Lucene search

K
CanonicalUbuntu Linux20.04

434 matches found

CVE
CVE
added 2020/09/30 7:15 p.m.142 views

CVE-2020-14378

An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the move_desc function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause move_desc to get stuck in a 4,294,967,295-count iteration loop. Depending on how vhost_crypto is ...

3.3CVSS5.7AI score0.00072EPSS
CVE
CVE
added 2020/08/13 3:15 a.m.142 views

CVE-2020-16293

A null pointer dereference vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

5.5CVSS5.6AI score0.00987EPSS
CVE
CVE
added 2020/05/12 9:15 p.m.140 views

CVE-2020-11058

In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. As a result, a manipulated client or server might force a disconnect due to an invalid data read. This has been fixed in 2.0.0.

3.5CVSS5.4AI score0.00095EPSS
CVE
CVE
added 2020/09/30 7:15 p.m.140 views

CVE-2020-14375

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhost_crypto has validated...

7.8CVSS7.7AI score0.00052EPSS
CVE
CVE
added 2020/09/30 7:15 p.m.140 views

CVE-2020-14377

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an attac...

7.1CVSS7.4AI score0.0007EPSS
CVE
CVE
added 2020/08/13 3:15 a.m.140 views

CVE-2020-16307

A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51.

5.5CVSS5.7AI score0.01336EPSS
CVE
CVE
added 2020/09/30 8:15 p.m.139 views

CVE-2020-14374

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copy_data function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhost_crypto application. The highest threat from this vulne...

8.8CVSS8.6AI score0.00187EPSS
CVE
CVE
added 2020/08/13 3:15 a.m.137 views

CVE-2020-16287

A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

5.5CVSS5.9AI score0.01448EPSS
CVE
CVE
added 2020/08/13 3:15 a.m.137 views

CVE-2020-16303

A use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51.

7.8CVSS7.3AI score0.00962EPSS
CVE
CVE
added 2020/08/13 3:15 a.m.136 views

CVE-2020-17538

A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript from v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

5.5CVSS6.1AI score0.00693EPSS
CVE
CVE
added 2020/09/30 7:15 p.m.135 views

CVE-2020-14376

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as syste...

7.8CVSS7.9AI score0.00094EPSS
CVE
CVE
added 2020/08/13 3:15 a.m.135 views

CVE-2020-16289

A buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

5.5CVSS5.9AI score0.01448EPSS
CVE
CVE
added 2020/08/13 3:15 a.m.135 views

CVE-2020-16310

A division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

5.5CVSS5.7AI score0.00621EPSS
CVE
CVE
added 2020/08/13 3:15 a.m.134 views

CVE-2020-16294

A buffer overflow vulnerability in epsc_print_page() in devices/gdevepsc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

5.5CVSS5.9AI score0.00757EPSS
CVE
CVE
added 2020/08/13 3:15 a.m.134 views

CVE-2020-16301

A buffer overflow vulnerability in okiibm_print_page1() in devices/gdevokii.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

5.5CVSS5.9AI score0.00683EPSS
CVE
CVE
added 2020/08/13 3:15 a.m.133 views

CVE-2020-16309

A buffer overflow vulnerability in lxm5700m_print_page() in devices/gdevlxm.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted eps file. This is fixed in v9.51.

5.5CVSS5.9AI score0.01954EPSS
CVE
CVE
added 2020/06/02 7:15 p.m.133 views

CVE-2020-7663

websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other charac...

7.5CVSS7.2AI score0.00635EPSS
CVE
CVE
added 2021/06/12 4:15 a.m.133 views

CVE-2021-32553

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users.

7.3CVSS5.8AI score0.0004EPSS
CVE
CVE
added 2020/07/17 4:15 p.m.132 views

CVE-2020-14001

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `). NOTE: kramdown ...

9.8CVSS9.3AI score0.04279EPSS
CVE
CVE
added 2020/08/13 3:15 a.m.132 views

CVE-2020-16295

A null pointer dereference vulnerability in clj_media_size() in devices/gdevclj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

5.5CVSS5.7AI score0.00621EPSS
CVE
CVE
added 2020/09/01 1:15 p.m.132 views

CVE-2020-24583

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level ...

7.5CVSS7.3AI score0.0284EPSS
CVE
CVE
added 2020/09/01 1:15 p.m.132 views

CVE-2020-24584

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077.

7.5CVSS7.3AI score0.01608EPSS
CVE
CVE
added 2020/06/03 2:15 p.m.130 views

CVE-2020-13596

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.

6.1CVSS5.9AI score0.0108EPSS
CVE
CVE
added 2020/08/13 3:15 a.m.130 views

CVE-2020-16302

A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51.

5.5CVSS6.2AI score0.00809EPSS
CVE
CVE
added 2020/06/06 7:15 p.m.129 views

CVE-2020-13881

In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.

7.5CVSS7.4AI score0.00652EPSS
CVE
CVE
added 2020/08/13 3:15 a.m.129 views

CVE-2020-16291

A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

5.5CVSS6.1AI score0.01391EPSS
CVE
CVE
added 2021/06/12 4:15 a.m.129 views

CVE-2021-32549

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-13 package apport hooks, it could expose private data to other local users.

7.3CVSS5.8AI score0.00047EPSS
CVE
CVE
added 2020/08/13 3:15 a.m.128 views

CVE-2020-16308

A buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

5.5CVSS5.9AI score0.01448EPSS
CVE
CVE
added 2021/06/12 4:15 a.m.128 views

CVE-2021-32555

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg-hwe-18.04 package apport hooks, it could expose private data to other local users.

7.3CVSS5.8AI score0.00043EPSS
CVE
CVE
added 2020/08/13 3:15 a.m.127 views

CVE-2020-16306

A null pointer dereference vulnerability in devices/gdevtsep.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51.

5.5CVSS5.7AI score0.01336EPSS
CVE
CVE
added 2021/06/12 4:15 a.m.127 views

CVE-2021-32554

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data to other local users.

7.3CVSS5.8AI score0.00047EPSS
CVE
CVE
added 2020/05/07 7:15 p.m.125 views

CVE-2020-11044

In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_read_cache_bitmap_v3_order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0.

3.5CVSS5.5AI score0.00094EPSS
CVE
CVE
added 2020/04/22 5:15 p.m.125 views

CVE-2020-12066

CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server.

7.8CVSS7.3AI score0.04554EPSS
CVE
CVE
added 2020/08/13 3:15 a.m.125 views

CVE-2020-16288

A buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

5.5CVSS5.9AI score0.01448EPSS
CVE
CVE
added 2020/08/13 3:15 a.m.124 views

CVE-2020-16292

A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

5.5CVSS5.9AI score0.01448EPSS
CVE
CVE
added 2020/08/13 3:15 a.m.124 views

CVE-2020-16296

A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript from v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

5.5CVSS6.1AI score0.00693EPSS
CVE
CVE
added 2021/06/12 4:15 a.m.123 views

CVE-2021-32552

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.

7.3CVSS5.8AI score0.00043EPSS
CVE
CVE
added 2020/06/25 7:15 p.m.122 views

CVE-2020-11538

In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311.

8.1CVSS8.7AI score0.01063EPSS
CVE
CVE
added 2021/06/12 4:15 a.m.122 views

CVE-2021-32551

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-15 package apport hooks, it could expose private data to other local users.

7.3CVSS5.8AI score0.00043EPSS
CVE
CVE
added 2020/08/13 3:15 a.m.121 views

CVE-2020-16299

A Division by Zero vulnerability in bj10v_print_page() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

5.5CVSS5.7AI score0.00621EPSS
CVE
CVE
added 2020/08/13 3:15 a.m.121 views

CVE-2020-16300

A buffer overflow vulnerability in tiff12_print_page() in devices/gdevtfnx.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

5.5CVSS5.9AI score0.01448EPSS
CVE
CVE
added 2020/11/02 9:15 p.m.121 views

CVE-2020-28040

WordPress before 5.5.2 allows CSRF attacks that change a theme's background image.

4.3CVSS6.4AI score0.00306EPSS
CVE
CVE
added 2021/06/12 4:15 a.m.121 views

CVE-2021-32548

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-8 package apport hooks, it could expose private data to other local users.

7.3CVSS5.8AI score0.00047EPSS
CVE
CVE
added 2020/08/13 3:15 a.m.120 views

CVE-2020-16290

A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

5.5CVSS5.9AI score0.01448EPSS
CVE
CVE
added 2021/06/12 4:15 a.m.119 views

CVE-2021-32547

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-lts package apport hooks, it could expose private data to other local users.

7.3CVSS5.8AI score0.00047EPSS
CVE
CVE
added 2022/02/17 11:15 p.m.117 views

CVE-2021-4120

snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions 2.54...

8.2CVSS8.1AI score0.00096EPSS
CVE
CVE
added 2023/09/06 2:15 p.m.117 views

CVE-2023-3777

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certa...

7.8CVSS8.2AI score0.00025EPSS
CVE
CVE
added 2020/06/17 4:15 p.m.116 views

CVE-2020-14403

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings.

5.5CVSS6.1AI score0.0085EPSS
CVE
CVE
added 2020/06/17 4:15 p.m.116 views

CVE-2020-14404

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings.

5.5CVSS6.1AI score0.01019EPSS
CVE
CVE
added 2023/04/26 11:15 p.m.115 views

CVE-2023-1786

Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.

5.5CVSS5.3AI score0.0002EPSS
Total number of security vulnerabilities434