Lucene search

K
CanonicalUbuntu Linux

4105 matches found

CVE
CVE
added 2019/11/25 5:15 p.m.351 views

CVE-2019-19246

Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.

7.5CVSS8.5AI score0.00267EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.351 views

CVE-2019-2967

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful atta...

6.5CVSS6.1AI score0.00905EPSS
CVE
CVE
added 2020/08/05 2:15 p.m.351 views

CVE-2020-14344

An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are s...

6.7CVSS7.2AI score0.00059EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.351 views

CVE-2020-14568

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

4.9CVSS4.9AI score0.00568EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.351 views

CVE-2020-14593

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple pro...

7.4CVSS7.1AI score0.00278EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.351 views

CVE-2020-14643

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf...

5.5CVSS5.4AI score0.00383EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.351 views

CVE-2020-2896

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe...

4.9CVSS4.8AI score0.00448EPSS
CVE
CVE
added 2018/07/19 1:29 p.m.350 views

CVE-2017-7481

Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templat...

9.8CVSS9.3AI score0.03687EPSS
In wild
CVE
CVE
added 2020/02/04 9:15 p.m.350 views

CVE-2019-12528

An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.

7.5CVSS7.6AI score0.08871EPSS
CVE
CVE
added 2019/07/24 4:15 a.m.350 views

CVE-2019-14250

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.

5.5CVSS6.4AI score0.00147EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.350 views

CVE-2019-2957

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Suc...

4.9CVSS4.8AI score0.00442EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.350 views

CVE-2019-3018

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of t...

4.4CVSS4.4AI score0.00534EPSS
CVE
CVE
added 2020/01/15 5:15 p.m.350 views

CVE-2020-2627

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks...

6.5CVSS6.2AI score0.00183EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.350 views

CVE-2020-2755

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple proto...

4.3CVSS4.2AI score0.0012EPSS
CVE
CVE
added 2018/01/31 2:29 p.m.349 views

CVE-2018-1000001

In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.

7.8CVSS8.8AI score0.44629EPSS
In wild
CVE
CVE
added 2018/12/17 7:29 a.m.349 views

CVE-2018-20169

An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.

7.2CVSS6.7AI score0.00128EPSS
CVE
CVE
added 2020/10/21 3:15 p.m.349 views

CVE-2020-14837

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful att...

6.8CVSS5AI score0.00201EPSS
CVE
CVE
added 2020/01/15 5:15 p.m.349 views

CVE-2020-2583

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

4.3CVSS4.3AI score0.00287EPSS
CVE
CVE
added 2019/11/14 7:15 p.m.348 views

CVE-2019-0155

Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A ...

7.8CVSS8.2AI score0.00125EPSS
CVE
CVE
added 2020/04/15 7:15 p.m.348 views

CVE-2019-12521

An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements...

5.9CVSS7.5AI score0.01004EPSS
CVE
CVE
added 2019/08/16 2:15 a.m.348 views

CVE-2019-15099

drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.

7.8CVSS7.8AI score0.01396EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.348 views

CVE-2019-2993

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Serv...

5.3CVSS5.2AI score0.00905EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.348 views

CVE-2019-3004

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks...

6.5CVSS6.1AI score0.00905EPSS
CVE
CVE
added 2019/03/05 10:29 p.m.348 views

CVE-2019-9213

In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task.

5.5CVSS6.2AI score0.05251EPSS
CVE
CVE
added 2020/01/15 5:15 p.m.348 views

CVE-2020-2590

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerb...

4.3CVSS4.4AI score0.00286EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.348 views

CVE-2020-2756

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via mul...

4.3CVSS4.2AI score0.00219EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.348 views

CVE-2020-2897

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful att...

4.9CVSS4.8AI score0.00448EPSS
CVE
CVE
added 2020/04/09 10:15 p.m.348 views

CVE-2020-8834

KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability run code in kernel space of a guest VM can cause the host kernel t...

6.5CVSS6.8AI score0.00099EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.347 views

CVE-2018-5146

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird

8.8CVSS7AI score0.26243EPSS
CVE
CVE
added 2021/03/20 10:15 p.m.347 views

CVE-2020-27170

An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affe...

4.7CVSS6AI score0.00147EPSS
CVE
CVE
added 2020/01/29 9:15 p.m.346 views

CVE-2019-20444

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."

9.1CVSS9AI score0.02216EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.346 views

CVE-2019-2963

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

4.9CVSS4.8AI score0.00514EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.346 views

CVE-2020-14586

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Suc...

4.9CVSS4.9AI score0.00562EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.346 views

CVE-2020-14634

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

4CVSS3AI score0.005EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.346 views

CVE-2020-14651

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf...

5.5CVSS5.4AI score0.00383EPSS
CVE
CVE
added 2019/12/24 12:15 a.m.345 views

CVE-2019-19947

In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c.

4.6CVSS5.1AI score0.00112EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.345 views

CVE-2019-2997

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

4.9CVSS4.8AI score0.00358EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.345 views

CVE-2019-3009

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection). Supported versions that are affected are 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful ...

4.4CVSS4.4AI score0.00514EPSS
CVE
CVE
added 2020/05/19 2:15 p.m.345 views

CVE-2020-12662

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

7.5CVSS7.5AI score0.07701EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.345 views

CVE-2020-14620

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

4.9CVSS4.9AI score0.00415EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.345 views

CVE-2020-14624

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks ...

4.9CVSS4.9AI score0.00415EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.345 views

CVE-2020-14702

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Suc...

4.9CVSS4.9AI score0.00415EPSS
CVE
CVE
added 2020/01/15 5:15 p.m.345 views

CVE-2020-2570

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Suc...

5.9CVSS5.5AI score0.00471EPSS
CVE
CVE
added 2020/06/19 5:15 p.m.345 views

CVE-2020-8184

A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack

7.5CVSS5.9AI score0.00815EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.344 views

CVE-2018-3155

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL ...

7.7CVSS6.1AI score0.00342EPSS
CVE
CVE
added 2019/09/26 4:15 p.m.344 views

CVE-2019-16869

Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.

7.5CVSS7.4AI score0.01901EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.344 views

CVE-2020-14680

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful atta...

6.5CVSS6.2AI score0.00539EPSS
CVE
CVE
added 2020/01/15 5:15 p.m.344 views

CVE-2020-2604

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

8.1CVSS7.7AI score0.01549EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.344 views

CVE-2020-2762

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

4.9CVSS4.8AI score0.00097EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.344 views

CVE-2020-2805

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

8.3CVSS8.2AI score0.011EPSS
Total number of security vulnerabilities4105