Lucene search

K
CanonicalUbuntu Linux

4105 matches found

CVE
CVE
added 2020/04/15 2:15 p.m.344 views

CVE-2020-2903

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Succ...

4.9CVSS4.8AI score0.00448EPSS
CVE
CVE
added 2020/02/04 8:15 p.m.344 views

CVE-2020-8449

An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.

7.5CVSS7.4AI score0.01652EPSS
CVE
CVE
added 2009/06/08 1:0 a.m.343 views

CVE-2009-1955

The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number ...

7.5CVSS6.9AI score0.03518EPSS
CVE
CVE
added 2017/10/17 1:29 p.m.343 views

CVE-2017-13080

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.

5.3CVSS6.9AI score0.01473EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.343 views

CVE-2019-13751

Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

6.5CVSS6.2AI score0.01311EPSS
CVE
CVE
added 2019/11/18 6:15 a.m.343 views

CVE-2019-19067

Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures, aka CID-57be09c6e874. NOTE: third ...

4.9CVSS6.1AI score0.0009EPSS
CVE
CVE
added 2020/02/02 2:15 p.m.343 views

CVE-2019-20446

In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.

6.5CVSS6.3AI score0.00871EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.343 views

CVE-2020-14614

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful att...

4.9CVSS4.9AI score0.00568EPSS
CVE
CVE
added 2020/08/11 4:15 p.m.343 views

CVE-2020-16092

In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_r...

3.8CVSS5AI score0.00047EPSS
CVE
CVE
added 2018/02/09 11:29 p.m.342 views

CVE-2018-1000026

Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass...

7.7CVSS7.3AI score0.00865EPSS
CVE
CVE
added 2019/03/21 4:1 p.m.342 views

CVE-2019-7222

The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.

5.5CVSS6.4AI score0.00044EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.342 views

CVE-2019-9278

In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID...

8.8CVSS8.5AI score0.04153EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.342 views

CVE-2020-14632

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac...

4.9CVSS4.9AI score0.00415EPSS
CVE
CVE
added 2018/08/01 2:29 p.m.341 views

CVE-2018-10916

It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled FTP server, resul...

7.8CVSS6.2AI score0.00755EPSS
CVE
CVE
added 2018/09/19 9:29 a.m.341 views

CVE-2018-17182

An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operation...

7.8CVSS6.5AI score0.03179EPSS
CVE
CVE
added 2019/02/05 9:29 p.m.341 views

CVE-2018-18506

When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is ...

5.9CVSS6.9AI score0.01285EPSS
CVE
CVE
added 2019/04/23 7:32 p.m.341 views

CVE-2019-2581

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise My...

4.9CVSS4.8AI score0.002EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.341 views

CVE-2019-2968

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

4.9CVSS4.8AI score0.00514EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.341 views

CVE-2019-2982

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful att...

4.9CVSS4.8AI score0.00514EPSS
CVE
CVE
added 2020/07/15 10:15 p.m.341 views

CVE-2020-15780

An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30.

7.2CVSS6.6AI score0.00776EPSS
CVE
CVE
added 2022/08/29 3:15 p.m.341 views

CVE-2022-1184

A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.

5.5CVSS6.2AI score0.00029EPSS
CVE
CVE
added 2017/03/28 1:59 a.m.340 views

CVE-2017-6964

dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the (1) setuid or (2) setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root. This affects eject through 2.1.5+deb1...

7.8CVSS7.5AI score0.00086EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.340 views

CVE-2020-14631

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Audit). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf...

4.9CVSS4.9AI score0.00415EPSS
CVE
CVE
added 2020/01/15 5:15 p.m.340 views

CVE-2020-2694

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.18 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Succ...

3.5CVSS3.1AI score0.00592EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.340 views

CVE-2020-2895

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

4.9CVSS4.8AI score0.00448EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.339 views

CVE-2018-3169

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple pro...

8.3CVSS8.6AI score0.00163EPSS
CVE
CVE
added 2019/07/23 11:15 p.m.339 views

CVE-2019-2774

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise My...

4.9CVSS4.8AI score0.00754EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.339 views

CVE-2020-14579

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols ...

4.3CVSS4.3AI score0.0011EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.339 views

CVE-2020-14654

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful att...

4.9CVSS4.9AI score0.00415EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.339 views

CVE-2020-2925

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of...

4.9CVSS4.8AI score0.00448EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.338 views

CVE-2019-2978

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

4.3CVSS4AI score0.00187EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.338 views

CVE-2019-2998

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful att...

4.9CVSS4.8AI score0.00514EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.338 views

CVE-2020-14597

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful att...

4.9CVSS4.9AI score0.00562EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.338 views

CVE-2020-14623

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

4.9CVSS4.9AI score0.00415EPSS
CVE
CVE
added 2015/11/18 4:59 p.m.337 views

CVE-2015-8035

The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.

2.6CVSS6.6AI score0.01051EPSS
CVE
CVE
added 2017/10/17 2:29 a.m.337 views

CVE-2017-13077

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

6.8CVSS7.3AI score0.01057EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.337 views

CVE-2018-3149

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with...

8.3CVSS8.6AI score0.00087EPSS
Web
CVE
CVE
added 2020/03/06 8:15 p.m.337 views

CVE-2019-20503

usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.

6.5CVSS8.1AI score0.01335EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.337 views

CVE-2019-2966

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful atta...

6.5CVSS6.1AI score0.0063EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.337 views

CVE-2020-2893

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

4.9CVSS4.8AI score0.00448EPSS
CVE
CVE
added 2020/02/05 6:15 p.m.337 views

CVE-2020-3123

A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users t...

7.5CVSS7.2AI score0.04894EPSS
CVE
CVE
added 2018/12/04 4:29 p.m.336 views

CVE-2018-19854

An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CV...

4.7CVSS5.2AI score0.00089EPSS
CVE
CVE
added 2019/09/27 6:15 p.m.336 views

CVE-2019-11740

Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerabilit...

8.8CVSS9.4AI score0.00861EPSS
CVE
CVE
added 2019/08/16 2:15 a.m.336 views

CVE-2019-15098

drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.

4.9CVSS6.2AI score0.00166EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.336 views

CVE-2019-2969

Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Ser...

6.2CVSS5.8AI score0.00893EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.336 views

CVE-2019-2999

Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

4.7CVSS4.9AI score0.02008EPSS
CVE
CVE
added 2019/08/16 4:15 p.m.336 views

CVE-2019-5477

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizer#load_file is being called with unsafe user input as the filename. This vu...

9.8CVSS9.4AI score0.01307EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.336 views

CVE-2020-14619

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks...

6.5CVSS6.2AI score0.00729EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.336 views

CVE-2020-14656

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac...

4.9CVSS4.9AI score0.00415EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.336 views

CVE-2020-2892

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful att...

4.9CVSS4.8AI score0.00431EPSS
Total number of security vulnerabilities4105