Ubuntu Linux Security Vulnerabilities
In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME...
7.5CVSS
7.1AI Score
0.037EPSS
In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds...
7.5CVSS
7.3AI Score
0.007EPSS
In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is...
7.5CVSS
7.3AI Score
0.003EPSS
An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible....
4.3CVSS
4.4AI Score
0.001EPSS
In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in...
3.8CVSS
4.8AI Score
0.0005EPSS
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability...
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this.....
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible...
In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory...
3.3CVSS
3.6AI Score
0.001EPSS
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and...
3.7CVSS
5.2AI Score
0.002EPSS
libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns...
5.9CVSS
7.3AI Score
0.005EPSS
A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed....
9.8CVSS
9.3AI Score
0.005EPSS
hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of....
5.3CVSS
5.5AI Score
0.001EPSS
LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame traversal is...
7.5CVSS
7.3AI Score
0.002EPSS
evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response...
5.9CVSS
5.5AI Score
0.004EPSS
The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `). NOTE: kramdown ...
9.8CVSS
9.2AI Score
0.012EPSS
An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. Incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka...
6.7CVSS
6.4AI Score
0.0005EPSS
An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka...
6.7CVSS
6.5AI Score
0.0005EPSS
An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of...
7.5CVSS
7.3AI Score
0.89EPSS
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of...
7.5CVSS
7.4AI Score
0.154EPSS
The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute...
10CVSS
8AI Score
0.004EPSS
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header...
7.5CVSS
7.6AI Score
0.011EPSS
An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory,.....
6.5CVSS
5.8AI Score
0.0005EPSS
A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash...
6.5CVSS
6.5AI Score
0.002EPSS
A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to...
7.5CVSS
7.2AI Score
0.015EPSS
A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information...
8.6CVSS
7.9AI Score
0.002EPSS
It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer...
9.8CVSS
9.1AI Score
0.004EPSS
In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka...
5.5CVSS
5.9AI Score
0.0004EPSS
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant...
5.5CVSS
6.9AI Score
0.002EPSS
An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in...
5.5CVSS
5.5AI Score
0.0004EPSS
An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in...
5.5CVSS
5.8AI Score
0.001EPSS
In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond...
5.5CVSS
6AI Score
0.001EPSS
In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2...
5.5CVSS
5.3AI Score
0.001EPSS
5.5CVSS
5.5AI Score
0.001EPSS
7.8CVSS
7.5AI Score
0.002EPSS
In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than...
8.1CVSS
8.7AI Score
0.013EPSS
A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka...
8.8CVSS
8.8AI Score
0.006EPSS
A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service,...
5.7CVSS
6.5AI Score
0.001EPSS
A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka...
8CVSS
8.4AI Score
0.0005EPSS
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka...
4.3CVSS
5.8AI Score
0.001EPSS
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka...
4.3CVSS
5.4AI Score
0.001EPSS
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka...
4.3CVSS
5.4AI Score
0.001EPSS
GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login...
4.3CVSS
5.6AI Score
0.006EPSS
Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response...
5.9CVSS
5.4AI Score
0.002EPSS
A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie...
7.5CVSS
5.8AI Score
0.002EPSS
An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer...
7.5CVSS
7.4AI Score
0.002EPSS
An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in...
7.5CVSS
7.3AI Score
0.008EPSS
libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket...
7.5CVSS
7.5AI Score
0.017EPSS
An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat...
6.5CVSS
6.7AI Score
0.002EPSS
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via...
5.4CVSS
6.1AI Score
0.001EPSS