Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Canonical Subscribe
Total 4021 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-10683 5 Canonical, Dom4j Project, Netapp and 2 more 38 Ubuntu Linux, Dom4j, Oncommand Api Services and 35 more 2022-07-25 7.5 HIGH 9.8 CRITICAL
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.
CVE-2019-0220 5 Apache, Canonical, Debian and 2 more 5 Http Server, Ubuntu Linux, Debian Linux and 2 more 2022-07-25 5.0 MEDIUM 5.3 MEDIUM
A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.
CVE-2007-0455 5 Canonical, Fedoraproject, Gd Graphics Library Project and 2 more 7 Ubuntu Linux, Fedora, Gd Graphics Library and 4 more 2022-07-21 7.5 HIGH N/A
Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font.
CVE-2007-1887 3 Canonical, Debian, Php 3 Ubuntu Linux, Debian Linux, Php 2022-07-21 7.5 HIGH N/A
Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by calling the sqlite_udf_decode_binary function with a 0x01 character.
CVE-2016-3074 6 Canonical, Debian, Fedoraproject and 3 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2022-07-20 7.5 HIGH 9.8 CRITICAL
Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.
CVE-2019-13224 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2022-07-20 7.5 HIGH 9.8 CRITICAL
A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.
CVE-2015-8866 4 Canonical, Opensuse, Php and 1 more 6 Ubuntu Linux, Leap, Opensuse and 3 more 2022-07-20 6.8 MEDIUM 9.6 CRITICAL
ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161.
CVE-2012-5612 4 Canonical, Mariadb, Oracle and 1 more 6 Ubuntu Linux, Mariadb, Mysql and 3 more 2022-07-20 6.5 MEDIUM N/A
Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands.
CVE-2006-4482 3 Canonical, Debian, Php 3 Ubuntu Linux, Debian Linux, Php 2022-07-19 9.3 HIGH N/A
Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990.
CVE-2018-2755 6 Canonical, Debian, Mariadb and 3 more 15 Ubuntu Linux, Debian Linux, Mariadb and 12 more 2022-07-19 3.7 LOW 7.7 HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
CVE-2015-0501 7 Canonical, Debian, Juniper and 4 more 14 Ubuntu Linux, Debian Linux, Junos Space and 11 more 2022-07-19 5.7 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.
CVE-2018-2766 5 Canonical, Debian, Mariadb and 2 more 8 Ubuntu Linux, Debian Linux, Mariadb and 5 more 2022-07-19 6.8 MEDIUM 4.9 MEDIUM
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2013-0375 4 Canonical, Mariadb, Oracle and 1 more 7 Ubuntu Linux, Mariadb, Mysql and 4 more 2022-07-19 5.5 MEDIUM 5.4 MEDIUM
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.
CVE-2018-3060 4 Canonical, Mariadb, Netapp and 1 more 7 Ubuntu Linux, Mariadb, Oncommand Insight and 4 more 2022-07-19 5.5 MEDIUM 6.5 MEDIUM
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).
CVE-2020-11097 4 Canonical, Fedoraproject, Freerdp and 1 more 4 Ubuntu Linux, Fedora, Freerdp and 1 more 2022-07-19 5.5 MEDIUM 5.4 MEDIUM
In FreeRDP before version 2.1.2, an out of bounds read occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2.
CVE-2020-11096 4 Canonical, Fedoraproject, Freerdp and 1 more 4 Ubuntu Linux, Fedora, Freerdp and 1 more 2022-07-19 6.4 MEDIUM 6.5 MEDIUM
In FreeRDP before version 2.1.2, there is a global OOB read in update_read_cache_bitmap_v3_order. As a workaround, one can disable bitmap cache with -bitmap-cache (default). This is fixed in version 2.1.2.
CVE-2020-11095 4 Canonical, Fedoraproject, Freerdp and 1 more 4 Ubuntu Linux, Fedora, Freerdp and 1 more 2022-07-19 5.5 MEDIUM 5.4 MEDIUM
In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2.
CVE-2020-11098 4 Canonical, Fedoraproject, Freerdp and 1 more 4 Ubuntu Linux, Fedora, Freerdp and 1 more 2022-07-19 5.8 MEDIUM 6.5 MEDIUM
In FreeRDP before version 2.1.2, there is an out-of-bound read in glyph_cache_put. This affects all FreeRDP clients with `+glyph-cache` option enabled This is fixed in version 2.1.2.
CVE-2018-3064 5 Canonical, Debian, Mariadb and 2 more 8 Ubuntu Linux, Debian Linux, Mariadb and 5 more 2022-07-18 5.5 MEDIUM 7.1 HIGH
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).
CVE-2013-0385 4 Canonical, Mariadb, Oracle and 1 more 7 Ubuntu Linux, Mariadb, Mysql and 4 more 2022-07-18 6.6 MEDIUM N/A
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.