Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Canonical Subscribe
Total 4021 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-15306 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2022-09-02 2.1 LOW 5.5 MEDIUM
An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp.
CVE-2020-11099 4 Canonical, Fedoraproject, Freerdp and 1 more 4 Ubuntu Linux, Fedora, Freerdp and 1 more 2022-09-02 6.4 MEDIUM 6.5 MEDIUM
In FreeRDP before version 2.1.2, there is an out of bounds read in license_read_new_or_upgrade_license_packet. A manipulated license packet can lead to out of bound reads to an internal buffer. This is fixed in version 2.1.2.
CVE-2020-15305 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2022-09-02 2.1 LOW 5.5 MEDIUM
An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp.
CVE-2020-10723 5 Canonical, Dpdk, Fedoraproject and 2 more 6 Ubuntu Linux, Data Plane Development Kit, Fedora and 3 more 2022-09-02 4.6 MEDIUM 6.7 MEDIUM
A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption.
CVE-2020-10722 5 Canonical, Dpdk, Fedoraproject and 2 more 6 Ubuntu Linux, Data Plane Development Kit, Fedora and 3 more 2022-09-02 4.6 MEDIUM 6.7 MEDIUM
A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption.
CVE-2020-13254 6 Canonical, Debian, Djangoproject and 3 more 7 Ubuntu Linux, Debian Linux, Django and 4 more 2022-09-02 4.3 MEDIUM 5.9 MEDIUM
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.
CVE-2020-13596 6 Canonical, Debian, Djangoproject and 3 more 7 Ubuntu Linux, Debian Linux, Django and 4 more 2022-09-02 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.
CVE-2018-1050 4 Canonical, Debian, Redhat and 1 more 6 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 3 more 2022-09-01 3.3 LOW 4.3 MEDIUM
All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.
CVE-2013-4475 3 Canonical, Debian, Samba 3 Ubuntu Linux, Debian Linux, Samba 2022-09-01 4.0 MEDIUM N/A
Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream (ADS).
CVE-2012-6150 2 Canonical, Samba 2 Ubuntu Linux, Samba 2022-09-01 3.6 LOW N/A
The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake.
CVE-2010-3436 2 Canonical, Php 2 Ubuntu Linux, Php 2022-09-01 5.0 MEDIUM N/A
fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass open_basedir restrictions via vectors related to the length of a filename.
CVE-2019-20807 6 Apple, Canonical, Debian and 3 more 7 Mac Os X, Ubuntu Linux, Debian Linux and 4 more 2022-09-01 4.6 MEDIUM 5.3 MEDIUM
In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).
CVE-2015-0382 7 Canonical, Debian, Fedoraproject and 4 more 17 Ubuntu Linux, Debian Linux, Fedora and 14 more 2022-08-30 4.3 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381.
CVE-2015-0381 7 Canonical, Debian, Fedoraproject and 4 more 17 Ubuntu Linux, Debian Linux, Fedora and 14 more 2022-08-30 4.3 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382.
CVE-2016-0642 7 Canonical, Debian, Mariadb and 4 more 17 Ubuntu Linux, Debian Linux, Mariadb and 14 more 2022-08-29 4.3 MEDIUM 4.7 MEDIUM
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.
CVE-2020-2812 7 Canonical, Debian, Fedoraproject and 4 more 10 Ubuntu Linux, Debian Linux, Fedora and 7 more 2022-08-29 4.0 MEDIUM 4.9 MEDIUM
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2015-0432 7 Canonical, Debian, Fedoraproject and 4 more 14 Ubuntu Linux, Debian Linux, Fedora and 11 more 2022-08-29 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.
CVE-2014-0412 5 Canonical, Debian, Mariadb and 2 more 10 Ubuntu Linux, Debian Linux, Mariadb and 7 more 2022-08-29 4.0 MEDIUM N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
CVE-2014-0402 5 Canonical, Debian, Mariadb and 2 more 10 Ubuntu Linux, Debian Linux, Mariadb and 7 more 2022-08-29 4.0 MEDIUM N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.
CVE-2012-3150 5 Canonical, Debian, Mariadb and 2 more 8 Ubuntu Linux, Debian Linux, Mariadb and 5 more 2022-08-29 4.0 MEDIUM N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.