Lucene search

K
CanonicalUbuntu Linux16.04

2225 matches found

CVE
CVE
added 2018/01/04 1:29 p.m.1310 views

CVE-2017-5715

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

5.6CVSS6.2AI score0.91016EPSS
CVE
CVE
added 2020/04/30 5:15 p.m.1288 views

CVE-2020-11652

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.

6.5CVSS7.8AI score0.93939EPSS
CVE
CVE
added 2019/02/22 11:29 p.m.1281 views

CVE-2019-9021

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the fil...

9.8CVSS8.5AI score0.33234EPSS
CVE
CVE
added 2020/07/22 5:15 p.m.1275 views

CVE-2020-6514

Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream.

6.5CVSS7.3AI score0.11514EPSS
CVE
CVE
added 2019/02/22 11:29 p.m.1266 views

CVE-2019-9024

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c.

7.5CVSS8.3AI score0.16399EPSS
CVE
CVE
added 2024/01/08 6:15 p.m.1238 views

CVE-2022-3328

Race condition in snap-confine's must_mkdir_and_open_with_perms()

7.8CVSS6.6AI score0.0011EPSS
CVE
CVE
added 2020/10/02 3:15 p.m.1197 views

CVE-2020-7070

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being...

5.3CVSS6.5AI score0.22886EPSS
CVE
CVE
added 2020/03/02 5:15 a.m.1170 views

CVE-2019-17026

Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1.

8.8CVSS8.1AI score0.42007EPSS
CVE
CVE
added 2019/12/23 5:15 p.m.1134 views

CVE-2019-17563

When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this...

7.5CVSS7.7AI score0.04359EPSS
CVE
CVE
added 2020/02/04 3:15 p.m.1120 views

CVE-2019-9674

Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.

7.5CVSS7.1AI score0.0123EPSS
CVE
CVE
added 2019/02/22 11:29 p.m.1114 views

CVE-2019-9023

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regco...

9.8CVSS8.5AI score0.19063EPSS
CVE
CVE
added 2018/03/26 3:29 p.m.1101 views

CVE-2018-1301

A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level)...

5.9CVSS7.5AI score0.07833EPSS
CVE
CVE
added 2019/01/30 10:29 p.m.1091 views

CVE-2018-17189

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.

5.3CVSS6.1AI score0.04923EPSS
CVE
CVE
added 2018/03/26 3:29 p.m.1084 views

CVE-2018-1303

A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considere...

7.5CVSS7.3AI score0.31173EPSS
CVE
CVE
added 2019/03/08 9:29 p.m.1075 views

CVE-2019-9636

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse...

9.8CVSS9.4AI score0.05634EPSS
CVE
CVE
added 2019/06/19 11:15 p.m.1049 views

CVE-2019-12900

BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.

9.8CVSS9.6AI score0.01127EPSS
CVE
CVE
added 2016/05/05 6:59 p.m.1033 views

CVE-2016-3715

The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.

5.8CVSS6.3AI score0.89383EPSS
CVE
CVE
added 2016/05/05 6:59 p.m.1029 views

CVE-2016-3718

The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.

5.5CVSS6.7AI score0.87335EPSS
CVE
CVE
added 2018/01/04 1:29 p.m.1018 views

CVE-2017-5753

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

5.6CVSS6.1AI score0.94332EPSS
CVE
CVE
added 2017/09/07 6:29 a.m.1016 views

CVE-2017-14174

In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "length" field in the header but does not contain sufficient backing data, is provided, the loop ove...

7.1CVSS6.2AI score0.00646EPSS
CVE
CVE
added 2016/03/29 10:59 a.m.975 views

CVE-2016-1646

The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted ...

9.3CVSS8.7AI score0.69769EPSS
CVE
CVE
added 2017/04/06 9:59 p.m.963 views

CVE-2016-8735

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency wit...

9.8CVSS8AI score0.94003EPSS
CVE
CVE
added 2020/04/01 4:15 a.m.961 views

CVE-2020-7065

In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.

8.8CVSS8.2AI score0.05019EPSS
CVE
CVE
added 2022/02/21 3:15 p.m.957 views

CVE-2021-44142

The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and w...

9CVSS8.9AI score0.28831EPSS
CVE
CVE
added 2020/04/23 3:15 p.m.954 views

CVE-2020-11945

An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if...

9.8CVSS9.7AI score0.32932EPSS
CVE
CVE
added 2020/06/15 2:15 p.m.939 views

CVE-2020-0543

Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

5.5CVSS6.3AI score0.00533EPSS
CVE
CVE
added 2022/03/04 7:15 p.m.937 views

CVE-2021-3737

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.

7.5CVSS7.6AI score0.00128EPSS
CVE
CVE
added 2019/03/23 6:29 p.m.927 views

CVE-2019-9948

urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.

9.1CVSS9.4AI score0.01166EPSS
CVE
CVE
added 2019/01/27 2:29 a.m.913 views

CVE-2019-6977

gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to tri...

8.8CVSS8.6AI score0.89145EPSS
CVE
CVE
added 2019/12/23 6:15 p.m.889 views

CVE-2019-12418

When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user na...

7CVSS7.2AI score0.00556EPSS
CVE
CVE
added 2019/03/09 12:29 a.m.888 views

CVE-2019-9637

An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to a...

7.5CVSS8.3AI score0.12457EPSS
CVE
CVE
added 2020/07/14 3:15 p.m.872 views

CVE-2020-13935

The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of se...

7.5CVSS7.5AI score0.92195EPSS
CVE
CVE
added 2019/06/07 6:29 p.m.866 views

CVE-2019-10160

A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. Wh...

9.8CVSS9.7AI score0.05634EPSS
CVE
CVE
added 2017/05/23 4:29 a.m.855 views

CVE-2016-9843

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

9.8CVSS9.9AI score0.09233EPSS
CVE
CVE
added 2020/05/19 2:15 p.m.833 views

CVE-2020-8617

Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration doe...

7.5CVSS7.2AI score0.9247EPSS
CVE
CVE
added 2019/07/11 7:15 p.m.829 views

CVE-2019-12525

An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends wi...

9.8CVSS9.2AI score0.55249EPSS
CVE
CVE
added 2019/11/20 6:15 p.m.824 views

CVE-2019-3466

The pg_ctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation.

7.8CVSS7.4AI score0.00131EPSS
CVE
CVE
added 2019/03/09 12:29 a.m.815 views

CVE-2019-9638

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.

7.5CVSS8.3AI score0.17682EPSS
CVE
CVE
added 2019/03/09 12:29 a.m.806 views

CVE-2019-9639

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.

7.5CVSS8.3AI score0.18274EPSS
CVE
CVE
added 2020/04/01 4:15 a.m.800 views

CVE-2020-7064

In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.

6.5CVSS6.8AI score0.03132EPSS
CVE
CVE
added 2017/10/03 1:29 a.m.785 views

CVE-2017-14496

Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.

7.8CVSS8.1AI score0.15737EPSS
CVE
CVE
added 2020/02/04 8:15 p.m.784 views

CVE-2020-8450

An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.

7.5CVSS7.5AI score0.39735EPSS
CVE
CVE
added 2019/02/27 11:29 p.m.778 views

CVE-2019-1559

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is receiv...

5.9CVSS6.3AI score0.04426EPSS
CVE
CVE
added 2020/09/27 4:15 a.m.776 views

CVE-2020-26116

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.

7.2CVSS7.3AI score0.00471EPSS
CVE
CVE
added 2020/03/12 7:15 p.m.762 views

CVE-2020-10531

An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.

8.8CVSS8.7AI score0.0064EPSS
CVE
CVE
added 2018/05/16 4:29 p.m.757 views

CVE-2018-8014

The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their e...

9.8CVSS8.6AI score0.53868EPSS
CVE
CVE
added 2019/09/20 7:15 p.m.744 views

CVE-2019-14816

There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.

7.8CVSS9.1AI score0.00289EPSS
CVE
CVE
added 2017/10/03 1:29 a.m.742 views

CVE-2017-14493

Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.

9.8CVSS9AI score0.05615EPSS
CVE
CVE
added 2019/08/13 9:15 p.m.739 views

CVE-2019-9514

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STR...

7.8CVSS7.9AI score0.10058EPSS
CVE
CVE
added 2018/08/26 4:29 p.m.735 views

CVE-2011-2767

mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permittin...

10CVSS9.5AI score0.06221EPSS
Total number of security vulnerabilities2225