Lucene search

K
CanonicalUbuntu Linux20.04

434 matches found

CVE
CVE
added 2020/04/15 2:15 p.m.286 views

CVE-2020-2896

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Succe...

4.9CVSS4.8AI score0.00388EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.285 views

CVE-2020-14643

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf...

5.5CVSS5.4AI score0.00383EPSS
CVE
CVE
added 2020/10/21 3:15 p.m.285 views

CVE-2020-14837

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful att...

6.8CVSS5AI score0.00206EPSS
CVE
CVE
added 2020/07/29 6:15 p.m.285 views

CVE-2020-15706

GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 ...

6.4CVSS7.7AI score0.00064EPSS
CVE
CVE
added 2020/07/29 6:15 p.m.284 views

CVE-2020-15705

GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. Thi...

6.4CVSS7.1AI score0.00018EPSS
CVE
CVE
added 2023/07/05 7:15 p.m.284 views

CVE-2023-31248

Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; nft_chain_lookup_byid() failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace

7.8CVSS7.8AI score0.00202EPSS
CVE
CVE
added 2022/03/29 3:15 p.m.283 views

CVE-2022-1055

A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5

8.6CVSS7.7AI score0.00021EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.282 views

CVE-2020-14651

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf...

5.5CVSS5.4AI score0.00383EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.281 views

CVE-2020-14586

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Suc...

4.9CVSS4.9AI score0.00487EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.281 views

CVE-2020-14634

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

4CVSS3AI score0.00391EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.281 views

CVE-2020-2897

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful att...

4.9CVSS4.8AI score0.00388EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.280 views

CVE-2020-14624

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks ...

4.9CVSS4.9AI score0.00415EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.279 views

CVE-2020-2762

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

4.9CVSS4.8AI score0.00373EPSS
CVE
CVE
added 2020/06/15 5:15 a.m.278 views

CVE-2020-14093

Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.

5.9CVSS5.6AI score0.01319EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.278 views

CVE-2020-14614

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful att...

4.9CVSS4.9AI score0.00491EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.278 views

CVE-2020-14620

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

4.9CVSS4.9AI score0.00415EPSS
CVE
CVE
added 2020/10/13 8:15 p.m.278 views

CVE-2020-25645

A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The mai...

7.5CVSS7.1AI score0.00108EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.278 views

CVE-2020-2903

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Succ...

4.9CVSS4.8AI score0.00388EPSS
CVE
CVE
added 2020/05/09 9:15 p.m.277 views

CVE-2020-12768

An issue was discovered in the Linux kernel before 5.6. svm_cpu_uninit in arch/x86/kvm/svm.c has a memory leak, aka CID-d80b64ff297e. NOTE: third parties dispute this issue because it's a one-time leak at the boot, the size is negligible, and it can't be triggered at will

5.5CVSS5.7AI score0.0007EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.277 views

CVE-2020-14632

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac...

4.9CVSS4.9AI score0.00415EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.277 views

CVE-2020-14680

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful atta...

6.5CVSS6.2AI score0.00539EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.277 views

CVE-2020-14702

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Suc...

4.9CVSS4.9AI score0.00415EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.276 views

CVE-2020-2895

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

4.9CVSS4.8AI score0.00388EPSS
CVE
CVE
added 2020/09/15 2:15 p.m.275 views

CVE-2020-14345

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

7.8CVSS7.7AI score0.00057EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.274 views

CVE-2020-14597

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful att...

4.9CVSS4.9AI score0.00487EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.273 views

CVE-2020-14623

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

4.9CVSS4.9AI score0.00415EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.273 views

CVE-2020-14656

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac...

4.9CVSS4.9AI score0.00415EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.273 views

CVE-2020-2925

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of...

4.9CVSS4.8AI score0.00388EPSS
CVE
CVE
added 2022/07/04 9:15 p.m.273 views

CVE-2022-34918

An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an ...

7.8CVSS7.5AI score0.36436EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.272 views

CVE-2020-14631

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Audit). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf...

4.9CVSS4.9AI score0.00415EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.271 views

CVE-2020-14654

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful att...

4.9CVSS4.9AI score0.00415EPSS
CVE
CVE
added 2019/10/14 2:15 a.m.270 views

CVE-2019-17539

In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer.

9.8CVSS9.3AI score0.00523EPSS
CVE
CVE
added 2020/05/22 6:15 p.m.270 views

CVE-2020-13397

An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value.

5.5CVSS6.2AI score0.00084EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.270 views

CVE-2020-14619

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks...

6.5CVSS6.2AI score0.00632EPSS
CVE
CVE
added 2020/04/14 11:15 p.m.268 views

CVE-2020-11763

An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.

5.5CVSS5.5AI score0.00363EPSS
CVE
CVE
added 2020/07/31 10:15 p.m.268 views

CVE-2020-14311

There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.

6CVSS7AI score0.00037EPSS
CVE
CVE
added 2020/06/03 12:15 a.m.267 views

CVE-2019-20810

go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586.

5.5CVSS5.8AI score0.00063EPSS
CVE
CVE
added 2020/04/06 1:15 a.m.267 views

CVE-2020-11565

An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability...

6CVSS6.3AI score0.00105EPSS
CVE
CVE
added 2020/05/22 6:15 p.m.267 views

CVE-2020-13396

An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c.

7.1CVSS6.9AI score0.00415EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.267 views

CVE-2020-2901

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful att...

4.9CVSS4.8AI score0.00465EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.266 views

CVE-2020-14575

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

4.9CVSS4.9AI score0.00487EPSS
CVE
CVE
added 2020/09/02 5:15 p.m.265 views

CVE-2020-15811

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the b...

6.5CVSS6.8AI score0.00251EPSS
CVE
CVE
added 2019/11/18 6:15 a.m.264 views

CVE-2019-19054

A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b.

4.7CVSS6.2AI score0.00076EPSS
CVE
CVE
added 2020/05/26 6:15 p.m.263 views

CVE-2020-6831

A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.

9.8CVSS9.5AI score0.11785EPSS
CVE
CVE
added 2020/06/21 5:15 p.m.261 views

CVE-2020-14954

Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection."

5.9CVSS5.7AI score0.05464EPSS
CVE
CVE
added 2020/06/15 5:15 p.m.260 views

CVE-2020-14154

Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate.

5.8CVSS5.2AI score0.0054EPSS
CVE
CVE
added 2020/09/09 9:15 p.m.260 views

CVE-2020-25219

url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion.

7.5CVSS7.2AI score0.01056EPSS
CVE
CVE
added 2020/05/15 5:15 p.m.259 views

CVE-2020-11524

libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.

6.6CVSS6.5AI score0.00533EPSS
CVE
CVE
added 2020/04/14 11:15 p.m.257 views

CVE-2020-11764

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.

5.5CVSS5.6AI score0.00493EPSS
CVE
CVE
added 2020/06/17 10:15 p.m.257 views

CVE-2020-8618

An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients.

4.9CVSS5.2AI score0.02008EPSS
Total number of security vulnerabilities434