Lucene search

K
CanonicalUbuntu Linux

4105 matches found

CVE
CVE
added 2020/03/25 10:15 p.m.262 views

CVE-2020-6806

By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox...

8.8CVSS9AI score0.05209EPSS
CVE
CVE
added 2017/11/06 5:29 p.m.261 views

CVE-2015-7529

sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date.

7.8CVSS7.1AI score0.00058EPSS
CVE
CVE
added 2019/09/09 5:15 p.m.261 views

CVE-2019-16163

Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.

7.5CVSS8.4AI score0.00244EPSS
CVE
CVE
added 2019/05/16 7:29 p.m.261 views

CVE-2019-3839

It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript ...

7.8CVSS7.7AI score0.51412EPSS
CVE
CVE
added 2020/09/15 7:15 p.m.261 views

CVE-2020-14362

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

7.8CVSS7.9AI score0.00103EPSS
CVE
CVE
added 2019/08/13 2:15 p.m.260 views

CVE-2017-18509

An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue...

7.8CVSS7.7AI score0.00172EPSS
CVE
CVE
added 2019/07/05 1:15 a.m.260 views

CVE-2019-13308

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCore/fourier.c in ComplexImage.

8.8CVSS8.6AI score0.00966EPSS
CVE
CVE
added 2020/01/08 10:15 p.m.260 views

CVE-2019-17005

The plain text serializer used a fixed-size array for the number of elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and F...

8.8CVSS8.7AI score0.01659EPSS
CVE
CVE
added 2019/01/25 6:29 p.m.260 views

CVE-2019-3819

A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ("root") can cause a system lock up and a denial of service. Versions from v4.18 and...

4.9CVSS5.1AI score0.00035EPSS
CVE
CVE
added 2020/04/13 7:15 p.m.260 views

CVE-2020-11736

fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.

3.9CVSS4AI score0.00062EPSS
CVE
CVE
added 2020/06/01 2:15 p.m.260 views

CVE-2020-12867

A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075.

5.5CVSS5.4AI score0.00113EPSS
CVE
CVE
added 2020/06/02 2:15 p.m.260 views

CVE-2020-13754

hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation.

6.7CVSS6.2AI score0.00031EPSS
CVE
CVE
added 2020/03/25 10:15 p.m.260 views

CVE-2020-6812

The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that ren...

5.3CVSS6.6AI score0.00618EPSS
CVE
CVE
added 2020/06/17 10:15 p.m.260 views

CVE-2020-8618

An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients.

4.9CVSS5.2AI score0.01089EPSS
CVE
CVE
added 2021/04/17 5:15 a.m.260 views

CVE-2021-3492

Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (ke...

8.8CVSS7.7AI score0.24126EPSS
CVE
CVE
added 2017/10/17 1:29 p.m.259 views

CVE-2017-13078

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.

5.3CVSS6.7AI score0.01113EPSS
CVE
CVE
added 2018/07/26 7:29 p.m.259 views

CVE-2017-18344

The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applic...

5.5CVSS6.1AI score0.10404EPSS
Web
CVE
CVE
added 2018/02/08 5:29 p.m.259 views

CVE-2018-1000030

Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are han...

3.6CVSS6.4AI score0.01203EPSS
CVE
CVE
added 2018/02/16 9:29 p.m.259 views

CVE-2018-1049

In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denia...

5.9CVSS5.5AI score0.00764EPSS
CVE
CVE
added 2019/01/03 3:29 p.m.259 views

CVE-2018-16876

ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.

5.3CVSS5AI score0.01032EPSS
CVE
CVE
added 2020/01/17 2:15 a.m.259 views

CVE-2019-17361

In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host.

9.8CVSS9.8AI score0.1468EPSS
CVE
CVE
added 2019/10/14 2:15 a.m.259 views

CVE-2019-17544

libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character.

9.1CVSS9AI score0.00344EPSS
CVE
CVE
added 2016/04/12 11:59 p.m.258 views

CVE-2016-2118

The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stre...

7.5CVSS7.2AI score0.78649EPSS
CVE
CVE
added 2018/03/14 6:29 p.m.258 views

CVE-2018-1000122

A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage

9.1CVSS7.6AI score0.02072EPSS
CVE
CVE
added 2018/10/25 8:29 p.m.258 views

CVE-2018-14665

A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root p...

7.2CVSS7AI score0.07312EPSS
CVE
CVE
added 2018/10/07 6:29 a.m.258 views

CVE-2018-18021

arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVM_SET_ON_REG ioctl. This is exploitable by attackers who can create virtual machines. An attacker can arbitrarily redirect the hypervisor flow of control (with full register control). An attacker...

7.1CVSS5.8AI score0.0009EPSS
CVE
CVE
added 2018/12/02 10:29 a.m.258 views

CVE-2018-19787

An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-3...

6.1CVSS6.1AI score0.08192EPSS
Web
CVE
CVE
added 2019/05/29 5:29 p.m.258 views

CVE-2019-12447

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used.

7.3CVSS7AI score0.00558EPSS
CVE
CVE
added 2019/10/03 7:15 p.m.258 views

CVE-2019-16866

Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.

7.5CVSS7.2AI score0.01248EPSS
CVE
CVE
added 2019/02/06 8:29 p.m.258 views

CVE-2019-3823

libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to smtp_endofresp() isn't NUL terminated and contains no character ending the parsed number, and len is set to 5, then the strtol() call ...

7.5CVSS8.5AI score0.01581EPSS
CVE
CVE
added 2020/05/15 5:15 p.m.258 views

CVE-2020-11523

libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow.

6.6CVSS6.5AI score0.01244EPSS
CVE
CVE
added 2020/07/09 3:15 p.m.258 views

CVE-2020-12406

Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR

9.3CVSS8.3AI score0.00342EPSS
CVE
CVE
added 2017/08/10 4:29 p.m.257 views

CVE-2016-5018

In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.

9.1CVSS8.3AI score0.00907EPSS
Web
CVE
CVE
added 2018/07/18 1:29 p.m.257 views

CVE-2018-2767

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multi...

3.5CVSS3.6AI score0.00383EPSS
CVE
CVE
added 2019/05/29 5:29 p.m.257 views

CVE-2019-12449

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable.

5.7CVSS6AI score0.00558EPSS
CVE
CVE
added 2019/11/21 11:15 p.m.257 views

CVE-2019-19221

In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive.

5.5CVSS5.4AI score0.00069EPSS
CVE
CVE
added 2020/04/29 1:15 p.m.257 views

CVE-2020-11884

In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur.

7CVSS6.6AI score0.0011EPSS
CVE
CVE
added 2019/02/05 9:29 p.m.256 views

CVE-2018-18501

Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thu...

9.8CVSS8AI score0.02592EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.256 views

CVE-2018-2813

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to co...

4.3CVSS4.2AI score0.00269EPSS
CVE
CVE
added 2020/06/26 3:15 p.m.256 views

CVE-2020-10753

A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the C...

6.5CVSS6.5AI score0.00316EPSS
CVE
CVE
added 2020/04/02 3:15 p.m.256 views

CVE-2020-11100

In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.

8.8CVSS8.7AI score0.01612EPSS
CVE
CVE
added 2020/05/15 5:15 p.m.256 views

CVE-2020-11526

libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read.

3.5CVSS5.1AI score0.00212EPSS
CVE
CVE
added 2020/05/28 3:15 p.m.256 views

CVE-2020-13362

In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user.

3.2CVSS4.7AI score0.00103EPSS
CVE
CVE
added 2020/09/15 7:15 p.m.256 views

CVE-2020-14361

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

7.8CVSS7.9AI score0.00103EPSS
CVE
CVE
added 2022/09/21 8:15 a.m.256 views

CVE-2022-41222

mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move.

7CVSS6.7AI score0.00014EPSS
CVE
CVE
added 2013/08/18 2:52 a.m.255 views

CVE-2013-4248

The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL se...

4.3CVSS6.1AI score0.04993EPSS
CVE
CVE
added 2019/01/03 4:29 p.m.255 views

CVE-2018-16882

A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled. In nested_get_vmcs12_pages(), in case of an error while processing posted interrupt address, it unmaps the 'pi_desc_page' without resetting 'pi_desc' ...

8.8CVSS8.1AI score0.00111EPSS
CVE
CVE
added 2018/04/17 8:29 p.m.255 views

CVE-2018-6913

Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.

9.8CVSS8AI score0.05812EPSS
CVE
CVE
added 2020/05/15 5:15 p.m.255 views

CVE-2020-11522

libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of-bounds Read.

6.5CVSS6.6AI score0.00912EPSS
CVE
CVE
added 2020/05/15 5:15 p.m.255 views

CVE-2020-11525

libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read.

3.5CVSS5.1AI score0.01935EPSS
Total number of security vulnerabilities4105