Ubuntu Linux Security Vulnerabilities
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo()...
5.5CVSS
6.2AI Score
0.001EPSS
sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU...
5.5CVSS
5.6AI Score
0.0004EPSS
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet...
7CVSS
7.5AI Score
0.001EPSS
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and...
5.5CVSS
6.7AI Score
0.001EPSS
A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird <...
9.8CVSS
9.5AI Score
0.015EPSS
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. This...
5.5CVSS
6.4AI Score
0.0005EPSS
Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects.....
9.8CVSS
9.8AI Score
0.008EPSS
qmail-verify as used in netqmail 1.06 is prone to an information disclosure vulnerability. A local attacker can test for the existence of files and directories anywhere in the filesystem because qmail-verify runs as root and tests for the existence of files in the attacker's home directory,...
5.5CVSS
6.7AI Score
0.0004EPSS
qmail-verify as used in netqmail 1.06 is prone to a mail-address verification bypass...
7.5CVSS
8.3AI Score
0.002EPSS
5.5CVSS
6.8AI Score
0.001EPSS
By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird <...
4.3CVSS
6AI Score
0.001EPSS
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized...
5.5CVSS
6.2AI Score
0.0005EPSS
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in...
7.1CVSS
6.9AI Score
0.002EPSS
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in...
8.3CVSS
8AI Score
0.002EPSS
A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While...
5.9CVSS
6.5AI Score
0.008EPSS
An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free...
8.2CVSS
8.5AI Score
0.003EPSS
An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from...
9.1CVSS
6.8AI Score
0.002EPSS
An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF...
7.5CVSS
8.1AI Score
0.002EPSS
Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...
8.8CVSS
9.1AI Score
0.006EPSS
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the...
7CVSS
7.5AI Score
0.922EPSS
A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory...
6.7CVSS
7AI Score
0.0004EPSS
A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory...
5.1CVSS
5.7AI Score
0.0005EPSS
A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory...
6.7CVSS
6.8AI Score
0.0004EPSS
Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream...
7.5CVSS
7.5AI Score
0.02EPSS
Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration...
7.5CVSS
7AI Score
0.973EPSS
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS...
7.5CVSS
7.5AI Score
0.015EPSS
gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka...
6.5CVSS
6.5AI Score
0.007EPSS
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory...
5.3CVSS
6AI Score
0.0005EPSS
libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds...
2.2CVSS
5.1AI Score
0.002EPSS
libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds...
2.2CVSS
5.1AI Score
0.005EPSS
libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds...
6.6CVSS
6.5AI Score
0.004EPSS
libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer...
6.6CVSS
6.5AI Score
0.02EPSS
libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds...
6.6CVSS
6.8AI Score
0.005EPSS
6.5CVSS
6.6AI Score
0.007EPSS
Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb...
5.5CVSS
5.2AI Score
0.001EPSS
An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module. This issue...
3.3CVSS
4AI Score
0.0004EPSS
In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0...
5CVSS
6AI Score
0.0004EPSS
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build...
6.3CVSS
6.8AI Score
0.001EPSS
A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. An attacker could...
7.5CVSS
7.4AI Score
0.007EPSS
A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacker could exploit...
7.5CVSS
7.5AI Score
0.006EPSS
In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. As a result, a manipulated client or server might force a disconnect due to an invalid data read. This has been fixed in...
2.2CVSS
4.9AI Score
0.003EPSS
A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent...
5.3CVSS
6AI Score
0.001EPSS
Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and...
7.5CVSS
7.5AI Score
0.003EPSS
An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka...
6.7CVSS
6.7AI Score
0.0005EPSS
5.5CVSS
6.6AI Score
0.0004EPSS
An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka...
5.5CVSS
5.7AI Score
0.0004EPSS
An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation...
5.5CVSS
5.9AI Score
0.001EPSS
An issue was discovered in the Linux kernel before 5.6. svm_cpu_uninit in arch/x86/kvm/svm.c has a memory leak, aka CID-d80b64ff297e. NOTE: third parties dispute this issue because it's a one-time leak at the boot, the size is negligible, and it can't be triggered at...
5.5CVSS
5.7AI Score
0.0004EPSS
iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors (such as C library....
4.4CVSS
4.8AI Score
0.0004EPSS
json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by...
7.8CVSS
8AI Score
0.001EPSS