Lucene search

K
CanonicalUbuntu Linux

4105 matches found

CVE
CVE
added 2021/03/23 6:15 p.m.362 views

CVE-2021-3444

The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel me...

7.8CVSS7.5AI score0.00087EPSS
CVE
CVE
added 2016/02/08 3:59 a.m.361 views

CVE-2016-0728

The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.

7.8CVSS6.5AI score0.5601EPSS
In wild
CVE
CVE
added 2019/04/24 4:29 p.m.361 views

CVE-2019-3882

A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion...

5.5CVSS6.3AI score0.0008EPSS
CVE
CVE
added 2020/11/23 5:15 p.m.361 views

CVE-2020-0569

Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access.

5.7CVSS5.8AI score0.00399EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.361 views

CVE-2020-14547

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL S...

4.9CVSS4.9AI score0.00448EPSS
CVE
CVE
added 2019/12/30 5:15 a.m.360 views

CVE-2019-20096

In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b.

5.5CVSS6.5AI score0.00075EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.360 views

CVE-2020-14553

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MyS...

4.3CVSS4.1AI score0.00424EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.360 views

CVE-2020-2757

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via mul...

4.3CVSS4.2AI score0.00219EPSS
CVE
CVE
added 2012/10/17 12:55 a.m.359 views

CVE-2012-3163

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.

9CVSS4.2AI score0.01024EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.359 views

CVE-2019-2914

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromi...

6.5CVSS6.1AI score0.00779EPSS
CVE
CVE
added 2020/01/15 5:15 p.m.358 views

CVE-2020-2686

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful atta...

6.5CVSS6.2AI score0.00488EPSS
CVE
CVE
added 2020/03/02 5:15 a.m.358 views

CVE-2020-6800

Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. In general, these flaws cann...

8.8CVSS9.2AI score0.01008EPSS
CVE
CVE
added 2020/02/21 10:15 p.m.358 views

CVE-2020-9327

In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.

7.5CVSS7.8AI score0.01401EPSS
CVE
CVE
added 2022/05/17 5:15 p.m.358 views

CVE-2022-29581

Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.

7.8CVSS7.8AI score0.00291EPSS
CVE
CVE
added 2019/01/16 7:30 p.m.357 views

CVE-2019-2532

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to co...

4.9CVSS4.8AI score0.00142EPSS
CVE
CVE
added 2019/04/23 7:32 p.m.357 views

CVE-2019-2683

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols ...

4.9CVSS4.8AI score0.00157EPSS
CVE
CVE
added 2019/08/01 5:15 p.m.356 views

CVE-2019-14494

An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc.

7.5CVSS7.3AI score0.00507EPSS
CVE
CVE
added 2019/07/23 11:15 p.m.356 views

CVE-2019-2769

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via ...

5.3CVSS4.6AI score0.00168EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.356 views

CVE-2019-2894

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

4.3CVSS3.4AI score0.00284EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.356 views

CVE-2020-2781

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compr...

5.3CVSS5.3AI score0.00174EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.356 views

CVE-2020-2904

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful att...

4.9CVSS4.8AI score0.00448EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.356 views

CVE-2020-2923

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful att...

4.9CVSS4.8AI score0.00448EPSS
CVE
CVE
added 2018/12/03 6:29 a.m.355 views

CVE-2018-19788

A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.

9CVSS6.4AI score0.59342EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.355 views

CVE-2018-3139

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via mu...

3.1CVSS3.9AI score0.00048EPSS
CVE
CVE
added 2019/11/26 5:15 p.m.355 views

CVE-2019-18677

An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be deli...

6.1CVSS7.4AI score0.04138EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.355 views

CVE-2019-2945

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

3.1CVSS3.8AI score0.0022EPSS
CVE
CVE
added 2020/01/15 5:15 p.m.355 views

CVE-2020-2660

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL S...

4.9CVSS4.8AI score0.00376EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.355 views

CVE-2020-2759

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful a...

4.9CVSS4.8AI score0.00448EPSS
CVE
CVE
added 2018/08/01 11:29 p.m.354 views

CVE-2015-9262

_XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow.

9.8CVSS9.2AI score0.02694EPSS
CVE
CVE
added 2016/05/26 4:59 p.m.354 views

CVE-2016-0718

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

9.8CVSS8.7AI score0.01771EPSS
CVE
CVE
added 2020/01/15 7:15 p.m.354 views

CVE-2019-15961

A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in...

7.5CVSS6.7AI score0.01956EPSS
CVE
CVE
added 2019/11/19 10:15 p.m.354 views

CVE-2019-19126

On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR...

3.3CVSS4.8AI score0.00023EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.354 views

CVE-2019-2960

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

4.9CVSS4.8AI score0.00514EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.354 views

CVE-2019-2991

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.017 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful atta...

5.5CVSS5.3AI score0.00523EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.354 views

CVE-2019-3011

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks ...

6.5CVSS6.1AI score0.00905EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.354 views

CVE-2020-14641

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf...

4.9CVSS4.8AI score0.00641EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.354 views

CVE-2020-2898

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Charsets). The supported version that is affected is 8.0.19. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of th...

4.9CVSS4.7AI score0.00097EPSS
CVE
CVE
added 2018/03/02 3:29 p.m.353 views

CVE-2018-1058

A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected.

8.8CVSS7.6AI score0.81976EPSS
CVE
CVE
added 2020/07/30 9:15 p.m.353 views

CVE-2020-16166

The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c.

4.3CVSS5.6AI score0.0128EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.353 views

CVE-2020-2773

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

4.3CVSS4.2AI score0.00525EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.353 views

CVE-2020-2930

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful atta...

4.4CVSS4.3AI score0.00097EPSS
CVE
CVE
added 2021/06/04 2:15 a.m.353 views

CVE-2021-3489

The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee (...

7.8CVSS8.1AI score0.00089EPSS
CVE
CVE
added 2008/08/06 6:41 p.m.352 views

CVE-2008-2939

Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last direc...

4.3CVSS6.7AI score0.68325EPSS
CVE
CVE
added 2017/12/27 5:8 p.m.352 views

CVE-2017-16995

The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension.

7.8CVSS7.5AI score0.81517EPSS
CVE
CVE
added 2019/11/26 5:15 p.m.352 views

CVE-2019-18676

An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy. Severity is high due to this vulnerability occurring before normal security checks; any remote clie...

7.5CVSS8.4AI score0.02073EPSS
CVE
CVE
added 2020/05/14 9:15 p.m.352 views

CVE-2020-0093

In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Androi...

5CVSS6AI score0.00065EPSS
CVE
CVE
added 2020/04/07 2:15 p.m.352 views

CVE-2020-11608

An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka CID-998912346c0d.

4.9CVSS5.5AI score0.0008EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.352 views

CVE-2020-14633

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

4CVSS3.4AI score0.00362EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.352 views

CVE-2020-2924

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful att...

4.9CVSS4.8AI score0.00448EPSS
CVE
CVE
added 2020/02/11 1:15 p.m.351 views

CVE-2018-14553

gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).

7.5CVSS7.3AI score0.00737EPSS
Total number of security vulnerabilities4105