Lucene search

K
CanonicalUbuntu Linux20.04

434 matches found

CVE
CVE
added 2020/05/19 2:15 p.m.335 views

CVE-2020-12662

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

7.5CVSS7.5AI score0.14036EPSS
CVE
CVE
added 2020/05/12 7:15 p.m.334 views

CVE-2020-12826

A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent pro...

5.3CVSS6AI score0.00026EPSS
CVE
CVE
added 2020/09/09 4:15 p.m.333 views

CVE-2020-25212

A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.

7CVSS7.5AI score0.00032EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.327 views

CVE-2020-2765

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL S...

4.9CVSS4.8AI score0.00084EPSS
CVE
CVE
added 2020/05/22 7:15 p.m.325 views

CVE-2020-12397

By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird < 68.8.0.

4.3CVSS6AI score0.00184EPSS
CVE
CVE
added 2020/08/11 4:15 p.m.325 views

CVE-2020-16092

In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_r...

3.8CVSS5AI score0.00019EPSS
CVE
CVE
added 2020/07/30 9:15 p.m.325 views

CVE-2020-16166

The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c.

4.3CVSS5.6AI score0.01848EPSS
CVE
CVE
added 2019/10/10 6:15 p.m.323 views

CVE-2019-17455

Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request.

9.8CVSS9.2AI score0.04635EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.323 views

CVE-2020-14583

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via mul...

8.3CVSS8.2AI score0.01118EPSS
CVE
CVE
added 2020/07/29 6:15 p.m.318 views

CVE-2020-15707

Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extrem...

6.4CVSS7.6AI score0.00033EPSS
CVE
CVE
added 2020/05/27 3:15 p.m.314 views

CVE-2020-13631

SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.

5.5CVSS6.7AI score0.00111EPSS
CVE
CVE
added 2021/03/23 6:15 p.m.314 views

CVE-2021-3444

The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel me...

7.8CVSS7.5AI score0.00055EPSS
CVE
CVE
added 2020/03/20 9:15 p.m.310 views

CVE-2019-18860

Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.

6.1CVSS7.4AI score0.01644EPSS
CVE
CVE
added 2020/07/15 10:15 p.m.310 views

CVE-2020-15780

An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30.

7.2CVSS6.6AI score0.00672EPSS
CVE
CVE
added 2020/05/09 9:15 p.m.309 views

CVE-2020-12771

An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails.

5.5CVSS5.9AI score0.00063EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.309 views

CVE-2020-14593

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple pro...

7.4CVSS7.1AI score0.00331EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.309 views

CVE-2020-2804

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols t...

5.9CVSS5.5AI score0.0057EPSS
CVE
CVE
added 2020/03/05 7:15 p.m.308 views

CVE-2019-20382

QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.

3.5CVSS4.8AI score0.00188EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.308 views

CVE-2020-14697

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Suc...

7.2CVSS6.5AI score0.00681EPSS
CVE
CVE
added 2021/06/04 2:15 a.m.307 views

CVE-2021-3489

The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee (...

7.8CVSS8.1AI score0.00089EPSS
CVE
CVE
added 2022/05/17 5:15 p.m.307 views

CVE-2022-29581

Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.

7.8CVSS7.8AI score0.00334EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.304 views

CVE-2020-14539

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to c...

6.5CVSS6.2AI score0.00888EPSS
CVE
CVE
added 2020/08/05 2:15 p.m.303 views

CVE-2020-14347

A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.

5.5CVSS6.3AI score0.00018EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.303 views

CVE-2020-14540

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server....

4.9CVSS4.9AI score0.00487EPSS
CVE
CVE
added 2021/03/20 10:15 p.m.301 views

CVE-2020-27170

An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affe...

4.7CVSS6AI score0.00048EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.301 views

CVE-2020-2763

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols t...

4.9CVSS4.8AI score0.00465EPSS
CVE
CVE
added 2020/05/28 12:15 p.m.300 views

CVE-2020-13645

In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verifica...

6.5CVSS6.4AI score0.00498EPSS
CVE
CVE
added 2022/08/29 3:15 p.m.300 views

CVE-2022-1184

A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.

5.5CVSS6.2AI score0.00031EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.299 views

CVE-2020-14663

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Suc...

7.2CVSS6.5AI score0.00681EPSS
CVE
CVE
added 2022/02/21 10:15 p.m.299 views

CVE-2021-4115

There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spa...

5.5CVSS5.5AI score0.00013EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.297 views

CVE-2020-14579

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols ...

4.3CVSS4.3AI score0.00131EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.296 views

CVE-2020-14547

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL S...

4.9CVSS4.9AI score0.00487EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.296 views

CVE-2020-14553

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MyS...

4.3CVSS4.1AI score0.00424EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.296 views

CVE-2020-14559

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple proto...

4.3CVSS3.7AI score0.00647EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.296 views

CVE-2020-14678

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Suc...

7.2CVSS6.6AI score0.00669EPSS
CVE
CVE
added 2020/06/09 5:15 a.m.295 views

CVE-2020-13974

An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case.

7.8CVSS7.3AI score0.00056EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.295 views

CVE-2020-14576

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. ...

6.5CVSS6.2AI score0.0039EPSS
CVE
CVE
added 2020/05/27 3:15 p.m.293 views

CVE-2020-13630

ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.

7CVSS7.5AI score0.00177EPSS
CVE
CVE
added 2021/06/04 2:15 a.m.293 views

CVE-2021-3491

The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT limit to be bypassed in the PROVIDE_BUFFERS operation, which led to negative values being usedin mem_rw when reading /proc/<PID>/mem. This could be used to create a heap overflow leading to arbitrary code execution in the ker...

8.8CVSS8.2AI score0.00008EPSS
CVE
CVE
added 2020/09/02 5:15 p.m.292 views

CVE-2020-15810

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the p...

6.5CVSS6.8AI score0.00211EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.292 views

CVE-2020-2904

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful att...

4.9CVSS4.8AI score0.00388EPSS
CVE
CVE
added 2020/05/19 2:15 p.m.291 views

CVE-2020-12663

Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.

7.5CVSS7.5AI score0.06522EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.290 views

CVE-2020-14578

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols ...

4.3CVSS4.3AI score0.00131EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.289 views

CVE-2020-2923

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful att...

4.9CVSS4.8AI score0.00388EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.288 views

CVE-2020-14633

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

4CVSS3.4AI score0.00362EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.288 views

CVE-2020-14641

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf...

4.9CVSS4.8AI score0.00502EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.288 views

CVE-2020-2930

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful atta...

4.4CVSS4.3AI score0.00084EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.287 views

CVE-2020-14568

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

4.9CVSS4.9AI score0.00491EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.287 views

CVE-2020-2924

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful att...

4.9CVSS4.8AI score0.00388EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.286 views

CVE-2020-2759

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful a...

4.9CVSS4.8AI score0.00388EPSS
Total number of security vulnerabilities434