Lucene search

K
CanonicalUbuntu Linux12.04

1413 matches found

CVE
CVE
added 2019/06/07 6:29 p.m.866 views

CVE-2019-10160

A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. Wh...

9.8CVSS9.7AI score0.05634EPSS
CVE
CVE
added 2015/04/01 2:0 a.m.846 views

CVE-2015-2808

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic tha...

5CVSS4.8AI score0.4884EPSS
CVE
CVE
added 2020/05/19 2:15 p.m.833 views

CVE-2020-8617

Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration doe...

7.5CVSS7.2AI score0.9247EPSS
CVE
CVE
added 2019/07/11 7:15 p.m.829 views

CVE-2019-12525

An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends wi...

9.8CVSS9.2AI score0.55249EPSS
CVE
CVE
added 2014/04/15 10:55 a.m.828 views

CVE-2013-5704

The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."

5CVSS5.7AI score0.8475EPSS
CVE
CVE
added 2019/03/09 12:29 a.m.815 views

CVE-2019-9638

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.

7.5CVSS8.3AI score0.17682EPSS
CVE
CVE
added 2019/03/09 12:29 a.m.806 views

CVE-2019-9639

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.

7.5CVSS8.3AI score0.19933EPSS
CVE
CVE
added 2020/04/01 4:15 a.m.800 views

CVE-2020-7064

In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.

6.5CVSS6.8AI score0.03132EPSS
CVE
CVE
added 2020/09/27 4:15 a.m.776 views

CVE-2020-26116

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.

7.2CVSS7.3AI score0.00471EPSS
CVE
CVE
added 2020/03/12 7:15 p.m.762 views

CVE-2020-10531

An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.

8.8CVSS8.7AI score0.0064EPSS
CVE
CVE
added 2018/08/26 4:29 p.m.735 views

CVE-2011-2767

mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permittin...

10CVSS9.5AI score0.06221EPSS
CVE
CVE
added 2013/03/15 9:55 p.m.729 views

CVE-2013-2566

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.

5.9CVSS5.7AI score0.93028EPSS
CVE
CVE
added 2018/05/22 12:29 p.m.724 views

CVE-2018-3639

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store ...

5.5CVSS5.9AI score0.46737EPSS
CVE
CVE
added 2019/08/09 8:15 p.m.713 views

CVE-2019-11042

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to informatio...

7.1CVSS7.2AI score0.0329EPSS
CVE
CVE
added 2019/06/19 12:15 a.m.712 views

CVE-2019-11477

Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182...

7.8CVSS7.5AI score0.76442EPSS
CVE
CVE
added 2019/01/16 8:29 p.m.706 views

CVE-2018-5740

"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to...

7.5CVSS7.6AI score0.69522EPSS
CVE
CVE
added 2019/08/09 8:15 p.m.694 views

CVE-2019-11041

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to informatio...

7.1CVSS7.2AI score0.02817EPSS
CVE
CVE
added 2014/12/15 6:59 p.m.673 views

CVE-2014-3583

The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers.

5CVSS8AI score0.19785EPSS
CVE
CVE
added 2019/12/23 3:15 a.m.666 views

CVE-2019-11047

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure...

6.5CVSS7AI score0.03174EPSS
CVE
CVE
added 2016/05/05 1:59 a.m.664 views

CVE-2016-2107

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exi...

5.9CVSS6.9AI score0.82039EPSS
CVE
CVE
added 2015/03/08 2:59 a.m.659 views

CVE-2015-0228

The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.

5CVSS8.8AI score0.14678EPSS
CVE
CVE
added 2016/04/21 11:0 a.m.658 views

CVE-2016-3427

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.

10CVSS6.8AI score0.93626EPSS
CVE
CVE
added 2018/09/06 9:29 p.m.636 views

CVE-2018-5391

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation hav...

7.8CVSS7.7AI score0.01732EPSS
CVE
CVE
added 2020/08/21 9:15 p.m.632 views

CVE-2020-8622

In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated respons...

6.5CVSS7.2AI score0.00345EPSS
CVE
CVE
added 2019/09/06 6:15 p.m.617 views

CVE-2019-16056

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers ...

7.5CVSS6.7AI score0.00829EPSS
CVE
CVE
added 2019/12/23 3:15 a.m.616 views

CVE-2019-11045

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.

5.9CVSS7AI score0.49924EPSS
CVE
CVE
added 2019/12/23 3:15 a.m.610 views

CVE-2019-11050

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure...

6.5CVSS7.1AI score0.02611EPSS
CVE
CVE
added 2019/10/17 6:15 p.m.592 views

CVE-2019-14287

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo...

9CVSS8.7AI score0.84563EPSS
CVE
CVE
added 2017/10/04 1:29 a.m.577 views

CVE-2017-14491

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

9.8CVSS9.1AI score0.52378EPSS
CVE
CVE
added 2019/10/21 5:15 a.m.576 views

CVE-2019-18218

cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).

7.8CVSS8AI score0.00216EPSS
CVE
CVE
added 2020/01/21 11:15 p.m.576 views

CVE-2020-7595

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

7.5CVSS7.6AI score0.00482EPSS
CVE
CVE
added 2018/09/25 12:29 a.m.568 views

CVE-2018-14647

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming la...

7.5CVSS7.5AI score0.01615EPSS
CVE
CVE
added 2018/04/29 9:29 p.m.558 views

CVE-2018-10545

An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensit...

4.7CVSS5.5AI score0.00073EPSS
CVE
CVE
added 2019/06/19 12:15 a.m.558 views

CVE-2019-11478

Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kerne...

7.5CVSS6.4AI score0.27962EPSS
CVE
CVE
added 2019/09/09 5:15 p.m.557 views

CVE-2019-16168

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."

6.5CVSS7AI score0.00944EPSS
CVE
CVE
added 2019/02/22 11:29 p.m.554 views

CVE-2019-9022

An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parse...

7.5CVSS8.3AI score0.07129EPSS
CVE
CVE
added 2019/09/17 4:15 p.m.552 views

CVE-2019-14835

A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migratio...

7.8CVSS8.3AI score0.00025EPSS
CVE
CVE
added 2020/02/27 9:15 p.m.551 views

CVE-2020-7062

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that doe...

7.5CVSS8.4AI score0.01155EPSS
CVE
CVE
added 2019/05/03 8:29 p.m.548 views

CVE-2019-11036

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.

9.1CVSS7AI score0.01451EPSS
CVE
CVE
added 2018/03/13 4:29 p.m.544 views

CVE-2018-1050

All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.

4.3CVSS6.2AI score0.2411EPSS
CVE
CVE
added 2018/04/29 9:29 p.m.536 views

CVE-2018-10547

An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomple...

6.1CVSS7.2AI score0.89192EPSS
CVE
CVE
added 2018/04/06 1:29 p.m.527 views

CVE-2018-1000156

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE...

7.8CVSS7.8AI score0.43395EPSS
CVE
CVE
added 2014/05/07 10:55 a.m.526 views

CVE-2014-0196

The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition in...

6.9CVSS6.3AI score0.5836EPSS
CVE
CVE
added 2019/07/26 1:15 p.m.525 views

CVE-2019-13565

An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. Af...

7.5CVSS7.4AI score0.04369EPSS
CVE
CVE
added 2020/05/09 6:15 p.m.518 views

CVE-2020-12762

json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.

7.8CVSS8AI score0.0017EPSS
CVE
CVE
added 2019/07/26 1:15 p.m.507 views

CVE-2019-13057

An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization...

4.9CVSS5.9AI score0.00844EPSS
CVE
CVE
added 2016/03/09 11:59 p.m.502 views

CVE-2016-1286

named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.

8.6CVSS8.2AI score0.71553EPSS
CVE
CVE
added 2018/01/03 6:29 a.m.500 views

CVE-2017-18017

The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in a...

10CVSS9.5AI score0.38093EPSS
CVE
CVE
added 2018/12/07 9:29 p.m.499 views

CVE-2018-18311

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

9.8CVSS9.6AI score0.12153EPSS
CVE
CVE
added 2019/02/15 3:29 p.m.498 views

CVE-2019-6974

In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.

8.1CVSS7.7AI score0.08376EPSS
Total number of security vulnerabilities1413