Lucene search

K
CanonicalUbuntu Linux

4105 matches found

CVE
CVE
added 2018/10/17 7:29 p.m.271 views

CVE-2018-18445

In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles 32-bit right shifts.

7.8CVSS7.2AI score0.00044EPSS
CVE
CVE
added 2019/07/14 9:15 p.m.271 views

CVE-2019-13602

An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.

7.8CVSS8.9AI score0.00477EPSS
CVE
CVE
added 2020/02/04 8:15 p.m.271 views

CVE-2020-8517

An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexp...

7.5CVSS7.4AI score0.00656EPSS
CVE
CVE
added 2007/12/13 6:46 p.m.270 views

CVE-2007-5000

Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified v...

4.3CVSS8AI score0.88746EPSS
CVE
CVE
added 2019/02/05 9:29 p.m.270 views

CVE-2018-18500

A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, ...

9.8CVSS7.1AI score0.28802EPSS
CVE
CVE
added 2018/02/12 7:29 p.m.270 views

CVE-2018-6927

The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value.

7.8CVSS7AI score0.00084EPSS
CVE
CVE
added 2018/03/20 5:29 p.m.270 views

CVE-2018-8822

Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the kernel or execute c...

7.8CVSS7.4AI score0.00058EPSS
CVE
CVE
added 2019/10/03 5:15 p.m.270 views

CVE-2019-15166

lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.

7.5CVSS6.8AI score0.00544EPSS
CVE
CVE
added 2019/12/22 8:15 p.m.270 views

CVE-2019-19922

kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. (In other words, alth...

5.5CVSS6.4AI score0.00144EPSS
CVE
CVE
added 2019/02/09 4:29 p.m.270 views

CVE-2019-7665

In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.

5.5CVSS6.9AI score0.00108EPSS
CVE
CVE
added 2020/05/26 6:15 p.m.270 views

CVE-2020-12392

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. This vulner...

5.5CVSS6.4AI score0.00151EPSS
CVE
CVE
added 2020/05/22 6:15 p.m.270 views

CVE-2020-13396

An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c.

7.1CVSS6.9AI score0.0042EPSS
CVE
CVE
added 2019/07/01 8:15 p.m.269 views

CVE-2019-13135

ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c.

8.8CVSS8.4AI score0.01398EPSS
CVE
CVE
added 2020/01/08 10:15 p.m.269 views

CVE-2019-17011

Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox

7.5CVSS7.7AI score0.00953EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.269 views

CVE-2020-2767

Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability...

5.8CVSS4.6AI score0.00502EPSS
CVE
CVE
added 2015/03/30 10:59 a.m.268 views

CVE-2015-2301

Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name o...

7.5CVSS7.9AI score0.08969EPSS
CVE
CVE
added 2018/10/31 10:29 p.m.268 views

CVE-2016-6328

A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications' private data).

8.1CVSS7.8AI score0.01162EPSS
CVE
CVE
added 2019/07/11 7:15 p.m.268 views

CVE-2019-10193

A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past t...

7.2CVSS6.8AI score0.34565EPSS
CVE
CVE
added 2019/08/19 10:15 p.m.268 views

CVE-2019-15212

An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver.

4.9CVSS5.9AI score0.00108EPSS
CVE
CVE
added 2019/11/18 6:15 a.m.268 views

CVE-2019-19054

A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b.

4.7CVSS6.2AI score0.00076EPSS
CVE
CVE
added 2019/01/09 4:29 p.m.268 views

CVE-2019-5747

An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP client, server, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte len...

7.5CVSS8.1AI score0.11309EPSS
CVE
CVE
added 2020/05/26 5:15 p.m.268 views

CVE-2020-12395

Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects F...

10CVSS9.8AI score0.01231EPSS
CVE
CVE
added 2018/03/02 8:29 a.m.267 views

CVE-2018-1066

The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation res...

7.1CVSS6.3AI score0.02556EPSS
CVE
CVE
added 2018/08/17 6:29 p.m.267 views

CVE-2018-15471

An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. The Linux netback driver allows frontends to control mapping of requests to request queues. When processing a request to set or ...

7.8CVSS8.3AI score0.00088EPSS
CVE
CVE
added 2018/03/30 9:29 p.m.267 views

CVE-2018-7566

The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.

7.8CVSS6.9AI score0.00082EPSS
CVE
CVE
added 2019/03/21 4:1 p.m.267 views

CVE-2019-6778

In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.

7.8CVSS6.5AI score0.00073EPSS
CVE
CVE
added 2018/09/05 6:29 a.m.266 views

CVE-2018-16509

An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.

9.3CVSS7.2AI score0.92401EPSS
CVE
CVE
added 2019/05/10 7:29 p.m.266 views

CVE-2019-5018

An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this vulnerabi...

8.1CVSS8.3AI score0.07405EPSS
CVE
CVE
added 2019/09/06 10:15 p.m.266 views

CVE-2019-9445

In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.

4.4CVSS4.9AI score0.00241EPSS
CVE
CVE
added 2020/04/17 7:15 p.m.266 views

CVE-2020-1751

An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest thr...

7CVSS7AI score0.00181EPSS
CVE
CVE
added 2020/09/09 9:15 p.m.266 views

CVE-2020-25219

url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion.

7.5CVSS7.2AI score0.01204EPSS
CVE
CVE
added 2020/01/03 1:15 a.m.266 views

CVE-2020-5310

libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.

8.8CVSS8.8AI score0.00513EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.265 views

CVE-2018-2755

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure wher...

7.7CVSS6.6AI score0.00159EPSS
CVE
CVE
added 2019/07/11 8:15 p.m.265 views

CVE-2019-1010319

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https:/...

5.5CVSS5.9AI score0.01041EPSS
CVE
CVE
added 2019/10/31 9:15 p.m.265 views

CVE-2019-13508

FreeTDS through 1.1.11 has a Buffer Overflow.

9.8CVSS9.2AI score0.0048EPSS
CVE
CVE
added 2019/01/29 12:29 a.m.265 views

CVE-2019-7150

An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-o...

5.5CVSS6.9AI score0.00104EPSS
CVE
CVE
added 2020/06/21 5:15 p.m.265 views

CVE-2020-14954

Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection."

5.9CVSS5.7AI score0.04646EPSS
CVE
CVE
added 2023/07/26 2:15 a.m.265 views

CVE-2023-2640

On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks.

7.8CVSS7.5AI score0.92037EPSS
CVE
CVE
added 2016/02/15 7:59 p.m.264 views

CVE-2016-0742

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.

7.5CVSS7.8AI score0.77828EPSS
CVE
CVE
added 2018/12/03 5:29 p.m.264 views

CVE-2018-19824

In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.

7.8CVSS6.9AI score0.00063EPSS
CVE
CVE
added 2019/08/07 3:15 p.m.264 views

CVE-2019-14744

In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop ...

7.8CVSS7.6AI score0.01082EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.264 views

CVE-2020-2778

Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability...

4.3CVSS3.7AI score0.00426EPSS
CVE
CVE
added 2016/02/18 9:59 p.m.263 views

CVE-2015-7547

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a...

8.1CVSS8.4AI score0.91802EPSS
Web
CVE
CVE
added 2019/06/25 12:15 p.m.263 views

CVE-2019-12817

arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected.

7CVSS7.4AI score0.00067EPSS
CVE
CVE
added 2020/05/15 5:15 p.m.263 views

CVE-2020-11524

libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.

6.6CVSS6.5AI score0.00533EPSS
CVE
CVE
added 2020/04/14 11:15 p.m.263 views

CVE-2020-11764

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.

5.5CVSS5.6AI score0.00493EPSS
CVE
CVE
added 2015/04/24 5:59 p.m.262 views

CVE-2015-3414

SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrate...

7.5CVSS8.2AI score0.03384EPSS
CVE
CVE
added 2018/01/09 7:29 p.m.262 views

CVE-2017-15129

A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and ...

4.9CVSS6.1AI score0.00069EPSS
CVE
CVE
added 2018/12/12 5:29 p.m.262 views

CVE-2018-20103

An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaustion.

7.5CVSS7.2AI score0.00089EPSS
CVE
CVE
added 2020/06/15 5:15 p.m.262 views

CVE-2020-14154

Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate.

5.8CVSS5.2AI score0.00617EPSS
Total number of security vulnerabilities4105