Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Canonical Subscribe
Total 4021 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-2922 3 Canonical, Netapp, Oracle 6 Ubuntu Linux, Active Iq Unified Manager, Oncommand Insight and 3 more 2023-02-03 5.0 MEDIUM 5.3 MEDIUM
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
CVE-2019-2923 3 Canonical, Netapp, Oracle 6 Ubuntu Linux, Active Iq Unified Manager, Oncommand Insight and 3 more 2023-02-03 5.0 MEDIUM 5.3 MEDIUM
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
CVE-2019-2920 2 Canonical, Oracle 2 Ubuntu Linux, Mysql 2023-02-03 5.0 MEDIUM 5.3 MEDIUM
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC). Supported versions that are affected are 5.3.13 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2019-2924 3 Canonical, Netapp, Oracle 6 Ubuntu Linux, Active Iq Unified Manager, Oncommand Insight and 3 more 2023-02-03 5.0 MEDIUM 5.3 MEDIUM
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
CVE-2021-44731 3 Canonical, Debian, Fedoraproject 4 Snapd, Ubuntu Linux, Debian Linux and 1 more 2023-02-03 6.9 MEDIUM 7.8 HIGH
A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their own contents inside the snap's private mount namespace and causing snap-confine to execute arbitrary code and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
CVE-2018-11490 4 Canonical, Debian, Giflib Project and 1 more 4 Ubuntu Linux, Debian Linux, Giflib and 1 more 2023-02-03 6.8 MEDIUM 8.8 HIGH
The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to a denial of service or possibly unspecified other impact.
CVE-2019-15133 3 Canonical, Debian, Giflib Project 3 Ubuntu Linux, Debian Linux, Giflib 2023-02-03 4.3 MEDIUM 6.5 MEDIUM
In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero.
CVE-2019-11763 2 Canonical, Mozilla 4 Ubuntu Linux, Firefox, Firefox Esr and 1 more 2023-02-03 4.3 MEDIUM 6.1 MEDIUM
Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML entities being masked from filters - enabling the use of entities to mask the actual characters of interest from filters. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.
CVE-2021-3975 5 Canonical, Debian, Fedoraproject and 2 more 14 Ubuntu Linux, Debian Linux, Fedora and 11 more 2023-02-03 N/A 6.5 MEDIUM
A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.
CVE-2020-14347 3 Canonical, Debian, X.org 3 Ubuntu Linux, Debian Linux, Xorg-server 2023-02-03 2.1 LOW 5.5 MEDIUM
A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.
CVE-2019-18810 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2023-02-03 7.8 HIGH 7.5 HIGH
A memory leak in the komeda_wb_connector_add() function in drivers/gpu/drm/arm/display/komeda/komeda_wb_connector.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering drm_writeback_connector_init() failures, aka CID-a0ecd6fdbf5d.
CVE-2019-7307 2 Apport Project, Canonical 2 Apport, Ubuntu Linux 2023-02-03 4.4 MEDIUM 7.0 HIGH
Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause Apport to include the contents of this other file in the resulting crash report. The crash report could then be read by that user either by causing it to be uploaded and reported to Launchpad, or by leveraging some other vulnerability to read the resulting crash report, and so allow the user to read arbitrary files on the system.
CVE-2018-14622 4 Canonical, Debian, Libtirpc Project and 1 more 8 Ubuntu Linux, Debian Linux, Libtirpc and 5 more 2023-02-03 5.0 MEDIUM 7.5 HIGH
A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections.
CVE-2020-12674 4 Canonical, Debian, Dovecot and 1 more 4 Ubuntu Linux, Debian Linux, Dovecot and 1 more 2023-02-02 5.0 MEDIUM 7.5 HIGH
In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.
CVE-2020-12673 4 Canonical, Debian, Dovecot and 1 more 4 Ubuntu Linux, Debian Linux, Dovecot and 1 more 2023-02-02 5.0 MEDIUM 7.5 HIGH
In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.
CVE-2020-15658 2 Canonical, Mozilla 4 Ubuntu Linux, Firefox, Firefox Esr and 1 more 2023-02-02 4.3 MEDIUM 6.5 MEDIUM
The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
CVE-2020-15654 2 Canonical, Mozilla 4 Ubuntu Linux, Firefox, Firefox Esr and 1 more 2023-02-02 4.3 MEDIUM 6.5 MEDIUM
When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
CVE-2020-15656 3 Canonical, Mozilla, Opensuse 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more 2023-02-02 9.3 HIGH 8.8 HIGH
JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
CVE-2020-15653 2 Canonical, Mozilla 4 Ubuntu Linux, Firefox, Firefox Esr and 1 more 2023-02-02 4.3 MEDIUM 6.5 MEDIUM
An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
CVE-2019-13110 4 Canonical, Debian, Exiv2 and 1 more 4 Ubuntu Linux, Debian Linux, Exiv2 and 1 more 2023-02-02 4.3 MEDIUM 6.5 MEDIUM
A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted CRW image file.