Lucene search

K
CanonicalUbuntu Linux

4105 matches found

cve
cve
added 2018/10/17 1:31 a.m.364 views

CVE-2018-3162

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server....

4.9CVSS5AI score0.00181EPSS
cve
cve
added 2018/10/17 1:31 a.m.364 views

CVE-2018-3180

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with...

6.8CVSS5.8AI score0.00055EPSS
cve
cve
added 2019/07/19 5:15 p.m.364 views

CVE-2019-1010238

Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when a...

9.8CVSS9.7AI score0.05393EPSS
cve
cve
added 2020/05/22 6:15 p.m.364 views

CVE-2020-13398

An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c.

8.3CVSS8AI score0.00382EPSS
cve
cve
added 2018/05/23 1:29 p.m.363 views

CVE-2018-1126

procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.

9.8CVSS7.7AI score0.00302EPSS
Web
cve
cve
added 2019/09/13 1:15 p.m.363 views

CVE-2019-15030

In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then acces...

4.4CVSS5.8AI score0.00081EPSS
cve
cve
added 2019/08/15 10:15 p.m.363 views

CVE-2019-9850

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on variou...

9.8CVSS9.2AI score0.85073EPSS
cve
cve
added 2016/07/04 10:59 p.m.362 views

CVE-2016-3092

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

7.8CVSS7.5AI score0.44747EPSS
cve
cve
added 2020/01/29 9:15 p.m.362 views

CVE-2019-20445

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.

9.1CVSS8.9AI score0.00434EPSS
cve
cve
added 2020/07/06 7:15 p.m.362 views

CVE-2020-10760

A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba.

6.5CVSS6.6AI score0.03585EPSS
cve
cve
added 2020/04/02 9:15 p.m.362 views

CVE-2020-11494

An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka CID-b9258a2ce...

4.4CVSS5.3AI score0.00124EPSS
cve
cve
added 2020/11/23 5:15 p.m.361 views

CVE-2020-0569

Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access.

5.7CVSS5.8AI score0.00399EPSS
cve
cve
added 2019/11/18 6:15 a.m.360 views

CVE-2019-19062

A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042.

4.7CVSS6.5AI score0.001EPSS
cve
cve
added 2020/05/12 7:15 p.m.360 views

CVE-2020-12826

A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent pro...

5.3CVSS6AI score0.0003EPSS
cve
cve
added 2020/04/15 2:15 p.m.360 views

CVE-2020-2803

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

8.3CVSS8.2AI score0.02714EPSS
cve
cve
added 2010/11/05 5:0 p.m.359 views

CVE-2010-2941

ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.

9.8CVSS9.6AI score0.27685EPSS
cve
cve
added 2019/12/30 5:15 a.m.359 views

CVE-2019-20096

In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b.

5.5CVSS6.5AI score0.00075EPSS
cve
cve
added 2018/02/28 8:29 p.m.358 views

CVE-2018-1304

The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It ...

5.9CVSS6.7AI score0.02075EPSS
cve
cve
added 2019/10/16 6:15 p.m.358 views

CVE-2019-2946

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. S...

6.5CVSS6.1AI score0.00905EPSS
cve
cve
added 2019/09/11 4:15 p.m.356 views

CVE-2019-16234

drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.

4.7CVSS6.1AI score0.00066EPSS
cve
cve
added 2019/10/16 6:15 p.m.356 views

CVE-2019-2911

Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

4CVSS3AI score0.00216EPSS
cve
cve
added 2020/04/15 2:15 p.m.356 views

CVE-2020-2830

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multipl...

5.3CVSS5AI score0.00151EPSS
cve
cve
added 2020/02/21 10:15 p.m.356 views

CVE-2020-9327

In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.

7.5CVSS7.8AI score0.01401EPSS
cve
cve
added 2019/08/01 5:15 p.m.354 views

CVE-2019-14494

An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc.

7.5CVSS7.3AI score0.00507EPSS
cve
cve
added 2020/01/15 7:15 p.m.354 views

CVE-2019-15961

A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in...

7.5CVSS6.7AI score0.01956EPSS
cve
cve
added 2020/07/15 6:15 p.m.354 views

CVE-2020-14697

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Suc...

7.2CVSS6.5AI score0.00922EPSS
cve
cve
added 2020/08/19 1:15 p.m.354 views

CVE-2020-24394

In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.

7.1CVSS6.8AI score0.00022EPSS
cve
cve
added 2020/04/15 2:15 p.m.354 views

CVE-2020-2804

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols t...

5.9CVSS5.5AI score0.00549EPSS
cve
cve
added 2018/07/18 1:29 p.m.353 views

CVE-2018-2952

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated at...

4.3CVSS4AI score0.0005EPSS
cve
cve
added 2019/11/26 5:15 p.m.353 views

CVE-2019-18677

An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be deli...

6.1CVSS7.4AI score0.04138EPSS
cve
cve
added 2019/07/23 11:15 p.m.353 views

CVE-2019-2819

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Audit). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pr...

5.5CVSS5.3AI score0.00529EPSS
cve
cve
added 2020/01/15 5:15 p.m.353 views

CVE-2020-2573

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Suc...

5.9CVSS5.5AI score0.00729EPSS
cve
cve
added 2018/08/01 11:29 p.m.352 views

CVE-2015-9262

_XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow.

9.8CVSS9.2AI score0.02694EPSS
cve
cve
added 2016/02/08 3:59 a.m.352 views

CVE-2016-0728

The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.

7.8CVSS6.5AI score0.5601EPSS
In wild
cve
cve
added 2018/12/03 6:29 a.m.352 views

CVE-2018-19788

A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.

9CVSS6.4AI score0.60013EPSS
cve
cve
added 2019/11/19 10:15 p.m.352 views

CVE-2019-19126

On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR...

3.3CVSS4.8AI score0.00016EPSS
cve
cve
added 2020/01/15 5:15 p.m.352 views

CVE-2020-2577

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Succ...

4.9CVSS4.8AI score0.00376EPSS
cve
cve
added 2018/03/02 3:29 p.m.351 views

CVE-2018-1058

A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected.

8.8CVSS7.6AI score0.82422EPSS
cve
cve
added 2020/01/15 5:15 p.m.351 views

CVE-2020-2584

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL S...

4.4CVSS4.2AI score0.0058EPSS
cve
cve
added 2016/10/10 11:0 a.m.350 views

CVE-2016-7117

Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.

10CVSS9.3AI score0.04788EPSS
cve
cve
added 2020/02/11 1:15 p.m.350 views

CVE-2018-14553

gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).

7.5CVSS7.3AI score0.00737EPSS
cve
cve
added 2019/11/26 5:15 p.m.350 views

CVE-2019-18676

An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy. Severity is high due to this vulnerability occurring before normal security checks; any remote clie...

7.5CVSS8.4AI score0.01297EPSS
cve
cve
added 2020/05/14 9:15 p.m.350 views

CVE-2020-0093

In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Androi...

5CVSS6AI score0.00065EPSS
cve
cve
added 2020/08/05 2:15 p.m.350 views

CVE-2020-14344

An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are s...

6.7CVSS7.2AI score0.00059EPSS
cve
cve
added 2020/07/15 6:15 p.m.350 views

CVE-2020-14539

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to c...

6.5CVSS6.2AI score0.00582EPSS
cve
cve
added 2008/08/06 6:41 p.m.349 views

CVE-2008-2939

Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last direc...

4.3CVSS6.7AI score0.34348EPSS
Web
cve
cve
added 2019/07/24 4:15 a.m.349 views

CVE-2019-14250

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.

5.5CVSS6.4AI score0.00147EPSS
cve
cve
added 2019/07/23 11:15 p.m.349 views

CVE-2019-2786

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

3.4CVSS3.6AI score0.00209EPSS
cve
cve
added 2020/09/09 4:15 p.m.349 views

CVE-2020-25212

A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.

7CVSS7.5AI score0.00032EPSS
cve
cve
added 2020/01/15 5:15 p.m.349 views

CVE-2020-2679

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful att...

4.9CVSS4.9AI score0.00376EPSS
Total number of security vulnerabilities4105