Lucene search

K
CanonicalUbuntu Linux18.04

1817 matches found

CVE
CVE
added 2019/09/25 3:15 p.m.377 views

CVE-2019-13627

It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.

6.3CVSS6.3AI score0.00037EPSS
CVE
CVE
added 2020/05/18 6:15 p.m.376 views

CVE-2020-13143

gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.

6.5CVSS6.5AI score0.01742EPSS
CVE
CVE
added 2018/07/18 1:29 p.m.375 views

CVE-2018-3081

Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via...

5CVSS5.2AI score0.00102EPSS
CVE
CVE
added 2020/02/12 3:15 p.m.375 views

CVE-2019-19921

runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not...

7CVSS7AI score0.00244EPSS
CVE
CVE
added 2019/08/16 12:15 a.m.374 views

CVE-2019-15090

An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is an out-of-bounds read.

6.7CVSS7.1AI score0.00094EPSS
CVE
CVE
added 2019/11/26 5:15 p.m.374 views

CVE-2019-18679

An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information red...

7.5CVSS8.5AI score0.68491EPSS
CVE
CVE
added 2020/07/06 6:15 p.m.374 views

CVE-2020-14303

A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash.

7.5CVSS7.2AI score0.1872EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.372 views

CVE-2018-3133

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via mul...

6.5CVSS6.3AI score0.00399EPSS
CVE
CVE
added 2019/01/16 7:30 p.m.371 views

CVE-2019-2422

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to co...

3.1CVSS2.4AI score0.00128EPSS
CVE
CVE
added 2020/05/09 9:15 p.m.371 views

CVE-2020-12767

exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error.

5.5CVSS6.6AI score0.00156EPSS
CVE
CVE
added 2018/05/30 4:29 a.m.370 views

CVE-2018-11235

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because sub...

7.8CVSS8.1AI score0.5487EPSS
CVE
CVE
added 2019/11/30 1:15 a.m.370 views

CVE-2019-19462

relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result.

5.5CVSS5.5AI score0.00101EPSS
CVE
CVE
added 2019/01/16 7:30 p.m.370 views

CVE-2019-2534

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protoco...

7.1CVSS6.4AI score0.00278EPSS
CVE
CVE
added 2019/05/15 1:29 p.m.369 views

CVE-2019-11833

fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.

5.5CVSS6.4AI score0.00017EPSS
CVE
CVE
added 2020/03/12 9:15 p.m.369 views

CVE-2020-0556

Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access

7.1CVSS6.8AI score0.00172EPSS
CVE
CVE
added 2020/09/09 2:15 p.m.369 views

CVE-2020-1968

The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted com...

4.3CVSS4.1AI score0.0072EPSS
CVE
CVE
added 2024/01/08 6:15 p.m.369 views

CVE-2022-2586

It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.

7.8CVSS7.7AI score0.01511EPSS
CVE
CVE
added 2019/05/08 2:29 p.m.368 views

CVE-2019-11815

An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.

9.3CVSS7.5AI score0.01592EPSS
CVE
CVE
added 2019/08/21 6:15 a.m.368 views

CVE-2019-15292

An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c.

10CVSS6AI score0.00953EPSS
CVE
CVE
added 2023/03/22 9:15 p.m.368 views

CVE-2023-0386

A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate ...

7.8CVSS7.4AI score0.47375EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.367 views

CVE-2018-3156

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to comprom...

6.5CVSS6.9AI score0.00336EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.367 views

CVE-2018-3251

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to comprom...

6.5CVSS6.9AI score0.00239EPSS
CVE
CVE
added 2020/01/21 6:15 p.m.367 views

CVE-2019-14902

There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers.

5.5CVSS5.9AI score0.01691EPSS
CVE
CVE
added 2018/10/26 2:29 p.m.365 views

CVE-2018-15688

A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.

8.8CVSS9AI score0.00845EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.365 views

CVE-2018-3143

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to comprom...

6.5CVSS6.9AI score0.00336EPSS
CVE
CVE
added 2020/01/02 2:16 p.m.365 views

CVE-2019-20218

selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.

7.5CVSS7.6AI score0.00774EPSS
CVE
CVE
added 2019/03/06 3:29 p.m.365 views

CVE-2019-3824

A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the LDAP server, could use this flaw to cause denial of service.

6.5CVSS5.5AI score0.07829EPSS
CVE
CVE
added 2020/05/21 4:15 a.m.363 views

CVE-2020-6463

Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9.1AI score0.03285EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.361 views

CVE-2018-3214

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulnerability allows unauthenticated attacker with netw...

5.3CVSS5.5AI score0.00105EPSS
CVE
CVE
added 2019/08/15 10:15 p.m.361 views

CVE-2019-9850

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on variou...

9.8CVSS9.2AI score0.85073EPSS
CVE
CVE
added 2018/05/23 1:29 p.m.359 views

CVE-2018-1126

procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.

9.8CVSS7.7AI score0.00302EPSS
CVE
CVE
added 2018/08/08 7:29 p.m.359 views

CVE-2018-14526

An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive informa...

6.5CVSS5.7AI score0.00726EPSS
CVE
CVE
added 2019/01/16 7:30 p.m.359 views

CVE-2019-2531

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protoc...

4.9CVSS4.8AI score0.00109EPSS
CVE
CVE
added 2020/07/06 7:15 p.m.359 views

CVE-2020-10760

A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba.

6.5CVSS6.6AI score0.03158EPSS
CVE
CVE
added 2020/05/22 6:15 p.m.359 views

CVE-2020-13398

An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c.

8.3CVSS8AI score0.00377EPSS
CVE
CVE
added 2019/08/19 10:15 p.m.358 views

CVE-2019-15217

An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver.

4.9CVSS6.1AI score0.00065EPSS
CVE
CVE
added 2020/01/15 5:15 p.m.358 views

CVE-2020-2579

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to c...

6.5CVSS6.1AI score0.00585EPSS
CVE
CVE
added 2020/02/24 3:15 p.m.357 views

CVE-2020-8130

There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character |.

6.9CVSS6.6AI score0.0007EPSS
CVE
CVE
added 2018/06/13 11:29 p.m.356 views

CVE-2018-0495

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP....

4.7CVSS5.5AI score0.0033EPSS
CVE
CVE
added 2018/11/14 3:29 p.m.356 views

CVE-2018-17466

Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

8.8CVSS7.1AI score0.00898EPSS
CVE
CVE
added 2020/11/23 5:15 p.m.355 views

CVE-2020-0569

Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access.

5.7CVSS5.8AI score0.00399EPSS
CVE
CVE
added 2020/03/24 10:15 p.m.355 views

CVE-2020-10942

In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.

5.4CVSS6.2AI score0.00039EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.354 views

CVE-2020-14577

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to c...

4.3CVSS4.4AI score0.00237EPSS
CVE
CVE
added 2019/12/30 5:15 a.m.353 views

CVE-2019-20096

In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b.

5.5CVSS6.5AI score0.00075EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.353 views

CVE-2019-2949

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos...

6.8CVSS6.4AI score0.00426EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.353 views

CVE-2020-14621

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple p...

5.3CVSS5.2AI score0.00373EPSS
CVE
CVE
added 2020/10/06 2:15 p.m.353 views

CVE-2020-25641

A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue req...

5.5CVSS5.8AI score0.0005EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.352 views

CVE-2018-3173

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server....

4.9CVSS5AI score0.00146EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.351 views

CVE-2018-3200

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server....

4.9CVSS5AI score0.00146EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.351 views

CVE-2020-14581

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocol...

4.3CVSS4AI score0.00311EPSS
Total number of security vulnerabilities1817