Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Canonical Subscribe
Total 4021 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-6869 3 Canonical, Debian, Zziplib Project 3 Ubuntu Linux, Debian Linux, Zziplib 2020-06-28 4.3 MEDIUM 6.5 MEDIUM
In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.
CVE-2018-6541 2 Canonical, Zziplib Project 2 Ubuntu Linux, Zziplib 2020-06-28 4.3 MEDIUM 6.5 MEDIUM
In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_trailer (zzip/zip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.
CVE-2018-6540 2 Canonical, Zziplib Project 2 Ubuntu Linux, Zziplib 2020-06-28 4.3 MEDIUM 6.5 MEDIUM
In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.
CVE-2018-6484 2 Canonical, Zziplib Project 2 Ubuntu Linux, Zziplib 2020-06-28 4.3 MEDIUM 6.5 MEDIUM
In ZZIPlib 0.13.67, there is a memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.
CVE-2016-7426 4 Canonical, Hpe, Ntp and 1 more 9 Ubuntu Linux, Hpux-ntp, Ntp and 6 more 2020-06-18 4.3 MEDIUM 7.5 HIGH
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.
CVE-2018-2839 3 Canonical, Netapp, Oracle 7 Ubuntu Linux, Oncommand Insight, Oncommand Unified Manager and 4 more 2020-06-16 4.0 MEDIUM 4.9 MEDIUM
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2018-1000888 3 Canonical, Debian, Php 3 Ubuntu Linux, Debian Linux, Pear Archive Tar 2020-06-15 6.8 MEDIUM 8.8 HIGH
PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. There are several file operations with `$v_header['filename']` as parameter (such as file_exists, is_file, is_dir, etc). When extract is called without a specific prefix path, we can trigger unserialization by crafting a tar file with `phar://[path_to_malicious_phar_file]` as path. Object injection can be used to trigger destruct in the loaded PHP classes, e.g. the Archive_Tar class itself. With Archive_Tar object injection, arbitrary file deletion can occur because `@unlink($this->_temp_tarname)` is called. If another class with useful gadget is loaded, it may possible to cause remote code execution that can result in files being deleted or possibly modified. This vulnerability appears to have been fixed in 1.4.4.
CVE-2020-11608 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2020-06-13 4.9 MEDIUM 4.3 MEDIUM
An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka CID-998912346c0d.
CVE-2020-11609 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2020-06-13 4.9 MEDIUM 4.3 MEDIUM
An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid descriptors, as demonstrated by a NULL pointer dereference, aka CID-485b06aadb93.
CVE-2020-11793 5 Canonical, Fedoraproject, Opensuse and 2 more 5 Ubuntu Linux, Fedora, Leap and 2 more 2020-06-12 6.8 MEDIUM 8.8 HIGH
A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash).
CVE-2020-11565 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2020-06-10 3.6 LOW 6.0 MEDIUM
** DISPUTED ** An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue “is a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.”.
CVE-2020-11047 2 Canonical, Freerdp 2 Ubuntu Linux, Freerdp 2020-06-09 4.9 MEDIUM 5.9 MEDIUM
In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read in autodetect_recv_bandwidth_measure_results. A malicious server can extract up to 8 bytes of client memory with a manipulated message by providing a short input and reading the measurement result data. This has been patched in 2.0.0.
CVE-2010-4008 9 Apache, Apple, Canonical and 6 more 15 Openoffice, Iphone Os, Itunes and 12 more 2020-06-04 4.3 MEDIUM N/A
libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.
CVE-2013-6391 3 Canonical, Openstack, Redhat 3 Ubuntu Linux, Keystone, Openstack 2020-06-02 5.8 MEDIUM N/A
The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2tokens API request.
CVE-2015-5707 4 Canonical, Debian, Linux and 1 more 5 Ubuntu Linux, Debian Linux, Linux Kernel and 2 more 2020-06-02 4.6 MEDIUM N/A
Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request.
CVE-2016-4804 3 Canonical, Dosfstools Project, Opensuse 4 Ubuntu Linux, Dosfstools, Leap and 1 more 2020-05-30 2.1 LOW 6.2 MEDIUM
The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function.
CVE-2015-8872 3 Canonical, Dosfstools Project, Opensuse 4 Ubuntu Linux, Dosfstools, Leap and 1 more 2020-05-30 2.1 LOW 6.2 MEDIUM
The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an "off-by-two error."
CVE-2019-13508 2 Canonical, Freetds 2 Ubuntu Linux, Freetds 2020-05-29 7.5 HIGH 9.8 CRITICAL
FreeTDS through 1.1.11 has a Buffer Overflow.
CVE-2011-2192 5 Apple, Canonical, Debian and 2 more 5 Mac Os X, Ubuntu Linux, Debian Linux and 2 more 2020-05-27 4.3 MEDIUM N/A
The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.
CVE-2019-11596 2 Canonical, Memcached 2 Ubuntu Linux, Memcached 2020-05-26 5.0 MEDIUM 7.5 HIGH
In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in memcached.c.