Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Canonical Subscribe
Total 4021 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-9200 3 Canonical, Debian, Freedesktop 3 Ubuntu Linux, Debian Linux, Poppler 2020-07-23 6.8 MEDIUM 8.8 HIGH
A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
CVE-2018-20481 3 Canonical, Debian, Freedesktop 3 Ubuntu Linux, Debian Linux, Poppler 2020-07-23 4.3 MEDIUM 6.5 MEDIUM
XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.
CVE-2018-16646 3 Canonical, Debian, Freedesktop 3 Ubuntu Linux, Debian Linux, Poppler 2020-07-23 4.3 MEDIUM 6.5 MEDIUM
In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.
CVE-2017-18267 4 Canonical, Debian, Freedesktop and 1 more 7 Ubuntu Linux, Debian Linux, Poppler and 4 more 2020-07-23 4.3 MEDIUM 5.5 MEDIUM
The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.
CVE-2018-18314 5 Canonical, Debian, Netapp and 2 more 8 Ubuntu Linux, Debian Linux, E-series Santricity Os Controller and 5 more 2020-07-14 7.5 HIGH 9.8 CRITICAL
Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
CVE-2018-18313 6 Apple, Canonical, Debian and 3 more 9 Mac Os X, Ubuntu Linux, Debian Linux and 6 more 2020-07-14 6.4 MEDIUM 9.1 CRITICAL
Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.
CVE-2018-18312 5 Canonical, Debian, Netapp and 2 more 8 Ubuntu Linux, Debian Linux, E-series Santricity Os Controller and 5 more 2020-07-14 7.5 HIGH 9.8 CRITICAL
Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
CVE-2018-6798 4 Canonical, Debian, Perl and 1 more 5 Ubuntu Linux, Debian Linux, Perl and 2 more 2020-07-14 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.
CVE-2015-8607 3 Canonical, Debian, Perl 3 Ubuntu Linux, Debian Linux, Pathtools 2020-07-14 7.5 HIGH 7.3 HIGH
The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
CVE-2014-9087 5 Canonical, Debian, Gnupg and 2 more 5 Ubuntu Linux, Debian Linux, Gnupg and 2 more 2020-07-14 7.5 HIGH N/A
Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow.
CVE-2018-8881 2 Canonical, Nasm 2 Ubuntu Linux, Netwide Assembler 2020-07-13 6.8 MEDIUM 7.3 HIGH
Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c, related to an unterminated string.
CVE-2020-5967 2 Canonical, Nvidia 9 Ubuntu Linux, Geforce, Geforce Firmware and 6 more 2020-07-13 1.9 LOW 4.7 MEDIUM
NVIDIA Linux GPU Display Driver, all versions, contains a vulnerability in the UVM driver, in which a race condition may lead to a denial of service.
CVE-2019-18679 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2020-07-10 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.
CVE-2019-18678 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2020-07-10 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches (between a client and Squid) with attacker-controlled content at arbitrary URLs. Effects are isolated to software between the attacker client and Squid. There are no effects on Squid itself, nor on any upstream servers. The issue is related to a request header containing whitespace between a header name and a colon.
CVE-2019-18677 3 Canonical, Fedoraproject, Squid-cache 3 Ubuntu Linux, Fedora, Squid 2020-07-10 5.8 MEDIUM 6.1 MEDIUM
An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to.
CVE-2016-4761 2 Canonical, Webkitgtk 2 Ubuntu Linux, Webkitgtk\+ 2020-07-10 6.8 MEDIUM 8.8 HIGH
WebKitGTK+ before 2.14.0: A use-after-free vulnerability can allow remote attackers to cause a DoS
CVE-2020-8130 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2020-06-30 6.9 MEDIUM 6.4 MEDIUM
There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`.
CVE-2019-12881 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2020-06-29 4.6 MEDIUM 7.8 HIGH
i915_gem_userptr_get_pages in drivers/gpu/drm/i915/i915_gem_userptr.c in the Linux kernel 4.15.0 on Ubuntu 18.04.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) or possibly have unspecified other impact via crafted ioctl calls to /dev/dri/card0.
CVE-2018-7725 3 Canonical, Redhat, Zziplib Project 5 Ubuntu Linux, Enterprise Linux Desktop, Enterprise Linux Server and 2 more 2020-06-28 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in ZZIPlib 0.13.68. An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability causes an application crash, which leads to denial of service.
CVE-2018-7726 3 Canonical, Redhat, Zziplib Project 5 Ubuntu Linux, Enterprise Linux Desktop, Enterprise Linux Server and 2 more 2020-06-28 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by the __zzip_parse_root_directory function of zip.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.