Lucene search

K
CanonicalUbuntu Linux

4105 matches found

CVE
CVE
added 2020/01/15 5:15 p.m.331 views

CVE-2020-2627

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks...

6.5CVSS6.2AI score0.00183EPSS
CVE
CVE
added 2021/03/20 10:15 p.m.331 views

CVE-2020-27170

An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affe...

4.7CVSS6AI score0.00147EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.331 views

CVE-2020-2755

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple proto...

4.3CVSS4.2AI score0.00152EPSS
CVE
CVE
added 2015/11/18 4:59 p.m.330 views

CVE-2015-8035

The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.

2.6CVSS6.6AI score0.01051EPSS
CVE
CVE
added 2017/10/17 1:29 p.m.330 views

CVE-2017-13080

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.

5.3CVSS6.9AI score0.01473EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.330 views

CVE-2018-5146

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird

8.8CVSS7AI score0.26243EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.330 views

CVE-2019-2957

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Suc...

4.9CVSS4.8AI score0.00442EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.330 views

CVE-2019-3018

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of t...

4.4CVSS4.4AI score0.00534EPSS
CVE
CVE
added 2020/10/21 3:15 p.m.330 views

CVE-2020-14837

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful att...

6.8CVSS5AI score0.00201EPSS
CVE
CVE
added 2018/06/20 1:29 p.m.329 views

CVE-2018-1120

A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call ...

5.3CVSS6.3AI score0.00986EPSS
Web
CVE
CVE
added 2019/10/16 6:15 p.m.329 views

CVE-2019-2993

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Serv...

5.3CVSS5.2AI score0.00905EPSS
CVE
CVE
added 2019/03/21 4:1 p.m.329 views

CVE-2019-7222

The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.

5.5CVSS6.4AI score0.00044EPSS
CVE
CVE
added 2020/05/22 7:15 p.m.329 views

CVE-2020-12397

By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird

4.3CVSS6AI score0.00184EPSS
CVE
CVE
added 2020/01/03 1:15 a.m.329 views

CVE-2020-5312

libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.

9.8CVSS9.4AI score0.0229EPSS
CVE
CVE
added 2018/02/23 11:29 p.m.328 views

CVE-2018-1305

Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that po...

6.5CVSS6.3AI score0.17655EPSS
CVE
CVE
added 2018/06/21 8:29 p.m.328 views

CVE-2018-3665

System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.

5.6CVSS6AI score0.01319EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.328 views

CVE-2019-3004

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks...

6.5CVSS6.1AI score0.00905EPSS
CVE
CVE
added 2020/01/15 5:15 p.m.328 views

CVE-2020-2583

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

4.3CVSS4.3AI score0.00287EPSS
CVE
CVE
added 2020/01/15 5:15 p.m.328 views

CVE-2020-2590

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerb...

4.3CVSS4.4AI score0.00286EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.328 views

CVE-2020-2897

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful att...

4.9CVSS4.8AI score0.00448EPSS
CVE
CVE
added 2020/08/21 9:15 p.m.328 views

CVE-2020-8620

In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit.

7.5CVSS7.3AI score0.0682EPSS
CVE
CVE
added 2018/08/09 9:29 p.m.327 views

CVE-2018-10925

It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memo...

8.1CVSS7.7AI score0.00452EPSS
CVE
CVE
added 2019/01/11 7:29 p.m.327 views

CVE-2018-16866

An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.

4.3CVSS5.3AI score0.0011EPSS
CVE
CVE
added 2019/11/18 6:15 a.m.327 views

CVE-2019-19056

A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-db8fd2cde932.

4.7CVSS6.4AI score0.00089EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.327 views

CVE-2019-2963

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

4.9CVSS4.8AI score0.00514EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.327 views

CVE-2020-14586

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Suc...

4.9CVSS4.9AI score0.00562EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.327 views

CVE-2020-14634

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

4CVSS3AI score0.005EPSS
CVE
CVE
added 2020/07/15 10:15 p.m.327 views

CVE-2020-15780

An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30.

7.2CVSS6.6AI score0.00776EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.327 views

CVE-2020-2756

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via mul...

4.3CVSS4.2AI score0.00219EPSS
CVE
CVE
added 2017/08/09 9:29 p.m.326 views

CVE-2017-12762

In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. This affects the Linux kernel 4.9-stable tree, 4.12-stable tree, 3.18-stable tree, and 4.4-stable tree.

10CVSS8.6AI score0.00967EPSS
CVE
CVE
added 2019/04/09 3:29 a.m.326 views

CVE-2019-0816

A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init, aka 'Azure SSH Keypairs Security Feature Bypass Vulnerability'.

5.1CVSS4.9AI score0.001EPSS
CVE
CVE
added 2019/07/05 1:15 a.m.326 views

CVE-2019-13304

ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment.

7.8CVSS8.2AI score0.00195EPSS
CVE
CVE
added 2019/10/10 6:15 p.m.326 views

CVE-2019-17455

Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request.

9.8CVSS9.2AI score0.03934EPSS
CVE
CVE
added 2019/11/27 11:15 p.m.326 views

CVE-2019-18660

The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c.

4.7CVSS6.5AI score0.00043EPSS
CVE
CVE
added 2019/11/18 6:15 a.m.326 views

CVE-2019-19052

A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486.

7.8CVSS7.5AI score0.01686EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.326 views

CVE-2019-2997

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

4.9CVSS4.8AI score0.00358EPSS
CVE
CVE
added 2019/04/11 4:29 p.m.326 views

CVE-2019-3459

A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.

6.5CVSS6.8AI score0.00188EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.326 views

CVE-2020-14624

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks ...

4.9CVSS4.9AI score0.00415EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.326 views

CVE-2020-14651

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf...

5.5CVSS5.4AI score0.00383EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.326 views

CVE-2020-14702

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Suc...

4.9CVSS4.9AI score0.00415EPSS
CVE
CVE
added 2020/01/15 5:15 p.m.326 views

CVE-2020-2570

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Suc...

5.9CVSS5.5AI score0.00471EPSS
CVE
CVE
added 2018/09/18 5:29 p.m.325 views

CVE-2018-1000802

Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary fil...

9.8CVSS9.8AI score0.23977EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.325 views

CVE-2018-3155

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL ...

7.7CVSS6.1AI score0.00342EPSS
CVE
CVE
added 2019/07/15 2:15 a.m.325 views

CVE-2019-1010006

Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_rend...

7.8CVSS7.7AI score0.0063EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.325 views

CVE-2019-3009

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection). Supported versions that are affected are 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful ...

4.4CVSS4.4AI score0.00514EPSS
CVE
CVE
added 2019/02/26 2:29 a.m.325 views

CVE-2019-9169

In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.

9.8CVSS9.3AI score0.09522EPSS
CVE
CVE
added 2019/08/15 10:15 p.m.325 views

CVE-2019-9852

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice insta...

7.8CVSS8.9AI score0.92577EPSS
CVE
CVE
added 2020/05/27 3:15 p.m.325 views

CVE-2020-13631

SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.

5.5CVSS6.7AI score0.00111EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.325 views

CVE-2020-14620

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

4.9CVSS4.9AI score0.00415EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.325 views

CVE-2020-14680

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful atta...

6.5CVSS6.2AI score0.00539EPSS
Total number of security vulnerabilities4105