Lucene search

K
CanonicalUbuntu Linux16.04

2225 matches found

CVE
CVE
added 2019/07/16 5:15 p.m.433 views

CVE-2019-13616

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.

8.1CVSS8.5AI score0.04196EPSS
CVE
CVE
added 2019/08/23 6:15 a.m.433 views

CVE-2019-15505

drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir).

10CVSS9AI score0.00518EPSS
CVE
CVE
added 2018/12/12 10:29 a.m.432 views

CVE-2018-18397

The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/u...

5.5CVSS5.8AI score0.0007EPSS
CVE
CVE
added 2018/08/21 7:29 p.m.431 views

CVE-2018-10902

It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possi...

7.8CVSS6.3AI score0.00079EPSS
CVE
CVE
added 2020/04/14 11:15 p.m.431 views

CVE-2020-5260

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Sp...

9.3CVSS7.2AI score0.27363EPSS
CVE
CVE
added 2023/07/24 4:15 p.m.431 views

CVE-2023-3567

A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.

7.1CVSS7AI score0.00008EPSS
CVE
CVE
added 2019/12/24 4:15 p.m.430 views

CVE-2019-19956

xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.

7.5CVSS7.5AI score0.00212EPSS
CVE
CVE
added 2020/08/24 1:15 p.m.430 views

CVE-2020-14350

It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects...

7.3CVSS7.2AI score0.00031EPSS
CVE
CVE
added 2018/06/19 12:29 p.m.428 views

CVE-2018-1061

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.

7.5CVSS7.4AI score0.01399EPSS
CVE
CVE
added 2019/04/18 5:29 p.m.426 views

CVE-2019-11035

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash.

9.1CVSS7AI score0.03587EPSS
CVE
CVE
added 2022/03/03 11:15 p.m.426 views

CVE-2021-3640

A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. ...

7CVSS7.1AI score0.00005EPSS
CVE
CVE
added 2018/01/18 2:29 a.m.424 views

CVE-2018-2612

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server....

7.5CVSS6.3AI score0.00227EPSS
CVE
CVE
added 2018/10/08 3:29 p.m.423 views

CVE-2018-1000805

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.

8.8CVSS8.5AI score0.00361EPSS
CVE
CVE
added 2020/03/04 3:15 p.m.423 views

CVE-2020-10029

The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee7...

5.5CVSS6.4AI score0.00044EPSS
CVE
CVE
added 2020/04/21 7:15 p.m.423 views

CVE-2020-11008

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where some credential is leaked (but...

7.5CVSS6.5AI score0.27363EPSS
CVE
CVE
added 2019/06/11 5:29 p.m.420 views

CVE-2019-12749

dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus...

7.1CVSS6.3AI score0.00037EPSS
CVE
CVE
added 2019/04/25 3:29 p.m.418 views

CVE-2019-3900

An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to st...

7.7CVSS8.4AI score0.00118EPSS
CVE
CVE
added 2020/09/15 10:15 a.m.418 views

CVE-2020-8927

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli libr...

6.5CVSS6.6AI score0.00399EPSS
CVE
CVE
added 2016/12/09 8:59 p.m.416 views

CVE-2016-9014

Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.

8.1CVSS8.6AI score0.04886EPSS
CVE
CVE
added 2018/04/16 6:29 p.m.416 views

CVE-2018-0737

The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). ...

5.9CVSS6.7AI score0.31116EPSS
CVE
CVE
added 2020/05/24 10:15 p.m.416 views

CVE-2020-13434

SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.

5.5CVSS6.8AI score0.00062EPSS
CVE
CVE
added 2017/05/23 4:29 a.m.415 views

CVE-2016-9840

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

8.8CVSS9.6AI score0.10111EPSS
CVE
CVE
added 2019/10/03 7:15 p.m.415 views

CVE-2019-15165

sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.

5.3CVSS6.2AI score0.01322EPSS
CVE
CVE
added 2020/08/19 3:15 p.m.414 views

CVE-2020-14356

A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system.

7.8CVSS7.2AI score0.01012EPSS
CVE
CVE
added 2019/06/14 2:29 p.m.413 views

CVE-2019-10126

A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences.

9.8CVSS9.8AI score0.00873EPSS
CVE
CVE
added 2018/10/17 12:29 p.m.412 views

CVE-2018-10933

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.

9.1CVSS8.5AI score0.79855EPSS
CVE
CVE
added 2019/08/19 10:15 p.m.412 views

CVE-2019-15221

An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver.

4.9CVSS6AI score0.00157EPSS
CVE
CVE
added 2019/03/22 8:29 a.m.412 views

CVE-2019-9924

rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.

7.8CVSS7.8AI score0.002EPSS
CVE
CVE
added 2018/02/13 7:29 p.m.411 views

CVE-2018-6951

An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue.

7.5CVSS7.1AI score0.23554EPSS
CVE
CVE
added 2019/09/06 10:15 p.m.411 views

CVE-2019-9453

In the Android kernel in F2FS touch driver there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.

4.4CVSS4.5AI score0.00207EPSS
CVE
CVE
added 2016/12/09 8:59 p.m.410 views

CVE-2016-9013

Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually s...

9.8CVSS9AI score0.02723EPSS
CVE
CVE
added 2018/10/03 10:29 p.m.410 views

CVE-2018-17972

An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents.

5.5CVSS6.2AI score0.00055EPSS
CVE
CVE
added 2019/05/29 5:29 p.m.410 views

CVE-2019-12450

file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.

9.8CVSS6.8AI score0.00917EPSS
CVE
CVE
added 2019/11/26 5:15 p.m.410 views

CVE-2019-12523

An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers, e...

9.1CVSS9.1AI score0.00728EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.408 views

CVE-2018-3183

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network ...

9CVSS8.8AI score0.00226EPSS
CVE
CVE
added 2019/09/04 9:15 p.m.408 views

CVE-2019-15926

An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c.

9.4CVSS8.6AI score0.02919EPSS
CVE
CVE
added 2019/10/01 2:15 p.m.408 views

CVE-2019-17055

base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.

3.3CVSS6.5AI score0.00079EPSS
CVE
CVE
added 2020/04/09 3:15 a.m.408 views

CVE-2020-11655

SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.

7.5CVSS7.9AI score0.08565EPSS
CVE
CVE
added 2022/01/20 6:15 p.m.408 views

CVE-2021-45417

AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.

7.8CVSS7.5AI score0.00039EPSS
CVE
CVE
added 2020/01/21 6:15 a.m.407 views

CVE-2019-20386

An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.

5.1CVSS5.1AI score0.00082EPSS
CVE
CVE
added 2020/01/21 6:15 p.m.406 views

CVE-2019-14907

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authenti...

6.5CVSS6.5AI score0.05927EPSS
CVE
CVE
added 2019/02/06 8:29 p.m.405 views

CVE-2019-3822

libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()), generates the request HTTP header contents based on previously received data. The check that ...

9.8CVSS9.3AI score0.34384EPSS
CVE
CVE
added 2019/12/23 7:15 p.m.404 views

CVE-2019-5108

An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-...

7.4CVSS6.7AI score0.00676EPSS
CVE
CVE
added 2019/03/21 4:1 p.m.404 views

CVE-2019-6454

An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message t...

5.5CVSS5.5AI score0.00154EPSS
CVE
CVE
added 2019/03/09 12:29 a.m.403 views

CVE-2019-9640

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.

7.5CVSS8.4AI score0.1466EPSS
CVE
CVE
added 2021/03/20 10:15 p.m.403 views

CVE-2020-27171

An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information f...

6CVSS6.6AI score0.00162EPSS
CVE
CVE
added 2020/08/20 1:17 a.m.402 views

CVE-2020-15862

Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.

7.8CVSS7.9AI score0.00059EPSS
CVE
CVE
added 2020/09/13 6:15 p.m.402 views

CVE-2020-25285

A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.

6.4CVSS7AI score0.00084EPSS
CVE
CVE
added 2018/08/02 7:29 p.m.401 views

CVE-2018-14851

exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.

5.5CVSS5.9AI score0.00677EPSS
CVE
CVE
added 2018/07/18 1:29 p.m.399 views

CVE-2018-3060

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server....

6.5CVSS6.3AI score0.00126EPSS
Total number of security vulnerabilities2225