Lucene search

K
CanonicalUbuntu Linux

4105 matches found

CVE
CVE
added 2020/07/15 6:15 p.m.374 views

CVE-2020-14697

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Suc...

7.2CVSS6.5AI score0.00922EPSS
CVE
CVE
added 2018/06/13 11:29 p.m.373 views

CVE-2018-0495

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP....

4.7CVSS5.5AI score0.00313EPSS
CVE
CVE
added 2018/03/27 9:29 p.m.373 views

CVE-2018-0739

Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so...

6.5CVSS6.5AI score0.13832EPSS
CVE
CVE
added 2020/01/15 5:15 p.m.373 views

CVE-2020-2573

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Suc...

5.9CVSS5.5AI score0.00729EPSS
CVE
CVE
added 2020/01/15 5:15 p.m.373 views

CVE-2020-2577

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Succ...

4.9CVSS4.8AI score0.00376EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.373 views

CVE-2020-2804

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols t...

5.9CVSS5.5AI score0.00549EPSS
CVE
CVE
added 2008/01/10 11:46 p.m.372 views

CVE-2008-0226

Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.

7.5CVSS7.5AI score0.90142EPSS
CVE
CVE
added 2019/07/23 11:15 p.m.372 views

CVE-2019-2819

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Audit). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pr...

5.5CVSS5.3AI score0.00529EPSS
CVE
CVE
added 2020/08/19 1:15 p.m.371 views

CVE-2020-24394

In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.

7.1CVSS6.8AI score0.00022EPSS
CVE
CVE
added 2015/03/16 10:59 a.m.370 views

CVE-2015-1421

Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper ...

10CVSS5.9AI score0.25935EPSS
CVE
CVE
added 2018/10/26 2:29 p.m.370 views

CVE-2018-15688

A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.

8.8CVSS9AI score0.00829EPSS
CVE
CVE
added 2019/09/11 4:15 p.m.370 views

CVE-2019-16234

drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.

4.7CVSS6.1AI score0.00058EPSS
CVE
CVE
added 2020/01/29 9:15 p.m.370 views

CVE-2019-20445

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.

9.1CVSS8.9AI score0.00399EPSS
CVE
CVE
added 2019/07/23 11:15 p.m.370 views

CVE-2019-2786

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

3.4CVSS3.6AI score0.00209EPSS
CVE
CVE
added 2019/03/06 3:29 p.m.370 views

CVE-2019-3824

A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the LDAP server, could use this flaw to cause denial of service.

6.5CVSS5.5AI score0.08815EPSS
CVE
CVE
added 2020/01/15 5:15 p.m.370 views

CVE-2020-2584

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL S...

4.4CVSS4.2AI score0.0058EPSS
CVE
CVE
added 2020/02/24 3:15 p.m.370 views

CVE-2020-8130

There is an OS command injection vulnerability in Ruby Rake

6.9CVSS6.6AI score0.00109EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.369 views

CVE-2020-14539

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to c...

6.5CVSS6.2AI score0.00582EPSS
CVE
CVE
added 2020/01/15 5:15 p.m.369 views

CVE-2020-2679

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful att...

4.9CVSS4.9AI score0.00376EPSS
CVE
CVE
added 2017/10/17 1:29 p.m.368 views

CVE-2017-13079

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.

5.3CVSS6.6AI score0.00387EPSS
CVE
CVE
added 2017/10/17 1:29 p.m.368 views

CVE-2017-13081

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.

5.3CVSS6.7AI score0.00346EPSS
CVE
CVE
added 2017/11/20 3:29 p.m.368 views

CVE-2017-16544

In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code executi...

8.8CVSS8.4AI score0.01307EPSS
CVE
CVE
added 2018/05/16 5:29 p.m.368 views

CVE-2018-11212

An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.

6.5CVSS6.2AI score0.00501EPSS
CVE
CVE
added 2018/08/08 7:29 p.m.367 views

CVE-2018-14526

An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive informa...

6.5CVSS5.7AI score0.0079EPSS
CVE
CVE
added 2020/05/22 6:15 p.m.367 views

CVE-2020-13398

An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c.

8.3CVSS8AI score0.00463EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.367 views

CVE-2020-14540

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server....

4.9CVSS4.9AI score0.00448EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.367 views

CVE-2020-2800

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network acce...

5.8CVSS4.9AI score0.00397EPSS
CVE
CVE
added 2016/10/10 11:0 a.m.366 views

CVE-2016-7117

Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.

10CVSS9.3AI score0.04788EPSS
CVE
CVE
added 2020/07/06 7:15 p.m.366 views

CVE-2020-10760

A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba.

6.5CVSS6.6AI score0.03585EPSS
CVE
CVE
added 2018/05/23 1:29 p.m.365 views

CVE-2018-1126

procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.

9.8CVSS7.7AI score0.00432EPSS
Web
CVE
CVE
added 2019/07/19 5:15 p.m.365 views

CVE-2019-1010238

Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when a...

9.8CVSS9.7AI score0.05393EPSS
CVE
CVE
added 2019/11/18 6:15 a.m.365 views

CVE-2019-19062

A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042.

4.7CVSS6.5AI score0.001EPSS
CVE
CVE
added 2019/08/15 10:15 p.m.365 views

CVE-2019-9850

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on variou...

9.8CVSS9.2AI score0.85073EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.365 views

CVE-2020-14663

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Suc...

7.2CVSS6.5AI score0.00922EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.365 views

CVE-2020-2763

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols t...

4.9CVSS4.8AI score0.00448EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.364 views

CVE-2020-14583

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via mul...

8.3CVSS8.2AI score0.00941EPSS
CVE
CVE
added 2020/02/07 9:15 p.m.364 views

CVE-2020-1700

A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pil...

6.8CVSS6.1AI score0.00437EPSS
CVE
CVE
added 2020/09/09 4:15 p.m.364 views

CVE-2020-25212

A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.

7CVSS7.5AI score0.00032EPSS
CVE
CVE
added 2019/01/16 7:30 p.m.363 views

CVE-2019-2420

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise My...

4.9CVSS4.8AI score0.00147EPSS
CVE
CVE
added 2019/01/16 7:30 p.m.363 views

CVE-2019-2434

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL ...

6.5CVSS6.1AI score0.0026EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.363 views

CVE-2019-2973

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple pro...

4.3CVSS4AI score0.00262EPSS
CVE
CVE
added 2020/01/15 5:15 p.m.363 views

CVE-2020-2654

Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Succ...

4.3CVSS4.5AI score0.00158EPSS
CVE
CVE
added 2010/11/05 5:0 p.m.362 views

CVE-2010-2941

ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.

9.8CVSS9.6AI score0.27685EPSS
CVE
CVE
added 2018/02/28 8:29 p.m.362 views

CVE-2018-1304

The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It ...

5.9CVSS6.7AI score0.02075EPSS
CVE
CVE
added 2019/04/23 7:32 p.m.362 views

CVE-2019-2697

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of ...

8.1CVSS7.5AI score0.11976EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.362 views

CVE-2020-14559

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple proto...

4.3CVSS3.7AI score0.00423EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.362 views

CVE-2020-14576

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. ...

6.5CVSS6.2AI score0.00759EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.362 views

CVE-2020-14678

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Suc...

7.2CVSS6.6AI score0.00906EPSS
CVE
CVE
added 2020/01/15 5:15 p.m.362 views

CVE-2020-2588

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

4.9CVSS4.9AI score0.00376EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.362 views

CVE-2020-2754

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple proto...

4.3CVSS4.2AI score0.00125EPSS
Total number of security vulnerabilities4105