Lucene search

K
CanonicalUbuntu Linux

4105 matches found

CVE
CVE
added 2019/11/18 6:15 a.m.290 views

CVE-2019-19074

A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.

7.8CVSS7.8AI score0.00574EPSS
CVE
CVE
added 2019/07/11 7:15 p.m.289 views

CVE-2019-10192

A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up...

7.2CVSS6.8AI score0.16771EPSS
CVE
CVE
added 2020/03/02 5:15 a.m.289 views

CVE-2020-6794

If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Thunderbird 60. The new master passwo...

6.5CVSS6.8AI score0.00326EPSS
CVE
CVE
added 2014/03/24 4:40 p.m.288 views

CVE-2014-2523

net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet...

10CVSS7.2AI score0.03555EPSS
CVE
CVE
added 2016/02/17 3:59 p.m.288 views

CVE-2016-0766

PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors.

9CVSS8.6AI score0.00971EPSS
CVE
CVE
added 2019/02/05 9:29 p.m.288 views

CVE-2018-18500

A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, ...

9.8CVSS7.1AI score0.28802EPSS
CVE
CVE
added 2019/08/19 10:15 p.m.288 views

CVE-2019-15218

An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver.

4.9CVSS6.1AI score0.00099EPSS
CVE
CVE
added 2020/01/08 4:15 p.m.288 views

CVE-2019-5188

A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.

7.5CVSS6.9AI score0.00041EPSS
CVE
CVE
added 2020/03/02 5:15 a.m.288 views

CVE-2020-6792

When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. This vulnerability affects Thunderbird

4.3CVSS5.6AI score0.00779EPSS
CVE
CVE
added 2017/10/03 1:29 a.m.287 views

CVE-2017-14495

Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation.

7.5CVSS8.2AI score0.60149EPSS
CVE
CVE
added 2018/10/30 6:29 p.m.287 views

CVE-2018-18281

Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical...

7.8CVSS6.1AI score0.00403EPSS
CVE
CVE
added 2018/07/18 1:29 p.m.287 views

CVE-2018-3063

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.60 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4.9CVSS5AI score0.00131EPSS
CVE
CVE
added 2020/05/26 6:15 p.m.287 views

CVE-2020-12392

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. This vulner...

5.5CVSS6.4AI score0.00151EPSS
CVE
CVE
added 2020/01/08 10:15 p.m.286 views

CVE-2019-17011

Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox

7.5CVSS7.7AI score0.00953EPSS
CVE
CVE
added 2020/03/02 11:15 p.m.286 views

CVE-2020-10018

WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling.

9.8CVSS9.6AI score0.02562EPSS
CVE
CVE
added 2023/07/26 2:15 a.m.286 views

CVE-2023-2640

On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks.

7.8CVSS7.5AI score0.92037EPSS
CVE
CVE
added 2018/03/14 6:29 p.m.285 views

CVE-2018-1000120

A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.

9.8CVSS7.5AI score0.01385EPSS
CVE
CVE
added 2018/07/02 12:29 p.m.285 views

CVE-2018-13053

The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used.

3.3CVSS6.6AI score0.00063EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.285 views

CVE-2019-13753

Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

6.5CVSS6.2AI score0.02219EPSS
CVE
CVE
added 2019/11/18 6:15 a.m.285 views

CVE-2019-19058

A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures, aka CID-b4b814fec1a5.

4.7CVSS6.2AI score0.001EPSS
CVE
CVE
added 2020/05/26 5:15 p.m.285 views

CVE-2020-12395

Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects F...

10CVSS9.8AI score0.01231EPSS
CVE
CVE
added 2020/04/24 1:15 p.m.284 views

CVE-2020-12137

GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conc...

6.1CVSS6.1AI score0.00494EPSS
CVE
CVE
added 2020/09/15 2:15 p.m.284 views

CVE-2020-14345

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

7.8CVSS7.7AI score0.00062EPSS
CVE
CVE
added 2018/06/11 10:29 a.m.283 views

CVE-2018-10360

The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.

6.5CVSS5.4AI score0.01819EPSS
CVE
CVE
added 2018/07/25 1:29 p.m.283 views

CVE-2018-10880

Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.

7.1CVSS5.9AI score0.0153EPSS
CVE
CVE
added 2018/04/17 8:29 p.m.283 views

CVE-2018-6797

An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.

9.8CVSS7.1AI score0.01877EPSS
CVE
CVE
added 2018/03/20 5:29 p.m.283 views

CVE-2018-8822

Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the kernel or execute c...

7.8CVSS7.4AI score0.00058EPSS
CVE
CVE
added 2020/06/15 5:15 a.m.283 views

CVE-2020-14093

Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.

5.9CVSS5.6AI score0.01112EPSS
CVE
CVE
added 2008/05/05 4:20 p.m.282 views

CVE-2008-2079

MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory...

4.6CVSS7.4AI score0.00513EPSS
CVE
CVE
added 2018/07/26 7:29 p.m.282 views

CVE-2015-9261

huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file.

5.5CVSS6.9AI score0.00257EPSS
CVE
CVE
added 2019/11/18 6:15 a.m.282 views

CVE-2019-19066

A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka CID-0e62395da2bd.

4.7CVSS6.4AI score0.00085EPSS
CVE
CVE
added 2020/05/21 5:15 p.m.282 views

CVE-2020-13113

An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions.

8.2CVSS8.5AI score0.0074EPSS
CVE
CVE
added 2020/06/24 12:15 p.m.282 views

CVE-2020-15011

GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page.

4.3CVSS5.6AI score0.01089EPSS
CVE
CVE
added 2016/04/25 12:59 a.m.281 views

CVE-2016-2115

Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream.

5.9CVSS6.6AI score0.23265EPSS
In wild
CVE
CVE
added 2019/03/21 4:1 p.m.281 views

CVE-2019-6116

In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.

7.8CVSS8.1AI score0.64616EPSS
CVE
CVE
added 2018/06/07 1:29 p.m.279 views

CVE-2018-12015

In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

7.5CVSS7.6AI score0.07707EPSS
CVE
CVE
added 2020/07/31 10:15 p.m.279 views

CVE-2020-14311

There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.

6CVSS7AI score0.00033EPSS
CVE
CVE
added 2020/03/25 10:15 p.m.279 views

CVE-2020-6806

By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox...

8.8CVSS9AI score0.05209EPSS
CVE
CVE
added 2019/07/03 7:15 p.m.278 views

CVE-2019-5051

An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.

8.8CVSS8.7AI score0.02289EPSS
CVE
CVE
added 2018/07/26 6:29 p.m.277 views

CVE-2018-10878

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.

7.8CVSS7.4AI score0.00058EPSS
CVE
CVE
added 2018/12/03 5:29 p.m.277 views

CVE-2018-19824

In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.

7.8CVSS6.9AI score0.00062EPSS
CVE
CVE
added 2020/01/08 10:15 p.m.277 views

CVE-2019-17005

The plain text serializer used a fixed-size array for the number of elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and F...

8.8CVSS8.7AI score0.01659EPSS
CVE
CVE
added 2019/12/03 4:15 p.m.277 views

CVE-2019-19524

In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9.

4.9CVSS6.6AI score0.00075EPSS
CVE
CVE
added 2020/03/25 10:15 p.m.277 views

CVE-2020-6812

The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that ren...

5.3CVSS6.6AI score0.00618EPSS
CVE
CVE
added 2017/12/20 11:29 p.m.276 views

CVE-2017-17805

The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or h...

7.8CVSS7.5AI score0.00109EPSS
CVE
CVE
added 2018/10/31 6:29 p.m.276 views

CVE-2018-16839

Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.

9.8CVSS9.3AI score0.00335EPSS
CVE
CVE
added 2019/07/03 2:15 p.m.276 views

CVE-2019-13164

qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass.

7.8CVSS7.3AI score0.00021EPSS
CVE
CVE
added 2020/09/02 5:15 p.m.276 views

CVE-2020-15811

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the b...

6.5CVSS6.8AI score0.00118EPSS
CVE
CVE
added 2017/11/15 9:29 p.m.275 views

CVE-2017-15115

The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted sys...

7.8CVSS7.7AI score0.00056EPSS
CVE
CVE
added 2018/01/09 7:29 p.m.275 views

CVE-2017-15129

A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and ...

4.9CVSS6.1AI score0.00069EPSS
Total number of security vulnerabilities4105