Lucene search

K
CanonicalUbuntu Linux

4105 matches found

CVE
CVE
added 2012/11/04 10:55 p.m.434 views

CVE-2012-5783

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle at...

5.8CVSS6.8AI score0.00649EPSS
CVE
CVE
added 2019/06/11 5:29 p.m.432 views

CVE-2019-12749

dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus...

7.1CVSS6.3AI score0.00041EPSS
CVE
CVE
added 2019/04/25 3:29 p.m.431 views

CVE-2019-3900

An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to st...

7.7CVSS8.4AI score0.00112EPSS
CVE
CVE
added 2020/09/13 6:15 p.m.431 views

CVE-2020-25285

A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.

6.4CVSS7AI score0.00086EPSS
CVE
CVE
added 2017/08/07 5:29 p.m.430 views

CVE-2011-5325

Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.

7.5CVSS8.2AI score0.05799EPSS
In wild
CVE
CVE
added 2018/01/18 2:29 a.m.430 views

CVE-2018-2612

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server....

7.5CVSS6.3AI score0.0027EPSS
CVE
CVE
added 2016/03/09 11:59 p.m.429 views

CVE-2016-1285

named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interfa...

6.8CVSS7.2AI score0.67839EPSS
CVE
CVE
added 2018/10/08 3:29 p.m.429 views

CVE-2018-1000805

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.

8.8CVSS8.5AI score0.00417EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.429 views

CVE-2018-3183

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network ...

9CVSS8.8AI score0.00289EPSS
CVE
CVE
added 2019/01/16 7:30 p.m.428 views

CVE-2019-2481

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocol...

4.9CVSS4.8AI score0.00113EPSS
CVE
CVE
added 2020/04/21 7:15 p.m.428 views

CVE-2020-11008

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where some credential is leaked (but...

7.5CVSS6.5AI score0.27363EPSS
CVE
CVE
added 2018/04/16 6:29 p.m.427 views

CVE-2018-0737

The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). ...

5.9CVSS6.7AI score0.28585EPSS
CVE
CVE
added 2019/06/14 2:29 p.m.427 views

CVE-2019-10126

A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences.

9.8CVSS9.8AI score0.00841EPSS
CVE
CVE
added 2021/03/20 10:15 p.m.427 views

CVE-2020-27171

An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information f...

6CVSS6.6AI score0.00192EPSS
CVE
CVE
added 2019/03/22 8:29 a.m.426 views

CVE-2019-9924

rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.

7.8CVSS7.8AI score0.002EPSS
CVE
CVE
added 2020/09/15 10:15 a.m.426 views

CVE-2020-8927

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli libr...

6.5CVSS6.6AI score0.00388EPSS
CVE
CVE
added 2019/08/19 10:15 p.m.423 views

CVE-2019-15221

An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver.

4.9CVSS6AI score0.0015EPSS
CVE
CVE
added 2020/05/24 10:15 p.m.423 views

CVE-2020-13434

SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.

5.5CVSS6.8AI score0.0005EPSS
CVE
CVE
added 2019/10/01 2:15 p.m.422 views

CVE-2019-17055

base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.

3.3CVSS6.5AI score0.00091EPSS
CVE
CVE
added 2019/05/29 5:29 p.m.421 views

CVE-2019-12450

file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.

9.8CVSS6.8AI score0.00802EPSS
CVE
CVE
added 2018/10/03 10:29 p.m.420 views

CVE-2018-17972

An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents.

5.5CVSS6.2AI score0.00054EPSS
CVE
CVE
added 2018/07/18 1:29 p.m.420 views

CVE-2018-3081

Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via...

5CVSS5.2AI score0.00106EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.419 views

CVE-2018-3133

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via mul...

6.5CVSS6.3AI score0.00551EPSS
CVE
CVE
added 2019/11/26 5:15 p.m.419 views

CVE-2019-12523

An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers, e...

9.1CVSS9.1AI score0.00622EPSS
CVE
CVE
added 2019/10/03 7:15 p.m.419 views

CVE-2019-15165

sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.

5.3CVSS6.2AI score0.00822EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.419 views

CVE-2020-14556

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple p...

5.8CVSS4.9AI score0.00397EPSS
CVE
CVE
added 2014/10/10 10:55 a.m.418 views

CVE-2014-3581

The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header.

5CVSS6.2AI score0.02942EPSS
CVE
CVE
added 2016/12/09 8:59 p.m.418 views

CVE-2016-9014

Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.

8.1CVSS8.6AI score0.04886EPSS
CVE
CVE
added 2020/01/21 6:15 a.m.418 views

CVE-2019-20386

An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.

5.1CVSS5.1AI score0.00169EPSS
CVE
CVE
added 2019/12/23 7:15 p.m.418 views

CVE-2019-5108

An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-...

7.4CVSS6.7AI score0.00569EPSS
CVE
CVE
added 2019/03/09 12:29 a.m.418 views

CVE-2019-9640

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.

7.5CVSS8.4AI score0.09303EPSS
CVE
CVE
added 2020/05/14 4:15 p.m.417 views

CVE-2020-1945

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tr...

6.3CVSS6.8AI score0.00021EPSS
CVE
CVE
added 2019/02/06 8:29 p.m.416 views

CVE-2019-3822

libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()), generates the request HTTP header contents based on previously received data. The check that ...

9.8CVSS9.3AI score0.24561EPSS
CVE
CVE
added 2021/06/04 2:15 a.m.416 views

CVE-2021-3490

The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e ("bpf: Fix ...

7.8CVSS8.1AI score0.03793EPSS
CVE
CVE
added 2024/01/08 6:15 p.m.416 views

CVE-2022-2586

It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.

7.8CVSS7.7AI score0.01537EPSS
In wild
CVE
CVE
added 2023/03/22 9:15 p.m.416 views

CVE-2023-0386

A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate ...

7.8CVSS7.4AI score0.58895EPSS
In wild
CVE
CVE
added 2019/03/21 4:0 p.m.415 views

CVE-2018-20669

An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resultin...

7.8CVSS7.2AI score0.00096EPSS
CVE
CVE
added 2019/09/04 9:15 p.m.415 views

CVE-2019-15926

An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c.

9.4CVSS8.6AI score0.03934EPSS
CVE
CVE
added 2020/02/12 3:15 p.m.415 views

CVE-2019-19921

runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not...

7CVSS7AI score0.00244EPSS
CVE
CVE
added 2022/01/20 6:15 p.m.415 views

CVE-2021-45417

AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.

7.8CVSS7.5AI score0.00039EPSS
CVE
CVE
added 2018/09/25 9:29 p.m.414 views

CVE-2018-14634

An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerab...

7.8CVSS7.3AI score0.03758EPSS
CVE
CVE
added 2018/08/02 7:29 p.m.414 views

CVE-2018-14851

exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.

5.5CVSS5.9AI score0.00413EPSS
CVE
CVE
added 2019/01/16 7:30 p.m.414 views

CVE-2019-2534

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protoco...

7.1CVSS6.4AI score0.00246EPSS
CVE
CVE
added 2019/09/06 10:15 p.m.414 views

CVE-2019-9453

In the Android kernel in F2FS touch driver there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.

4.4CVSS4.5AI score0.00207EPSS
CVE
CVE
added 2016/12/09 8:59 p.m.412 views

CVE-2016-9013

Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually s...

9.8CVSS9AI score0.02723EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.412 views

CVE-2018-3156

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to comprom...

6.5CVSS6.9AI score0.00261EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.412 views

CVE-2018-3251

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to comprom...

6.5CVSS6.9AI score0.00341EPSS
CVE
CVE
added 2020/01/15 5:15 p.m.412 views

CVE-2020-2579

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to c...

6.5CVSS6.1AI score0.00637EPSS
CVE
CVE
added 2019/09/03 3:15 p.m.411 views

CVE-2019-10197

A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories ...

9.1CVSS7.5AI score0.0479EPSS
CVE
CVE
added 2020/01/08 10:15 p.m.411 views

CVE-2019-17023

After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox

6.5CVSS6.9AI score0.00596EPSS
Total number of security vulnerabilities4105