Lucene search

K
CanonicalUbuntu Linux

4105 matches found

CVE
CVE
added 2019/04/23 7:32 p.m.339 views

CVE-2019-2683

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols ...

4.9CVSS4.8AI score0.00157EPSS
CVE
CVE
added 2020/08/11 4:15 p.m.339 views

CVE-2020-16092

In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_r...

3.8CVSS5AI score0.00047EPSS
CVE
CVE
added 2020/07/30 9:15 p.m.339 views

CVE-2020-16166

The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c.

4.3CVSS5.6AI score0.0128EPSS
CVE
CVE
added 2009/06/08 1:0 a.m.338 views

CVE-2009-1955

The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number ...

7.5CVSS6.9AI score0.03518EPSS
Web
CVE
CVE
added 2020/04/07 2:15 p.m.338 views

CVE-2020-11608

An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka CID-998912346c0d.

4.9CVSS5.5AI score0.00044EPSS
CVE
CVE
added 2020/01/15 5:15 p.m.338 views

CVE-2020-2686

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful atta...

6.5CVSS6.2AI score0.00488EPSS
CVE
CVE
added 2021/06/04 2:15 a.m.338 views

CVE-2021-3489

The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee (...

7.8CVSS8.1AI score0.00089EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.337 views

CVE-2020-2904

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful att...

4.9CVSS4.8AI score0.00448EPSS
CVE
CVE
added 2020/02/05 6:15 p.m.337 views

CVE-2020-3123

A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users t...

7.5CVSS7.2AI score0.04894EPSS
CVE
CVE
added 2016/05/26 4:59 p.m.336 views

CVE-2016-0718

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

9.8CVSS8.7AI score0.01771EPSS
CVE
CVE
added 2019/09/26 4:15 p.m.336 views

CVE-2019-16869

Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.

7.5CVSS7.4AI score0.01901EPSS
CVE
CVE
added 2019/07/23 11:15 p.m.336 views

CVE-2019-2769

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via ...

5.3CVSS4.6AI score0.00168EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.336 views

CVE-2019-2894

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

4.3CVSS3.4AI score0.00284EPSS
CVE
CVE
added 2020/01/15 5:15 p.m.336 views

CVE-2020-2660

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL S...

4.9CVSS4.8AI score0.00376EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.336 views

CVE-2020-2781

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compr...

5.3CVSS5.3AI score0.00174EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.336 views

CVE-2020-2923

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful att...

4.9CVSS4.8AI score0.00448EPSS
CVE
CVE
added 2018/09/23 9:29 p.m.335 views

CVE-2018-17407

An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex.

7.8CVSS7.8AI score0.01357EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.335 views

CVE-2018-3139

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via mu...

3.1CVSS3.9AI score0.00058EPSS
CVE
CVE
added 2019/08/16 2:15 a.m.335 views

CVE-2019-15099

drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.

7.8CVSS7.8AI score0.01396EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.335 views

CVE-2019-2945

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

3.1CVSS3.8AI score0.0022EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.335 views

CVE-2019-2960

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

4.9CVSS4.8AI score0.00514EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.335 views

CVE-2019-2991

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.017 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful atta...

5.5CVSS5.3AI score0.00523EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.335 views

CVE-2020-14641

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf...

4.9CVSS4.8AI score0.00641EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.335 views

CVE-2020-2759

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful a...

4.9CVSS4.8AI score0.00461EPSS
CVE
CVE
added 2014/07/29 2:55 p.m.334 views

CVE-2014-5031

The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors.

5CVSS7.1AI score0.01618EPSS
CVE
CVE
added 2017/10/17 2:29 a.m.334 views

CVE-2017-13077

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

6.8CVSS7.3AI score0.01057EPSS
CVE
CVE
added 2018/12/04 4:29 p.m.334 views

CVE-2018-19854

An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CV...

4.7CVSS5.2AI score0.00091EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.334 views

CVE-2019-3011

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks ...

6.5CVSS6.1AI score0.00905EPSS
CVE
CVE
added 2018/07/17 5:29 p.m.333 views

CVE-2018-14355

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles ".." directory traversal in a mailbox name.

5.3CVSS6.9AI score0.00602EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.333 views

CVE-2019-13750

Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page.

6.5CVSS6.3AI score0.00159EPSS
CVE
CVE
added 2019/11/26 5:15 p.m.333 views

CVE-2019-18678

An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches (between a client and Squid) with attacker-controlle...

5.3CVSS6.8AI score0.02338EPSS
CVE
CVE
added 2019/08/16 4:15 p.m.333 views

CVE-2019-5477

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizer#load_file is being called with unsafe user input as the filename. This vu...

9.8CVSS9.4AI score0.01307EPSS
CVE
CVE
added 2019/02/08 11:29 a.m.333 views

CVE-2019-7638

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.

8.8CVSS8.7AI score0.0338EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.333 views

CVE-2020-14633

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

4CVSS3.4AI score0.00362EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.333 views

CVE-2020-2773

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

4.3CVSS4.2AI score0.00525EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.333 views

CVE-2020-2898

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Charsets). The supported version that is affected is 8.0.19. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of th...

4.9CVSS4.7AI score0.00097EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.333 views

CVE-2020-2924

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful att...

4.9CVSS4.8AI score0.00461EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.333 views

CVE-2020-2930

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful atta...

4.4CVSS4.3AI score0.00097EPSS
CVE
CVE
added 2019/07/05 1:15 a.m.332 views

CVE-2019-13297

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled.

8.8CVSS8.5AI score0.00355EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.332 views

CVE-2020-2896

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe...

4.9CVSS4.8AI score0.00448EPSS
CVE
CVE
added 2022/08/29 3:15 p.m.332 views

CVE-2022-1184

A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.

5.5CVSS6.2AI score0.00021EPSS
CVE
CVE
added 2018/06/26 2:29 p.m.331 views

CVE-2018-1000204

Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fixed upstream in https://github.com/torvalds/linux/commit/a45b599a...

6.3CVSS6AI score0.00114EPSS
Web
CVE
CVE
added 2019/08/19 10:15 p.m.331 views

CVE-2019-15214

An issue was discovered in the Linux kernel before 5.0.10. There is a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. This is related to sound/core/init.c and sound/core/info.c.

6.9CVSS7.1AI score0.00102EPSS
CVE
CVE
added 2019/11/07 6:15 a.m.331 views

CVE-2019-18804

DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp.

7.5CVSS7.2AI score0.02507EPSS
CVE
CVE
added 2019/11/07 4:15 p.m.331 views

CVE-2019-18809

A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-2289adbfa559.

4.9CVSS6AI score0.00091EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.331 views

CVE-2019-2967

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful atta...

6.5CVSS6.1AI score0.00905EPSS
CVE
CVE
added 2019/03/25 7:29 p.m.331 views

CVE-2019-3874

The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable.

6.5CVSS6.7AI score0.00047EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.331 views

CVE-2020-14568

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

4.9CVSS4.9AI score0.00568EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.331 views

CVE-2020-14593

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple pro...

7.4CVSS7.1AI score0.00286EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.331 views

CVE-2020-14643

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf...

5.5CVSS5.4AI score0.00383EPSS
Total number of security vulnerabilities4105