Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Canonical Subscribe
Total 4021 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-1983 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2023-01-27 2.1 LOW 6.5 MEDIUM
A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.
CVE-2020-11958 2 Canonical, Re2c 2 Ubuntu Linux, Re2c 2023-01-27 6.8 MEDIUM 7.8 HIGH
re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/scanner.cc via a long lexeme.
CVE-2020-1751 3 Canonical, Gnu, Redhat 3 Ubuntu Linux, Glibc, Enterprise Linux 2023-01-27 5.9 MEDIUM 7.0 HIGH
An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability.
CVE-2019-17023 3 Canonical, Debian, Mozilla 3 Ubuntu Linux, Debian Linux, Firefox 2023-01-27 4.3 MEDIUM 6.5 MEDIUM
After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72.
CVE-2020-15702 1 Canonical 2 Apport, Ubuntu Linux 2023-01-27 4.4 MEDIUM 7.0 HIGH
TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed process, which can then be used to escalate privileges. Fixed in 2.20.1-0ubuntu2.24, 2.20.9 versions prior to 2.20.9-0ubuntu7.16 and 2.20.11 versions prior to 2.20.11-0ubuntu27.6. Was ZDI-CAN-11234.
CVE-2020-12419 3 Canonical, Mozilla, Opensuse 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more 2023-01-27 9.3 HIGH 8.8 HIGH
When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
CVE-2020-12418 3 Canonical, Mozilla, Opensuse 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more 2023-01-27 4.3 MEDIUM 6.5 MEDIUM
Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
CVE-2020-12406 2 Canonical, Mozilla 4 Ubuntu Linux, Firefox, Firefox Esr and 1 more 2023-01-27 9.3 HIGH 8.8 HIGH
Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.
CVE-2020-7040 4 Canonical, Debian, Opensuse and 1 more 5 Ubuntu Linux, Debian Linux, Backports Sle and 2 more 2023-01-27 9.3 HIGH 8.1 HIGH
storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that file.)
CVE-2015-1465 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2023-01-26 7.8 HIGH N/A
The IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allows remote attackers to cause a denial of service (memory consumption or system crash) via a flood of packets.
CVE-2012-3173 5 Canonical, Debian, Mariadb and 2 more 8 Ubuntu Linux, Debian Linux, Mariadb and 5 more 2023-01-24 4.0 MEDIUM N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin.
CVE-2020-15701 1 Canonical 2 Apport, Ubuntu Linux 2023-01-23 2.1 LOW 5.5 MEDIUM
An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.16, 2.20.11-0ubuntu27.6.
CVE-2020-14350 4 Canonical, Debian, Opensuse and 1 more 4 Ubuntu Linux, Debian Linux, Leap and 1 more 2023-01-23 4.4 MEDIUM 7.3 HIGH
It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23.
CVE-2019-18860 4 Canonical, Debian, Opensuse and 1 more 4 Ubuntu Linux, Debian Linux, Leap and 1 more 2023-01-23 4.3 MEDIUM 6.1 MEDIUM
Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.
CVE-2019-20382 4 Canonical, Debian, Opensuse and 1 more 4 Ubuntu Linux, Debian Linux, Leap and 1 more 2023-01-23 2.7 LOW 3.5 LOW
QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.
CVE-2013-7490 2 Canonical, Perl 2 Ubuntu Linux, Dbi 2023-01-23 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption.
CVE-2020-5313 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2023-01-23 5.8 MEDIUM 7.1 HIGH
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.
CVE-2020-5310 3 Canonical, Fedoraproject, Python 3 Ubuntu Linux, Fedora, Pillow 2023-01-23 6.8 MEDIUM 8.8 HIGH
libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.
CVE-2019-20096 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2023-01-20 4.9 MEDIUM 5.5 MEDIUM
In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b.
CVE-2020-15890 3 Canonical, Debian, Luajit 3 Ubuntu Linux, Debian Linux, Luajit 2023-01-20 5.0 MEDIUM 7.5 HIGH
LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame traversal is mishandled.