PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin.
Max CVSS
5.3
EPSS Score
0.13%
Published
2023-09-27
Updated
2023-10-05
Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-10-07
Updated
2023-10-11
Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.
Max CVSS
5.5
EPSS Score
0.05%
Published
2023-04-26
Updated
2023-05-08
The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c. This issue was introduced in da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed in 649c15c7691e9b13cbe9bf6c65c365350e056067.
Max CVSS
5.5
EPSS Score
0.04%
Published
2024-01-08
Updated
2024-01-11
Ubuntu's pipewire-pulse in snap grants microphone access even when the snap interface for audio-record is not set.
Max CVSS
5.5
EPSS Score
0.05%
Published
2024-01-24
Updated
2024-01-30
Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-04-19
Updated
2023-05-01
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.
Max CVSS
5.5
EPSS Score
0.04%
Published
2022-08-29
Updated
2023-12-20
There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned
Max CVSS
5.5
EPSS Score
0.11%
Published
2022-02-21
Updated
2023-06-12
When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-04-19
Updated
2023-05-04
snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
Max CVSS
5.5
EPSS Score
0.04%
Published
2022-02-17
Updated
2022-02-25
GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way.
Max CVSS
5.5
EPSS Score
0.18%
Published
2020-12-26
Updated
2021-03-22
Aptdaemon performed policykit checks after interacting with potentially untrusted files with elevated privileges. This affected versions prior to 1.1.1+bzr982-0ubuntu34.1, 1.1.1+bzr982-0ubuntu32.3, 1.1.1+bzr982-0ubuntu19.5, 1.1.1+bzr982-0ubuntu14.5.
Max CVSS
5.5
EPSS Score
0.04%
Published
2020-12-09
Updated
2020-12-11
A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a.
Max CVSS
5.5
EPSS Score
0.04%
Published
2020-09-24
Updated
2022-04-27
A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Max CVSS
5.5
EPSS Score
0.04%
Published
2020-10-06
Updated
2022-11-21
A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
Max CVSS
5.5
EPSS Score
0.33%
Published
2020-08-13
Updated
2022-06-29
A division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
Max CVSS
5.5
EPSS Score
0.40%
Published
2020-08-13
Updated
2022-06-29
A buffer overflow vulnerability in lxm5700m_print_page() in devices/gdevlxm.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted eps file. This is fixed in v9.51.
Max CVSS
5.5
EPSS Score
0.33%
Published
2020-08-13
Updated
2022-06-29
A buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
Max CVSS
5.5
EPSS Score
0.33%
Published
2020-08-13
Updated
2022-06-29
A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51.
Max CVSS
5.5
EPSS Score
0.34%
Published
2020-08-13
Updated
2022-06-29
A null pointer dereference vulnerability in devices/gdevtsep.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51.
Max CVSS
5.5
EPSS Score
0.34%
Published
2020-08-13
Updated
2022-06-29
A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
Max CVSS
5.5
EPSS Score
0.33%
Published
2020-08-13
Updated
2022-06-29
A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted eps file. This is fixed in v9.51.
Max CVSS
5.5
EPSS Score
0.32%
Published
2020-08-13
Updated
2022-06-29
A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51.
Max CVSS
5.5
EPSS Score
0.28%
Published
2020-08-13
Updated
2022-06-29
A buffer overflow vulnerability in okiibm_print_page1() in devices/gdevokii.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
Max CVSS
5.5
EPSS Score
0.29%
Published
2020-08-13
Updated
2022-08-24
A buffer overflow vulnerability in tiff12_print_page() in devices/gdevtfnx.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
Max CVSS
5.5
EPSS Score
0.33%
Published
2020-08-13
Updated
2022-08-24
738 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!