Lucene search

K
CanonicalUbuntu Linux

4105 matches found

CVE
CVE
added 2020/06/09 1:15 p.m.480 views

CVE-2020-10757

A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.

7.8CVSS7.5AI score0.00569EPSS
CVE
CVE
added 2020/09/15 8:15 p.m.480 views

CVE-2020-14314

A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system a...

5.5CVSS5.9AI score0.00012EPSS
CVE
CVE
added 2022/03/03 11:15 p.m.480 views

CVE-2021-3640

A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. ...

7CVSS7.1AI score0.00005EPSS
CVE
CVE
added 2019/06/24 5:15 p.m.478 views

CVE-2018-20843

In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).

7.8CVSS7.5AI score0.05817EPSS
CVE
CVE
added 2019/01/11 2:29 p.m.478 views

CVE-2019-6133

In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.

6.7CVSS6.2AI score0.00014EPSS
CVE
CVE
added 2018/02/13 7:29 p.m.477 views

CVE-2018-6951

An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue.

7.5CVSS7.1AI score0.13407EPSS
CVE
CVE
added 2021/03/07 5:15 a.m.477 views

CVE-2021-27364

An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages.

7.1CVSS7AI score0.00041EPSS
CVE
CVE
added 2018/04/29 9:29 p.m.476 views

CVE-2018-10548

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value.

7.5CVSS6.2AI score0.54396EPSS
CVE
CVE
added 2019/08/14 5:15 p.m.476 views

CVE-2019-9506

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary cipher...

8.1CVSS8.4AI score0.03146EPSS
CVE
CVE
added 2019/04/23 10:29 p.m.472 views

CVE-2019-11487

The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/h...

7.8CVSS8AI score0.00059EPSS
CVE
CVE
added 2019/07/10 2:15 p.m.471 views

CVE-2019-13224

A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte...

9.8CVSS9.9AI score0.00634EPSS
CVE
CVE
added 2019/06/27 5:15 p.m.471 views

CVE-2019-5827

Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.6AI score0.03704EPSS
CVE
CVE
added 2020/04/09 3:15 a.m.471 views

CVE-2020-11655

SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.

7.5CVSS7.9AI score0.02825EPSS
CVE
CVE
added 2019/05/07 2:29 p.m.470 views

CVE-2018-20836

An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.

9.3CVSS7.5AI score0.0199EPSS
CVE
CVE
added 2018/03/01 7:29 p.m.470 views

CVE-2018-7584

In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string.

9.8CVSS8AI score0.75773EPSS
CVE
CVE
added 2015/02/24 1:59 a.m.468 views

CVE-2015-0240

The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets th...

10CVSS8.3AI score0.92168EPSS
CVE
CVE
added 2018/05/08 6:29 p.m.468 views

CVE-2018-8897

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated...

7.8CVSS6.8AI score0.2321EPSS
CVE
CVE
added 2018/07/18 1:29 p.m.466 views

CVE-2018-3060

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server....

6.5CVSS6.3AI score0.00136EPSS
CVE
CVE
added 2019/05/07 2:29 p.m.466 views

CVE-2019-11810

An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.

7.8CVSS7.2AI score0.01703EPSS
CVE
CVE
added 2019/03/21 4:1 p.m.466 views

CVE-2019-7221

The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.

7.8CVSS7.5AI score0.00062EPSS
CVE
CVE
added 2020/08/24 6:15 p.m.465 views

CVE-2020-24606

Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestH...

8.6CVSS7.3AI score0.0417EPSS
CVE
CVE
added 2020/05/01 7:15 p.m.464 views

CVE-2020-10683

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.

9.8CVSS9.2AI score0.02443EPSS
CVE
CVE
added 2018/12/06 2:29 p.m.462 views

CVE-2018-9568

In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509...

7.8CVSS7.9AI score0.00468EPSS
CVE
CVE
added 2019/04/18 5:29 p.m.462 views

CVE-2019-11034

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.

9.1CVSS7AI score0.01858EPSS
CVE
CVE
added 2019/07/15 3:15 p.m.461 views

CVE-2019-1010305

libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit 2f08413...

5.5CVSS5.5AI score0.00465EPSS
CVE
CVE
added 2020/08/21 9:15 p.m.461 views

CVE-2020-8623

In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be ...

7.5CVSS7.6AI score0.02727EPSS
CVE
CVE
added 2017/05/23 4:29 a.m.459 views

CVE-2016-9842

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.

8.8CVSS9.5AI score0.06254EPSS
CVE
CVE
added 2017/11/27 10:29 p.m.459 views

CVE-2017-15275

Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.

7.5CVSS8.4AI score0.44715EPSS
CVE
CVE
added 2018/08/06 8:29 p.m.457 views

CVE-2018-5390

Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.

7.8CVSS7.5AI score0.06594EPSS
CVE
CVE
added 2019/09/12 8:15 p.m.457 views

CVE-2019-16275

hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a cra...

6.5CVSS6.3AI score0.00635EPSS
CVE
CVE
added 2019/05/23 8:29 p.m.457 views

CVE-2019-5798

Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

6.5CVSS6.6AI score0.00715EPSS
CVE
CVE
added 2008/05/13 5:20 p.m.455 views

CVE-2008-0166

OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.

7.8CVSS6.3AI score0.04113EPSS
CVE
CVE
added 2012/11/04 10:55 p.m.455 views

CVE-2012-5783

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle at...

5.8CVSS6.8AI score0.00649EPSS
CVE
CVE
added 2019/12/10 11:15 p.m.455 views

CVE-2019-14870

All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authen...

6.4CVSS5.7AI score0.02491EPSS
CVE
CVE
added 2018/10/29 12:29 p.m.453 views

CVE-2018-18751

An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.

9.8CVSS9.2AI score0.00553EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.452 views

CVE-2018-3183

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network ...

9CVSS8.8AI score0.00221EPSS
CVE
CVE
added 2020/04/28 7:15 p.m.452 views

CVE-2020-12243

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).

7.5CVSS7.4AI score0.05015EPSS
CVE
CVE
added 2020/09/15 10:15 p.m.452 views

CVE-2020-14385

A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is rem...

5.5CVSS5.8AI score0.00038EPSS
CVE
CVE
added 2019/12/24 4:15 p.m.449 views

CVE-2019-19956

xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.

7.5CVSS7.5AI score0.00155EPSS
CVE
CVE
added 2019/01/16 7:30 p.m.448 views

CVE-2019-2481

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocol...

4.9CVSS4.8AI score0.00113EPSS
CVE
CVE
added 2018/11/16 6:29 p.m.447 views

CVE-2018-16395

An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one char...

9.8CVSS7.2AI score0.05305EPSS
CVE
CVE
added 2020/08/24 1:15 p.m.447 views

CVE-2020-14350

It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects...

7.3CVSS7.2AI score0.00032EPSS
CVE
CVE
added 2020/09/13 6:15 p.m.447 views

CVE-2020-25285

A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.

6.4CVSS7AI score0.00086EPSS
CVE
CVE
added 2019/04/18 5:29 p.m.446 views

CVE-2019-11035

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash.

9.1CVSS7AI score0.02016EPSS
CVE
CVE
added 2020/04/14 11:15 p.m.445 views

CVE-2020-5260

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Sp...

9.3CVSS7.2AI score0.27363EPSS
Web
CVE
CVE
added 2018/06/19 12:29 p.m.443 views

CVE-2018-1061

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.

7.5CVSS7.4AI score0.01098EPSS
CVE
CVE
added 2018/08/21 7:29 p.m.443 views

CVE-2018-10902

It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possi...

7.8CVSS6.3AI score0.00083EPSS
CVE
CVE
added 2018/12/12 10:29 a.m.443 views

CVE-2018-18397

The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/u...

5.5CVSS5.8AI score0.0007EPSS
CVE
CVE
added 2021/03/20 10:15 p.m.443 views

CVE-2020-27171

An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information f...

6CVSS6.6AI score0.00192EPSS
CVE
CVE
added 2018/07/18 1:29 p.m.441 views

CVE-2018-3081

Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via...

5CVSS5.2AI score0.0012EPSS
Total number of security vulnerabilities4105