Lucene search

K
CanonicalUbuntu Linux

4105 matches found

CVE
CVE
added 2018/04/03 10:29 p.m.317 views

CVE-2018-8780

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed.

9.1CVSS7.1AI score0.01144EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.317 views

CVE-2019-2969

Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Ser...

6.2CVSS5.8AI score0.00893EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.317 views

CVE-2019-2978

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

4.3CVSS4AI score0.00187EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.317 views

CVE-2020-14656

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac...

4.9CVSS4.9AI score0.00415EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.317 views

CVE-2020-2892

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful att...

4.9CVSS4.8AI score0.00431EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.317 views

CVE-2020-2893

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

4.9CVSS4.8AI score0.00448EPSS
CVE
CVE
added 2020/03/25 10:15 p.m.317 views

CVE-2020-6811

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execu...

8.8CVSS9.1AI score0.01497EPSS
CVE
CVE
added 2014/03/11 1:1 p.m.316 views

CVE-2014-0101

The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system cra...

7.8CVSS5.9AI score0.03091EPSS
CVE
CVE
added 2018/01/24 10:29 p.m.316 views

CVE-2018-1000007

libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned...

9.8CVSS8AI score0.06767EPSS
CVE
CVE
added 2018/01/18 2:29 a.m.316 views

CVE-2018-2562

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocol...

7.5CVSS6.7AI score0.00399EPSS
CVE
CVE
added 2019/11/18 6:15 a.m.316 views

CVE-2019-19065

A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures, aka CID-34b3be18a04e. NOTE: This has been disputed as not a vulnerability beca...

4.7CVSS4.3AI score0.00057EPSS
CVE
CVE
added 2019/07/23 11:15 p.m.316 views

CVE-2019-2757

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise My...

4.9CVSS4.8AI score0.00754EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.316 views

CVE-2019-2999

Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

4.7CVSS4.9AI score0.02008EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.316 views

CVE-2019-3003

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

4.9CVSS4.8AI score0.00419EPSS
CVE
CVE
added 2019/08/15 10:15 p.m.316 views

CVE-2019-9851

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers, ...

9.8CVSS9.1AI score0.85073EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.316 views

CVE-2020-14619

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks...

6.5CVSS6.2AI score0.00729EPSS
CVE
CVE
added 2016/01/31 6:59 p.m.315 views

CVE-2016-1947

Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of reputation data.

4.7CVSS6.6AI score0.00597EPSS
CVE
CVE
added 2018/04/23 7:29 p.m.315 views

CVE-2018-8781

The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code...

7.8CVSS7.5AI score0.00101EPSS
CVE
CVE
added 2019/11/14 7:15 p.m.315 views

CVE-2019-0154

Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A an...

5.5CVSS6.7AI score0.0008EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.315 views

CVE-2019-2964

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multi...

4.3CVSS3.9AI score0.00256EPSS
CVE
CVE
added 2019/08/17 6:15 p.m.314 views

CVE-2019-15133

In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero.

6.5CVSS6.4AI score0.00151EPSS
CVE
CVE
added 2019/11/18 6:15 a.m.314 views

CVE-2019-19075

A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures, aka CID-6402939ec86e.

7.8CVSS7.5AI score0.00845EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.314 views

CVE-2020-14578

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols ...

4.3CVSS4.3AI score0.00113EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.314 views

CVE-2020-2901

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful att...

4.9CVSS4.8AI score0.00461EPSS
CVE
CVE
added 2020/02/14 5:15 a.m.314 views

CVE-2020-8992

ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size.

5.5CVSS5.5AI score0.00068EPSS
CVE
CVE
added 2016/06/27 10:59 a.m.313 views

CVE-2016-1583

The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.

7.8CVSS7.4AI score0.00297EPSS
CVE
CVE
added 2019/01/09 4:29 p.m.313 views

CVE-2018-20679

An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option()...

7.5CVSS7.9AI score0.11309EPSS
CVE
CVE
added 2020/01/15 5:15 p.m.313 views

CVE-2020-2659

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols...

4.3CVSS4.3AI score0.00166EPSS
CVE
CVE
added 2019/07/05 1:15 a.m.312 views

CVE-2019-13295

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled.

8.8CVSS8.5AI score0.00355EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.312 views

CVE-2019-2988

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple proto...

4.3CVSS4AI score0.00241EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.312 views

CVE-2020-14575

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

4.9CVSS4.9AI score0.00562EPSS
CVE
CVE
added 2018/08/22 2:29 p.m.311 views

CVE-2018-1139

A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client.

8.1CVSS7.6AI score0.02128EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.311 views

CVE-2018-3278

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: RBR). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to c...

4.9CVSS5AI score0.00159EPSS
CVE
CVE
added 2019/09/13 1:15 p.m.311 views

CVE-2019-15031

In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers...

4.4CVSS5.8AI score0.00083EPSS
CVE
CVE
added 2020/04/07 5:15 p.m.311 views

CVE-2020-11609

An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid descriptors, as demonstrated by a NULL pointer dereference, aka CID-485b06aadb93.

4.9CVSS5.2AI score0.0007EPSS
CVE
CVE
added 2020/04/17 1:15 p.m.311 views

CVE-2020-11793

A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash).

8.8CVSS9AI score0.0079EPSS
CVE
CVE
added 2020/06/09 5:15 a.m.311 views

CVE-2020-13974

An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case.

7.8CVSS7.3AI score0.00077EPSS
CVE
CVE
added 2017/10/03 1:29 a.m.310 views

CVE-2017-14494

dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.

5.9CVSS7.3AI score0.15405EPSS
Web
CVE
CVE
added 2017/05/01 1:59 a.m.310 views

CVE-2017-6519

avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information...

9.1CVSS8.8AI score0.01232EPSS
CVE
CVE
added 2018/05/23 2:29 p.m.310 views

CVE-2018-1122

procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.

7.3CVSS7.4AI score0.00324EPSS
CVE
CVE
added 2018/10/31 7:29 p.m.310 views

CVE-2018-16842

Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.

9.1CVSS8.5AI score0.00126EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.310 views

CVE-2018-3144

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Audit). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compr...

5.9CVSS5.5AI score0.00601EPSS
CVE
CVE
added 2019/07/05 1:15 a.m.310 views

CVE-2019-13301

ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error.

6.5CVSS7.1AI score0.00181EPSS
CVE
CVE
added 2019/07/05 1:15 a.m.310 views

CVE-2019-13311

ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error.

6.5CVSS7.1AI score0.00175EPSS
CVE
CVE
added 2020/01/08 5:15 p.m.310 views

CVE-2019-20367

nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab).

9.1CVSS8.9AI score0.02365EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.310 views

CVE-2019-2948

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL S...

4.9CVSS4.8AI score0.00419EPSS
CVE
CVE
added 2018/11/28 2:29 p.m.309 views

CVE-2018-16851

Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of 256MB. When this size ...

6.5CVSS6.3AI score0.12309EPSS
CVE
CVE
added 2019/07/05 1:15 a.m.309 views

CVE-2019-13306

ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors.

7.8CVSS8.1AI score0.00149EPSS
CVE
CVE
added 2020/08/05 2:15 p.m.309 views

CVE-2020-14347

A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.

5.5CVSS6.3AI score0.0002EPSS
CVE
CVE
added 2019/07/05 1:15 a.m.308 views

CVE-2019-13305

ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error.

7.8CVSS8.2AI score0.00195EPSS
Total number of security vulnerabilities4105