Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Canonical Subscribe
Total 4021 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-13625 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2023-01-20 5.0 MEDIUM 7.5 HIGH
PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message.
CVE-2019-18198 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2023-01-20 7.2 HIGH 7.8 HIGH
In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753.
CVE-2019-20811 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2023-01-20 2.1 LOW 5.5 MEDIUM
An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.
CVE-2020-12059 2 Canonical, Linuxfoundation 2 Ubuntu Linux, Ceph 2023-01-20 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception.
CVE-2020-7663 3 Canonical, Debian, Websocket-extensions Project 3 Ubuntu Linux, Debian Linux, Websocket-extensions 2023-01-20 5.0 MEDIUM 7.5 HIGH
websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header.
CVE-2019-15587 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2023-01-20 3.5 LOW 5.4 MEDIUM
In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.
CVE-2019-14497 3 Canonical, Debian, Milkytracker Project 3 Ubuntu Linux, Debian Linux, Milkytracker 2023-01-20 6.8 MEDIUM 7.8 HIGH
ModuleEditor::convertInstrument in tracker/ModuleEditor.cpp in MilkyTracker 1.02.00 has a heap-based buffer overflow.
CVE-2019-14496 3 Canonical, Debian, Milkytracker Project 3 Ubuntu Linux, Debian Linux, Milkytracker 2023-01-20 6.8 MEDIUM 7.8 HIGH
LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker 1.02.00 has a stack-based buffer overflow.
CVE-2019-14464 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2023-01-20 4.3 MEDIUM 5.5 MEDIUM
XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00 has a heap-based buffer overflow.
CVE-2018-20669 3 Canonical, Linux, Netapp 7 Ubuntu Linux, Linux Kernel, Cn1610 and 4 more 2023-01-20 7.2 HIGH 7.8 HIGH
An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation.
CVE-2018-18898 4 Bestpractical, Canonical, Debian and 1 more 4 Request Tracker, Ubuntu Linux, Debian Linux and 1 more 2023-01-20 5.0 MEDIUM 7.5 HIGH
The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing.
CVE-2019-9656 3 Canonical, Debian, Libofx Project 3 Ubuntu Linux, Debian Linux, Libofx 2023-01-20 6.8 MEDIUM 8.8 HIGH
An issue was discovered in LibOFX 0.9.14. There is a NULL pointer dereference in the function OFXApplication::startElement in the file lib/ofx_sgml.cpp, as demonstrated by ofxdump.
CVE-2018-9240 3 Canonical, Debian, Ncmpc Project 3 Ubuntu Linux, Debian Linux, Ncmpc 2023-01-20 5.0 MEDIUM 7.5 HIGH
ncmpc through 0.29 is prone to a NULL pointer dereference flaw. If a user uses the chat screen and another client sends a long chat message, a crash and denial of service could occur.
CVE-2017-6960 3 Apng2gif Project, Canonical, Debian 3 Apng2gif, Ubuntu Linux, Debian Linux 2023-01-20 5.0 MEDIUM 7.5 HIGH
An issue was discovered in apng2gif 1.7. There is an integer overflow resulting in a heap-based buffer over-read, related to the load_apng function and the imagesize variable.
CVE-2019-19044 4 Broadcom, Canonical, Linux and 1 more 17 Brocade Fabric Operating System Firmware, Ubuntu Linux, Linux Kernel and 14 more 2023-01-20 7.8 HIGH 7.5 HIGH
Two memory leaks in the v3d_submit_cl_ioctl() function in drivers/gpu/drm/v3d/v3d_gem.c in the Linux kernel before 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering kcalloc() or v3d_job_init() failures, aka CID-29cd13cfd762.
CVE-2019-18813 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2023-01-20 7.8 HIGH 7.5 HIGH
A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering platform_device_add_properties() failures, aka CID-9bbfceea12a8.
CVE-2017-11683 3 Canonical, Debian, Exiv2 3 Ubuntu Linux, Debian Linux, Exiv2 2023-01-19 4.3 MEDIUM 6.5 MEDIUM
There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.
CVE-2019-9517 12 Apache, Apple, Canonical and 9 more 25 Http Server, Traffic Server, Mac Os X and 22 more 2023-01-19 7.8 HIGH 7.5 HIGH
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.
CVE-2018-16850 3 Canonical, Postgresql, Redhat 3 Ubuntu Linux, Postgresql, Enterprise Linux 2023-01-19 7.5 HIGH 9.8 CRITICAL
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges.
CVE-2018-1058 3 Canonical, Postgresql, Redhat 3 Ubuntu Linux, Postgresql, Cloudforms 2023-01-19 6.5 MEDIUM 8.8 HIGH
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected.