Lucene search

K
CanonicalUbuntu Linux

691 matches found

CVE
CVE
added 2019/11/13 6:15 p.m.180 views

CVE-2019-2201

In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation.Produc...

9.3CVSS7.9AI score0.01526EPSS
CVE
CVE
added 2019/11/11 4:15 a.m.179 views

CVE-2019-18849

In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup.

5.5CVSS5.5AI score0.00769EPSS
CVE
CVE
added 2019/01/11 6:29 p.m.178 views

CVE-2018-4180

In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions.

7.8CVSS4.8AI score0.00144EPSS
CVE
CVE
added 2019/12/05 2:15 p.m.178 views

CVE-2019-19602

fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is used, allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact because of incorrect fpu_fpregs_owner_ctx caching, as demonst...

6.1CVSS6.7AI score0.00038EPSS
CVE
CVE
added 2019/01/11 6:29 p.m.177 views

CVE-2018-4181

In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions.

5.5CVSS4.8AI score0.00117EPSS
CVE
CVE
added 2019/04/08 7:29 p.m.177 views

CVE-2019-11008

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.

8.8CVSS7.7AI score0.01774EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.174 views

CVE-2018-12390

Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Fir...

9.8CVSS8.3AI score0.06392EPSS
CVE
CVE
added 2019/11/28 12:15 a.m.174 views

CVE-2019-19318

In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer,

4.4CVSS6AI score0.0036EPSS
CVE
CVE
added 2019/05/23 12:29 p.m.173 views

CVE-2019-12295

In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion.

7.5CVSS7.2AI score0.01969EPSS
CVE
CVE
added 2019/04/19 12:29 a.m.172 views

CVE-2019-11338

libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data.

8.8CVSS8.9AI score0.01319EPSS
CVE
CVE
added 2019/10/10 5:15 p.m.172 views

CVE-2019-17451

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.

6.5CVSS6.7AI score0.00622EPSS
CVE
CVE
added 2019/11/18 6:15 a.m.172 views

CVE-2019-19055

A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering nl80211hdr_put() failures, aka CID-1399c59fa929. NOTE: third parties dispute the relevance of...

5.5CVSS6.5AI score0.00097EPSS
CVE
CVE
added 2019/03/05 4:29 p.m.172 views

CVE-2019-6215

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.1AI score0.4241EPSS
CVE
CVE
added 2019/07/30 1:15 p.m.170 views

CVE-2019-14444

apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf.

5.5CVSS6.2AI score0.00113EPSS
CVE
CVE
added 2019/01/29 4:29 p.m.169 views

CVE-2018-16880

A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of...

7CVSS7.5AI score0.00075EPSS
CVE
CVE
added 2019/11/21 2:15 a.m.169 views

CVE-2019-19039

__btrfs_free_extent in fs/btrfs/extent-tree.c in the Linux kernel through 5.3.12 calls btrfs_print_leaf in a certain ENOENT case, which allows local users to obtain potentially sensitive information about register values via the dmesg program. NOTE: The BTRFS development team disputes this issues a...

5.5CVSS5.6AI score0.00487EPSS
CVE
CVE
added 2019/02/05 12:29 a.m.169 views

CVE-2019-7395

In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c.

7.5CVSS7.2AI score0.02797EPSS
CVE
CVE
added 2019/04/23 2:29 p.m.168 views

CVE-2019-11474

coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009.

6.5CVSS6.9AI score0.0198EPSS
CVE
CVE
added 2019/04/18 6:29 p.m.167 views

CVE-2018-16878

A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS

6.2CVSS6.1AI score0.00031EPSS
CVE
CVE
added 2019/11/18 6:15 a.m.167 views

CVE-2019-19047

A memory leak in the mlx5_fw_fatal_reporter_dump() function in drivers/net/ethernet/mellanox/mlx5/core/health.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mlx5_crdump_collect() failures, aka CID-c7ed6d0183d5.

5.5CVSS6.3AI score0.00081EPSS
CVE
CVE
added 2019/12/17 6:15 a.m.167 views

CVE-2019-19813

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_m...

7.1CVSS5.7AI score0.01528EPSS
CVE
CVE
added 2019/03/05 4:29 p.m.167 views

CVE-2019-6212

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.5AI score0.00544EPSS
CVE
CVE
added 2019/05/20 5:29 p.m.166 views

CVE-2019-12221

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c.

6.5CVSS7.1AI score0.01662EPSS
CVE
CVE
added 2019/04/26 9:29 p.m.166 views

CVE-2019-3844

It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will ...

7.8CVSS7.4AI score0.00175EPSS
CVE
CVE
added 2019/01/31 9:29 a.m.165 views

CVE-2017-18360

In change_port_settings in drivers/usb/serial/io_ti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates.

5.5CVSS5.5AI score0.00082EPSS
CVE
CVE
added 2019/01/16 8:29 p.m.165 views

CVE-2018-5738

Change #4777 (introduced in October 2017) introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. The intended (and documented) behavior is that if an operator has not specified a value for t...

7.5CVSS6.2AI score0.01793EPSS
CVE
CVE
added 2019/12/01 10:15 p.m.164 views

CVE-2019-18609

An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target_size value than ne...

9.8CVSS9.4AI score0.02256EPSS
CVE
CVE
added 2019/02/05 12:29 a.m.164 views

CVE-2019-7396

In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c.

7.5CVSS7.2AI score0.02797EPSS
CVE
CVE
added 2019/02/05 5:29 p.m.162 views

CVE-2018-11803

Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation.

7.5CVSS7.3AI score0.04578EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.162 views

CVE-2018-12389

Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 6...

8.8CVSS8.4AI score0.01167EPSS
CVE
CVE
added 2019/08/18 7:15 p.m.162 views

CVE-2019-15144

In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM image file that is mishandled in libdjvu/GContainer.h.

5.5CVSS5.3AI score0.00034EPSS
CVE
CVE
added 2019/02/03 3:29 a.m.161 views

CVE-2019-7310

In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocair...

7.8CVSS8AI score0.00267EPSS
CVE
CVE
added 2019/02/27 2:29 p.m.161 views

CVE-2019-9210

In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. (There is also a heap-based buffer over-read.)

7.8CVSS7.6AI score0.00346EPSS
CVE
CVE
added 2019/01/11 6:29 p.m.159 views

CVE-2018-4278

In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.

4.3CVSS5.5AI score0.00328EPSS
CVE
CVE
added 2019/08/18 7:15 p.m.159 views

CVE-2019-15142

In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read) by crafting a DJVU file.

5.5CVSS5.4AI score0.00108EPSS
CVE
CVE
added 2019/02/06 8:29 p.m.159 views

CVE-2019-3825

A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session.

6.9CVSS5.4AI score0.00075EPSS
CVE
CVE
added 2019/06/03 8:29 p.m.158 views

CVE-2019-11356

The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name.

9.8CVSS9.4AI score0.25844EPSS
CVE
CVE
added 2019/09/17 12:15 p.m.158 views

CVE-2019-16239

process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes.

9.8CVSS9.2AI score0.05621EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.158 views

CVE-2019-9325

In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112001302

6.5CVSS6.6AI score0.03149EPSS
CVE
CVE
added 2019/08/07 10:15 p.m.157 views

CVE-2019-14763

In the Linux kernel before 4.16.4, a double-locking error in drivers/usb/dwc3/gadget.c may potentially cause a deadlock with f_hid.

5.5CVSS6.6AI score0.0007EPSS
CVE
CVE
added 2019/08/18 7:15 p.m.157 views

CVE-2019-15145

DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::get_direct_context in libdjvu/JB2Image.h because of a missing zero-bytes check in libdjvu/GBitmap.h.

5.5CVSS5.4AI score0.00136EPSS
CVE
CVE
added 2019/01/01 4:29 p.m.156 views

CVE-2018-20650

A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.

6.5CVSS6.5AI score0.00561EPSS
CVE
CVE
added 2019/02/24 1:29 p.m.156 views

CVE-2019-8375

The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecifi...

9.8CVSS9.3AI score0.17508EPSS
CVE
CVE
added 2019/01/30 6:29 p.m.154 views

CVE-2018-20749

LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.

9.8CVSS9.5AI score0.1561EPSS
CVE
CVE
added 2019/06/30 11:15 p.m.154 views

CVE-2019-13112

A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to an std::bad_alloc exception) via a crafted PNG image file.

6.5CVSS6AI score0.00205EPSS
CVE
CVE
added 2019/11/18 6:15 a.m.153 views

CVE-2019-19048

A memory leak in the crypto_reportstat() function in drivers/virt/vboxguest/vboxguest_utils.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering copy_form_user() failures, aka CID-e0b0cb938864.

7.8CVSS7.6AI score0.00734EPSS
CVE
CVE
added 2019/04/18 6:29 p.m.152 views

CVE-2018-16877

A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.

8.8CVSS7.4AI score0.00056EPSS
CVE
CVE
added 2019/01/30 6:29 p.m.152 views

CVE-2018-20748

LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete.

9.8CVSS9.8AI score0.17311EPSS
CVE
CVE
added 2019/01/30 6:29 p.m.152 views

CVE-2018-20750

LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.

9.8CVSS9.5AI score0.1561EPSS
CVE
CVE
added 2019/11/18 6:15 a.m.152 views

CVE-2019-19071

A memory leak in the rsi_send_beacon() function in drivers/net/wireless/rsi/rsi_91x_mgmt.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering rsi_prepare_beacon() failures, aka CID-d563131ef23c.

7.8CVSS7.5AI score0.0095EPSS
Total number of security vulnerabilities691