Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Canonical Subscribe
Total 3106 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-1945 5 Apache, Canonical, Fedoraproject and 2 more 50 Ant, Ubuntu Linux, Fedora and 47 more 2021-12-03 3.3 LOW 6.3 MEDIUM
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.
CVE-2021-3493 1 Canonical 1 Ubuntu Linux 2021-12-03 7.2 HIGH 7.8 HIGH
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.
CVE-2020-8622 8 Canonical, Debian, Fedoraproject and 5 more 8 Ubuntu Linux, Debian Linux, Fedora and 5 more 2021-12-02 4.0 MEDIUM 6.5 MEDIUM
In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.
CVE-2020-9484 7 Apache, Canonical, Debian and 4 more 24 Tomcat, Ubuntu Linux, Debian Linux and 21 more 2021-12-02 4.4 MEDIUM 7.0 HIGH
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.
CVE-2020-7065 4 Canonical, Debian, Php and 1 more 4 Ubuntu Linux, Debian Linux, Php and 1 more 2021-12-02 6.8 MEDIUM 8.8 HIGH
In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.
CVE-2020-7070 7 Canonical, Debian, Fedoraproject and 4 more 7 Ubuntu Linux, Debian Linux, Fedora and 4 more 2021-12-02 5.0 MEDIUM 5.3 MEDIUM
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information.
CVE-2020-7069 8 Canonical, Debian, Fedoraproject and 5 more 8 Ubuntu Linux, Debian Linux, Fedora and 5 more 2021-12-02 6.4 MEDIUM 6.5 MEDIUM
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.
CVE-2021-3444 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2021-12-02 4.6 MEDIUM 7.8 HIGH
The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 ("bpf: Fix truncation handling for mod32 dst reg wrt zero") and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101.
CVE-2020-12108 5 Canonical, Debian, Fedoraproject and 2 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2021-12-02 4.3 MEDIUM 6.5 MEDIUM
/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection.
CVE-2018-5764 3 Canonical, Debian, Samba 3 Ubuntu Linux, Debian Linux, Rsync 2021-11-30 5.0 MEDIUM 7.5 HIGH
The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.
CVE-2020-15011 3 Canonical, Debian, Gnu 3 Ubuntu Linux, Debian Linux, Mailman 2021-11-30 2.6 LOW 4.3 MEDIUM
GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page.
CVE-2018-16402 5 Canonical, Debian, Elfutils Project and 2 more 7 Ubuntu Linux, Debian Linux, Elfutils and 4 more 2021-11-30 7.5 HIGH 9.8 CRITICAL
libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.
CVE-2018-18310 5 Canonical, Debian, Elfutils Project and 2 more 7 Ubuntu Linux, Debian Linux, Elfutils and 4 more 2021-11-30 4.3 MEDIUM 5.5 MEDIUM
An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.
CVE-2018-18520 5 Canonical, Debian, Elfutils Project and 2 more 7 Ubuntu Linux, Debian Linux, Elfutils and 4 more 2021-11-30 4.3 MEDIUM 6.5 MEDIUM
An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.
CVE-2018-18521 5 Canonical, Debian, Elfutils Project and 2 more 7 Ubuntu Linux, Debian Linux, Elfutils and 4 more 2021-11-30 4.3 MEDIUM 5.5 MEDIUM
Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.
CVE-2018-16062 5 Canonical, Debian, Elfutils Project and 2 more 7 Ubuntu Linux, Debian Linux, Elfutils and 4 more 2021-11-30 4.3 MEDIUM 5.5 MEDIUM
dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.
CVE-2019-7636 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2021-11-30 5.8 MEDIUM 8.1 HIGH
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.
CVE-2019-7635 5 Canonical, Debian, Fedoraproject and 2 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2021-11-30 5.8 MEDIUM 8.1 HIGH
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.
CVE-2019-7665 5 Canonical, Debian, Elfutils Project and 2 more 11 Ubuntu Linux, Debian Linux, Elfutils and 8 more 2021-11-30 4.3 MEDIUM 5.5 MEDIUM
In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.
CVE-2019-7578 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2021-11-30 5.8 MEDIUM 8.1 HIGH
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.