Filtered by vendor Canonical
Subscribe
Total
4202 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5310 | 3 Canonical, Fedoraproject, Python | 3 Ubuntu Linux, Fedora, Pillow | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc. | |||||
| CVE-2015-3166 | 3 Canonical, Debian, Postgresql | 3 Ubuntu Linux, Debian Linux, Postgresql | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error. | |||||
| CVE-2019-20079 | 2 Canonical, Vim | 2 Ubuntu Linux, Vim | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory. | |||||
| CVE-2019-2963 | 4 Canonical, Fedoraproject, Netapp and 1 more | 7 Ubuntu Linux, Fedora, Active Iq Unified Manager and 4 more | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2019-19244 | 4 Canonical, Oracle, Siemens and 1 more | 4 Ubuntu Linux, Mysql Workbench, Sinec Infrastructure Network Services and 1 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage. | |||||
| CVE-2013-1429 | 2 Canonical, Debian | 3 Ubuntu Linux, Debian Linux, Lintian | 2024-02-28 | 4.3 MEDIUM | 6.3 MEDIUM |
| Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using crafted symlinks. | |||||
| CVE-2019-5094 | 5 Canonical, Debian, E2fsprogs Project and 2 more | 6 Ubuntu Linux, Debian Linux, E2fsprogs and 3 more | 2024-02-28 | 4.6 MEDIUM | 6.7 MEDIUM |
| An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. | |||||
| CVE-2020-10029 | 6 Canonical, Debian, Fedoraproject and 3 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c. | |||||
| CVE-2019-19056 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-02-28 | 4.7 MEDIUM | 4.7 MEDIUM |
| A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-db8fd2cde932. | |||||
| CVE-2020-7595 | 7 Canonical, Debian, Fedoraproject and 4 more | 32 Ubuntu Linux, Debian Linux, Fedora and 29 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. | |||||
| CVE-2019-17570 | 5 Apache, Canonical, Debian and 2 more | 6 Xml-rpc, Ubuntu Linux, Debian Linux and 3 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue will not be fixed. | |||||
| CVE-2019-19330 | 3 Canonical, Debian, Haproxy | 3 Ubuntu Linux, Debian Linux, Haproxy | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks. | |||||
| CVE-2019-2946 | 4 Canonical, Fedoraproject, Netapp and 1 more | 7 Ubuntu Linux, Fedora, Active Iq Unified Manager and 4 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2019-11045 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access. | |||||
| CVE-2019-17024 | 5 Canonical, Debian, Mozilla and 2 more | 12 Ubuntu Linux, Debian Linux, Firefox and 9 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. | |||||
| CVE-2019-11481 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2024-02-28 | 6.1 MEDIUM | 7.8 HIGH |
| Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences. | |||||
| CVE-2019-14870 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-02-28 | 6.4 MEDIUM | 5.4 MEDIUM |
| All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. In AD this is implemented by a user attribute delegation_not_allowed (aka not-delegated), which translates to disallow-forwardable. However the Samba AD DC does not do that for S4U2Self and does set the forwardable flag even if the impersonated client has the not-delegated flag set. | |||||
| CVE-2012-0055 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions. | |||||
| CVE-2019-20382 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Leap and 1 more | 2024-02-28 | 2.7 LOW | 3.5 LOW |
| QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd. | |||||
| CVE-2019-20096 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
| In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b. | |||||