Lucene search

K
CanonicalUbuntu Linux

4105 matches found

CVE
CVE
added 2019/01/29 12:29 a.m.267 views

CVE-2019-7150

An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-o...

5.5CVSS6.9AI score0.00104EPSS
CVE
CVE
added 2019/07/11 8:15 p.m.266 views

CVE-2019-1010319

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https:/...

5.5CVSS5.9AI score0.01041EPSS
CVE
CVE
added 2020/01/08 8:15 p.m.266 views

CVE-2019-11759

An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an attacker to execute arbitrary code or more likely lead to a crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR

8.8CVSS8.5AI score0.03345EPSS
CVE
CVE
added 2019/09/06 10:15 p.m.266 views

CVE-2019-9445

In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.

4.4CVSS4.9AI score0.00241EPSS
CVE
CVE
added 2020/06/21 5:15 p.m.266 views

CVE-2020-14954

Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection."

5.9CVSS5.7AI score0.04646EPSS
CVE
CVE
added 2020/04/17 7:15 p.m.266 views

CVE-2020-1751

An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest thr...

7CVSS7AI score0.00236EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.266 views

CVE-2020-2778

Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability...

4.3CVSS3.7AI score0.00426EPSS
CVE
CVE
added 2015/04/24 5:59 p.m.265 views

CVE-2015-3414

SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrate...

7.5CVSS8.2AI score0.03384EPSS
CVE
CVE
added 2019/08/13 2:15 p.m.265 views

CVE-2017-18509

An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue...

7.8CVSS7.7AI score0.00172EPSS
CVE
CVE
added 2020/01/08 8:15 p.m.265 views

CVE-2019-11762

If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR

6.1CVSS6.7AI score0.00405EPSS
CVE
CVE
added 2019/10/31 9:15 p.m.265 views

CVE-2019-13508

FreeTDS through 1.1.11 has a Buffer Overflow.

9.8CVSS9.2AI score0.0048EPSS
CVE
CVE
added 2019/08/07 3:15 p.m.265 views

CVE-2019-14744

In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop ...

7.8CVSS7.6AI score0.01082EPSS
CVE
CVE
added 2020/05/15 5:15 p.m.265 views

CVE-2020-11524

libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.

6.6CVSS6.5AI score0.00533EPSS
CVE
CVE
added 2020/03/25 10:15 p.m.265 views

CVE-2020-6805

When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR

8.8CVSS9AI score0.01513EPSS
CVE
CVE
added 2016/02/18 9:59 p.m.264 views

CVE-2015-7547

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a...

8.1CVSS8.4AI score0.93421EPSS
CVE
CVE
added 2019/06/25 12:15 p.m.264 views

CVE-2019-12817

arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected.

7CVSS7.4AI score0.00067EPSS
CVE
CVE
added 2020/06/02 2:15 p.m.264 views

CVE-2020-13754

hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation.

6.7CVSS6.2AI score0.00031EPSS
CVE
CVE
added 2016/01/09 2:59 a.m.263 views

CVE-2015-7575

Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof se...

5.9CVSS6.1AI score0.02005EPSS
CVE
CVE
added 2018/12/12 5:29 p.m.263 views

CVE-2018-20103

An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaustion.

7.5CVSS7.2AI score0.00089EPSS
CVE
CVE
added 2020/01/08 8:15 p.m.263 views

CVE-2019-11761

By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects Firefox < 70, Th...

5.8CVSS6.4AI score0.00473EPSS
CVE
CVE
added 2019/05/16 7:29 p.m.263 views

CVE-2019-3839

It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript ...

7.8CVSS7.7AI score0.64616EPSS
CVE
CVE
added 2020/04/14 11:15 p.m.263 views

CVE-2020-11764

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.

5.5CVSS5.6AI score0.00493EPSS
CVE
CVE
added 2020/06/15 5:15 p.m.263 views

CVE-2020-14154

Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate.

5.8CVSS5.2AI score0.00617EPSS
CVE
CVE
added 2020/09/15 7:15 p.m.263 views

CVE-2020-14362

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

7.8CVSS7.9AI score0.00103EPSS
CVE
CVE
added 2020/06/17 10:15 p.m.263 views

CVE-2020-8618

An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients.

4.9CVSS5.2AI score0.01089EPSS
CVE
CVE
added 2023/07/26 2:15 a.m.263 views

CVE-2023-32629

Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels

7.8CVSS7.8AI score0.62699EPSS
CVE
CVE
added 2018/07/26 7:29 p.m.262 views

CVE-2017-18344

The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applic...

5.5CVSS6.1AI score0.09371EPSS
CVE
CVE
added 2018/02/08 5:29 p.m.262 views

CVE-2018-1000030

Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are han...

3.6CVSS6.4AI score0.01611EPSS
CVE
CVE
added 2018/10/25 8:29 p.m.262 views

CVE-2018-14665

A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root p...

7.2CVSS7AI score0.03795EPSS
Web
CVE
CVE
added 2019/01/03 3:29 p.m.262 views

CVE-2018-16876

ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.

5.3CVSS5AI score0.01032EPSS
CVE
CVE
added 2019/07/05 1:15 a.m.262 views

CVE-2019-13308

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCore/fourier.c in ComplexImage.

8.8CVSS8.6AI score0.00966EPSS
CVE
CVE
added 2020/01/08 10:15 p.m.262 views

CVE-2019-17010

Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox

7.5CVSS7.7AI score0.00953EPSS
CVE
CVE
added 2020/04/13 7:15 p.m.262 views

CVE-2020-11736

fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.

3.9CVSS4AI score0.00062EPSS
CVE
CVE
added 2020/08/10 6:15 p.m.262 views

CVE-2020-15659

Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects F...

9.3CVSS9.2AI score0.0078EPSS
CVE
CVE
added 2017/11/06 5:29 p.m.261 views

CVE-2015-7529

sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date.

7.8CVSS7.1AI score0.00058EPSS
CVE
CVE
added 2016/02/25 1:59 a.m.261 views

CVE-2016-0714

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged ...

8.8CVSS8.1AI score0.0787EPSS
CVE
CVE
added 2016/04/12 11:59 p.m.261 views

CVE-2016-2118

The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stre...

7.5CVSS7.2AI score0.78649EPSS
CVE
CVE
added 2017/10/17 1:29 p.m.261 views

CVE-2017-13078

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.

5.3CVSS6.7AI score0.01113EPSS
CVE
CVE
added 2018/03/14 6:29 p.m.261 views

CVE-2018-1000122

A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage

9.1CVSS7.6AI score0.01477EPSS
CVE
CVE
added 2018/12/02 10:29 a.m.261 views

CVE-2018-19787

An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-3...

6.1CVSS6.1AI score0.08192EPSS
Web
CVE
CVE
added 2020/01/08 10:15 p.m.261 views

CVE-2019-17016

When pasting a tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox

6.1CVSS6.8AI score0.01834EPSS
CVE
CVE
added 2019/01/25 6:29 p.m.261 views

CVE-2019-3819

A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ("root") can cause a system lock up and a denial of service. Versions from v4.18 and...

4.9CVSS5.1AI score0.00011EPSS
CVE
CVE
added 2019/02/06 8:29 p.m.261 views

CVE-2019-3823

libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to smtp_endofresp() isn't NUL terminated and contains no character ending the parsed number, and len is set to 5, then the strtol() call ...

7.5CVSS8.5AI score0.01581EPSS
CVE
CVE
added 2020/06/01 2:15 p.m.261 views

CVE-2020-12867

A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075.

5.5CVSS5.4AI score0.00113EPSS
CVE
CVE
added 2018/02/16 9:29 p.m.260 views

CVE-2018-1049

In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denia...

5.9CVSS5.5AI score0.00764EPSS
CVE
CVE
added 2018/01/18 2:29 a.m.260 views

CVE-2018-2668

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols...

6.8CVSS6.3AI score0.00344EPSS
CVE
CVE
added 2018/07/18 1:29 p.m.260 views

CVE-2018-2767

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multi...

3.5CVSS3.6AI score0.00383EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.260 views

CVE-2018-2813

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to co...

4.3CVSS4.2AI score0.00269EPSS
CVE
CVE
added 2020/01/17 2:15 a.m.260 views

CVE-2019-17361

In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host.

9.8CVSS9.8AI score0.1468EPSS
CVE
CVE
added 2019/10/14 2:15 a.m.260 views

CVE-2019-17544

libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character.

9.1CVSS9AI score0.00344EPSS
Total number of security vulnerabilities4105