Lucene search

K
CanonicalUbuntu Linux

4105 matches found

CVE
CVE
added 2018/07/19 1:29 p.m.348 views

CVE-2017-7481

Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templat...

9.8CVSS9.3AI score0.03687EPSS
In wild
CVE
CVE
added 2018/01/31 2:29 p.m.348 views

CVE-2018-1000001

In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.

7.8CVSS8.8AI score0.44629EPSS
In wild
CVE
CVE
added 2018/05/16 5:29 p.m.348 views

CVE-2018-11212

An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.

6.5CVSS6.2AI score0.00501EPSS
CVE
CVE
added 2020/02/04 9:15 p.m.348 views

CVE-2019-12528

An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.

7.5CVSS7.6AI score0.08871EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.348 views

CVE-2020-14540

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server....

4.9CVSS4.9AI score0.00448EPSS
CVE
CVE
added 2012/10/17 12:55 a.m.347 views

CVE-2012-3163

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.

9CVSS4.2AI score0.01024EPSS
CVE
CVE
added 2020/04/15 7:15 p.m.347 views

CVE-2019-12521

An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements...

5.9CVSS7.5AI score0.01004EPSS
CVE
CVE
added 2019/04/24 4:29 p.m.347 views

CVE-2019-3882

A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion...

5.5CVSS6.3AI score0.0008EPSS
CVE
CVE
added 2019/03/05 10:29 p.m.347 views

CVE-2019-9213

In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task.

5.5CVSS6.2AI score0.05858EPSS
Web
CVE
CVE
added 2020/04/15 2:15 p.m.347 views

CVE-2020-2800

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network acce...

5.8CVSS4.9AI score0.00397EPSS
CVE
CVE
added 2021/03/23 6:15 p.m.347 views

CVE-2021-3444

The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel me...

7.8CVSS7.5AI score0.00087EPSS
CVE
CVE
added 2018/12/17 7:29 a.m.346 views

CVE-2018-20169

An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.

7.2CVSS6.7AI score0.00128EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.346 views

CVE-2020-14663

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Suc...

7.2CVSS6.5AI score0.00922EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.346 views

CVE-2020-2763

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols t...

4.9CVSS4.8AI score0.00461EPSS
CVE
CVE
added 2020/04/09 10:15 p.m.346 views

CVE-2020-8834

KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability run code in kernel space of a guest VM can cause the host kernel t...

6.5CVSS6.8AI score0.00099EPSS
CVE
CVE
added 2022/05/17 5:15 p.m.346 views

CVE-2022-29581

Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.

7.8CVSS7.8AI score0.00291EPSS
CVE
CVE
added 2019/01/16 7:30 p.m.345 views

CVE-2019-2434

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL ...

6.5CVSS6.1AI score0.0026EPSS
CVE
CVE
added 2019/11/25 5:15 p.m.344 views

CVE-2019-19246

Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.

7.5CVSS8.5AI score0.00267EPSS
CVE
CVE
added 2019/12/24 12:15 a.m.344 views

CVE-2019-19947

In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c.

4.6CVSS5.1AI score0.00112EPSS
CVE
CVE
added 2019/01/16 7:30 p.m.344 views

CVE-2019-2420

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise My...

4.9CVSS4.8AI score0.00147EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.344 views

CVE-2020-14583

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via mul...

8.3CVSS8.2AI score0.00967EPSS
CVE
CVE
added 2020/02/07 9:15 p.m.344 views

CVE-2020-1700

A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pil...

6.8CVSS6.1AI score0.00402EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.343 views

CVE-2019-2973

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple pro...

4.3CVSS4AI score0.00262EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.343 views

CVE-2020-14576

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. ...

6.5CVSS6.2AI score0.00759EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.343 views

CVE-2020-14678

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Suc...

7.2CVSS6.6AI score0.00906EPSS
CVE
CVE
added 2020/01/15 5:15 p.m.343 views

CVE-2020-2654

Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Succ...

4.3CVSS4.5AI score0.00158EPSS
CVE
CVE
added 2019/11/14 7:15 p.m.342 views

CVE-2019-0155

Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A ...

7.8CVSS8.2AI score0.00113EPSS
CVE
CVE
added 2019/04/23 7:32 p.m.342 views

CVE-2019-2697

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of ...

8.1CVSS7.5AI score0.11976EPSS
Web
CVE
CVE
added 2020/07/15 6:15 p.m.342 views

CVE-2020-14559

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple proto...

4.3CVSS3.7AI score0.00423EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.342 views

CVE-2020-2754

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple proto...

4.3CVSS4.2AI score0.00158EPSS
CVE
CVE
added 2020/02/04 8:15 p.m.342 views

CVE-2020-8449

An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.

7.5CVSS7.4AI score0.02024EPSS
CVE
CVE
added 2018/02/09 11:29 p.m.341 views

CVE-2018-1000026

Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass...

7.7CVSS7.3AI score0.00865EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.341 views

CVE-2019-13751

Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

6.5CVSS6.2AI score0.0043EPSS
CVE
CVE
added 2020/02/02 2:15 p.m.341 views

CVE-2019-20446

In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.

6.5CVSS6.3AI score0.00871EPSS
CVE
CVE
added 2020/05/19 2:15 p.m.341 views

CVE-2020-12662

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

7.5CVSS7.5AI score0.07701EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.341 views

CVE-2020-14547

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL S...

4.9CVSS4.9AI score0.00488EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.341 views

CVE-2020-14553

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MyS...

4.3CVSS4.1AI score0.00462EPSS
CVE
CVE
added 2020/01/15 5:15 p.m.341 views

CVE-2020-2588

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

4.9CVSS4.9AI score0.00376EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.341 views

CVE-2020-2757

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via mul...

4.3CVSS4.2AI score0.00219EPSS
CVE
CVE
added 2020/03/02 5:15 a.m.341 views

CVE-2020-6800

Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. In general, these flaws cann...

8.8CVSS9.2AI score0.01008EPSS
CVE
CVE
added 2020/06/19 5:15 p.m.341 views

CVE-2020-8184

A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack

7.5CVSS5.9AI score0.00844EPSS
CVE
CVE
added 2017/03/28 1:59 a.m.340 views

CVE-2017-6964

dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the (1) setuid or (2) setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root. This affects eject through 2.1.5+deb1...

7.8CVSS7.5AI score0.00086EPSS
CVE
CVE
added 2018/08/01 2:29 p.m.340 views

CVE-2018-10916

It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled FTP server, resul...

7.8CVSS6.2AI score0.00755EPSS
CVE
CVE
added 2019/11/18 6:15 a.m.340 views

CVE-2019-19067

Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures, aka CID-57be09c6e874. NOTE: third ...

4.9CVSS6.1AI score0.0009EPSS
CVE
CVE
added 2020/01/29 9:15 p.m.340 views

CVE-2019-20444

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."

9.1CVSS9AI score0.02402EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.340 views

CVE-2019-2914

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromi...

6.5CVSS6.1AI score0.00779EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.340 views

CVE-2019-9278

In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID...

8.8CVSS8.5AI score0.04153EPSS
CVE
CVE
added 2017/12/27 5:8 p.m.339 views

CVE-2017-16995

The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension.

7.8CVSS7.5AI score0.82624EPSS
CVE
CVE
added 2018/09/19 9:29 a.m.339 views

CVE-2018-17182

An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operation...

7.8CVSS6.5AI score0.02818EPSS
CVE
CVE
added 2019/01/16 7:30 p.m.339 views

CVE-2019-2532

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to co...

4.9CVSS4.8AI score0.00142EPSS
Total number of security vulnerabilities4105