428EPSS
CVE
CVE
added 2018/07/30 2:29 p.m.62 views

CVE-2016-9597

It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.

7.5CVSS7AI score0.01327EPSS
CVE
CVE
added 2017/09/12 8:29 a.m.62 views

CVE-2017-14325

In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function PersistPixelCache in magick/cache.c, which allows attackers to cause a denial of service (memory consumption in ReadMPCImage in coders/mpc.c) via a crafted file.

7.1CVSS6.5AI score0.00421EPSS
CVE
CVE
added 2018/04/03 6:29 a.m.62 views

CVE-2017-7161

An issue was discovered in certain Apple products. Safari before 11.0.2 is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to execute arbitrary code via special characters that trigger command injection.

8.8CVSS7.2AI score0.00954EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.62 views

CVE-2018-2780

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

6.5CVSS5.6AI score0.00494EPSS
CVE
CVE
added 2018/12/07 10:29 p.m.62 views

CVE-2018-5810

An error within the "rollei_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.

8.8CVSS7.2AI score0.00567EPSS
CVE
CVE
added 2020/06/17 4:15 p.m.62 views

CVE-2020-14396

An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference.

7.5CVSS7.3AI score0.01243EPSS
CVE
CVE
added 2017/09/21 5:29 a.m.61 views

CVE-2017-14626

ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c.

9.8CVSS7.5AI score0.01117EPSS
CVE
CVE
added 2018/01/05 7:29 p.m.61 views

CVE-2017-18022

In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand in MagickWand/montage.c.

6.5CVSS7.1AI score0.0029EPSS
CVE
CVE
added 2019/02/06 11:29 p.m.61 views

CVE-2018-20762

GPAC version 0.7.1 and earlier has a buffer overflow vulnerability in the cat_multiple_files function in applications/mp4box/fileimport.c when MP4Box is used for a local directory containing crafted filenames.

7.8CVSS7.7AI score0.00274EPSS
CVE
CVE
added 2018/01/29 5:29 p.m.61 views

CVE-2018-6381

In ZZIPlib 0.13.67, 0.13.66, 0.13.65, 0.13.64, 0.13.63, 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57 and 0.13.56 there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function (zzip/mmapped.c) because the size variable is not validated against the amount of fi...

6.5CVSS5.7AI score0.00317EPSS
CVE
CVE
added 2018/02/09 6:29 a.m.61 views

CVE-2018-6869

In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

6.5CVSS5.5AI score0.01067EPSS
CVE
CVE
added 2019/07/04 3:15 p.m.61 views

CVE-2019-13241

FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.

7.8CVSS7.4AI score0.00922EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.60 views

CVE-2016-1692

WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet download has an incorrect MIME type, which allows remote attackers to bypass the Same Origin Policy via a...

5.3CVSS5.9AI score0.00748EPSS
CVE
CVE
added 2016/06/13 10:59 a.m.60 views

CVE-2016-2825

Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL.

6.5CVSS7.1AI score0.00237EPSS
CVE
CVE
added 2018/02/02 2:29 p.m.60 views

CVE-2017-14177

Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an...

7.8CVSS7.6AI score0.00109EPSS
CVE
CVE
added 2017/09/12 5:29 p.m.60 views

CVE-2017-14343

ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file.

6.5CVSS6.2AI score0.00406EPSS
CVE
CVE
added 2017/10/10 8:29 p.m.60 views

CVE-2017-15218

ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c.

6.5CVSS7AI score0.00467EPSS
CVE
CVE
added 2018/06/29 2:29 p.m.60 views

CVE-2018-13005

An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read in isomedia/box_code_base.c has a heap-based buffer over-read.

9.8CVSS9.3AI score0.00593EPSS
CVE
CVE
added 2019/02/06 11:29 p.m.60 views

CVE-2018-20763

In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because of missing szLineConv bounds checking.

7.8CVSS7.6AI score0.00217EPSS
CVE
CVE
added 2018/02/01 5:29 a.m.60 views

CVE-2018-6484

In ZZIPlib 0.13.67, there is a memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

6.5CVSS5.5AI score0.00416EPSS
CVE
CVE
added 2017/03/20 4:59 p.m.59 views

CVE-2014-9842

Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.

7.5CVSS7.1AI score0.02361EPSS
CVE
CVE
added 2018/01/12 8:29 p.m.59 views

CVE-2017-18027

In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.

6.5CVSS6.6AI score0.00615EPSS
CVE
CVE
added 2018/01/12 8:29 p.m.59 views

CVE-2017-18029

In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.

6.5CVSS6.6AI score0.00897EPSS
CVE
CVE
added 2019/02/12 5:29 p.m.59 views

CVE-2018-20781

In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.

7.8CVSS7.5AI score0.06715EPSS
CVE
CVE
added 2018/03/06 6:29 p.m.59 views

CVE-2018-7729

An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the PostScript_MetaHandler::ParsePSFile() function in XMPFiles/source/FileHandlers/PostScript_Handler.cpp.

5.5CVSS6.1AI score0.00344EPSS
CVE
CVE
added 2018/03/07 11:29 p.m.59 views

CVE-2018-7752

GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps function in media_tools/av_parsers.c, a different vulnerability than CVE-2018-1000100.

7.8CVSS7.5AI score0.00213EPSS
CVE
CVE
added 2017/03/20 4:59 p.m.58 views

CVE-2014-9850

Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption).

7.5CVSS7.1AI score0.01602EPSS
CVE
CVE
added 2016/06/05 11:59 p.m.58 views

CVE-2016-1673

Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

8.8CVSS8.2AI score0.00847EPSS
CVE
CVE
added 2017/09/12 5:29 p.m.58 views

CVE-2017-14342

ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file.

6.5CVSS6.8AI score0.00266EPSS
CVE
CVE
added 2018/06/29 2:29 p.m.58 views

CVE-2018-13006

An issue was discovered in MP4Box in GPAC 0.7.1. There is a heap-based buffer over-read in the isomedia/box_dump.c function hdlr_dump.

9.8CVSS9.3AI score0.00697EPSS
CVE
CVE
added 2017/03/20 4:59 p.m.57 views

CVE-2014-9844

The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.

5.5CVSS5.7AI score0.00295EPSS
CVE
CVE
added 2018/01/01 8:29 a.m.57 views

CVE-2017-18008

In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in coders/pwp.c.

6.5CVSS7.1AI score0.00469EPSS
CVE
CVE
added 2016/06/13 7:59 p.m.56 views

CVE-2016-4579

Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl."

7.5CVSS7.2AI score0.0218EPSS
CVE
CVE
added 2018/04/03 10:29 p.m.56 views

CVE-2018-9240

ncmpc through 0.29 is prone to a NULL pointer dereference flaw. If a user uses the chat screen and another client sends a long chat message, a crash and denial of service could occur.

7.5CVSS7.2AI score0.00436EPSS
CVE
CVE
added 2018/04/10 6:29 p.m.56 views

CVE-2018-9918

libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and QPDF_Dictionary classes, because nesting in direct objects is not restricted.

7.8CVSS7.2AI score0.00107EPSS
CVE
CVE
added 2016/10/03 6:59 p.m.55 views

CVE-2016-1371

ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted mew packer executable.

5.5CVSS5.4AI score0.00716EPSS
CVE
CVE
added 2018/12/07 10:29 p.m.55 views

CVE-2018-5811

An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.

6.5CVSS6.2AI score0.00384EPSS
CVE
CVE
added 2020/08/06 11:15 p.m.55 views

CVE-2020-15701

An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7....

5.5CVSS5.4AI score0.0013EPSS
CVE
CVE
added 2016/06/09 4:59 p.m.54 views

CVE-2016-1581

LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecified vectors.

5.5CVSS5.2AI score0.00035EPSS
CVE
CVE
added 2017/10/05 7:29 a.m.54 views

CVE-2017-15032

ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.

9.8CVSS9.1AI score0.00316EPSS
CVE
CVE
added 2017/12/27 5:8 p.m.54 views

CVE-2017-17886

In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service via a crafted psd image file.

6.5CVSS6.3AI score0.00447EPSS
Total number of security vulnerabilities2225