Filtered by vendor Canonical
Subscribe
Search
Total
3488 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4581 | 3 Canonical, Linux, Oracle | 3 Ubuntu Linux, Linux Kernel, Linux | 2019-12-27 | 4.9 MEDIUM | 5.5 MEDIUM |
| fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls. | |||||
| CVE-2016-3615 | 5 Canonical, Debian, Ibm and 2 more | 6 Ubuntu Linux, Debian Linux, Powerkvm and 3 more | 2019-12-27 | 4.3 MEDIUM | 5.3 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML. | |||||
| CVE-2019-16680 | 4 Canonical, Debian, Gnome and 1 more | 4 Ubuntu Linux, Debian Linux, File-roller and 1 more | 2019-12-20 | 2.6 LOW | 4.3 MEDIUM |
| An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction. | |||||
| CVE-2018-6767 | 3 Canonical, Debian, Wavpack | 3 Ubuntu Linux, Debian Linux, Wavpack | 2019-12-20 | 6.8 MEDIUM | 7.8 HIGH |
| A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file. | |||||
| CVE-2018-7253 | 3 Canonical, Debian, Wavpack | 3 Ubuntu Linux, Debian Linux, Wavpack | 2019-12-20 | 6.8 MEDIUM | 7.8 HIGH |
| The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file. | |||||
| CVE-2016-6352 | 3 Canonical, Gnome, Opensuse | 4 Ubuntu Linux, Gdk-pixbuf, Leap and 1 more | 2019-12-19 | 5.0 MEDIUM | 7.5 HIGH |
| The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file. | |||||
| CVE-2008-4098 | 4 Canonical, Debian, Mysql and 1 more | 4 Ubuntu Linux, Debian Linux, Mysql and 1 more | 2019-12-17 | 4.6 MEDIUM | N/A |
| MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097. | |||||
| CVE-2008-0226 | 6 Apple, Canonical, Debian and 3 more | 6 Mac Os X, Ubuntu Linux, Debian Linux and 3 more | 2019-12-17 | 7.5 HIGH | N/A |
| Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp. | |||||
| CVE-2012-2092 | 1 Canonical | 1 Ubuntu Cobbler | 2019-12-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| A Security Bypass vulnerability exists in Ubuntu Cobbler before 2,2,2 in the cobbler-ubuntu-import script due to an error when verifying the GPG signature. | |||||
| CVE-2013-3793 | 5 Canonical, Debian, Opensuse and 2 more | 8 Ubuntu Linux, Debian Linux, Opensuse and 5 more | 2019-12-17 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language. | |||||
| CVE-2013-3809 | 3 Canonical, Opensuse, Oracle | 7 Ubuntu Linux, Opensuse, Suse Linux Enterprise Desktop and 4 more | 2019-12-17 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log. | |||||
| CVE-2008-2079 | 4 Canonical, Debian, Mysql and 1 more | 4 Ubuntu Linux, Debian Linux, Mysql and 1 more | 2019-12-17 | 4.6 MEDIUM | N/A |
| MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future. | |||||
| CVE-2014-0420 | 3 Canonical, Oracle, Redhat | 6 Ubuntu Linux, Mysql, Solaris and 3 more | 2019-12-17 | 2.8 LOW | N/A |
| Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Replication. | |||||
| CVE-2013-3812 | 5 Canonical, Debian, Opensuse and 2 more | 8 Ubuntu Linux, Debian Linux, Opensuse and 5 more | 2019-12-17 | 3.5 LOW | N/A |
| Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication. | |||||
| CVE-2014-9636 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2019-12-16 | 5.0 MEDIUM | N/A |
| unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression. | |||||
| CVE-2015-7696 | 3 Canonical, Debian, Unzip Project | 3 Ubuntu Linux, Debian Linux, Unzip | 2019-12-16 | 6.8 MEDIUM | N/A |
| Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value. | |||||
| CVE-2015-7697 | 3 Canonical, Debian, Unzip Project | 3 Ubuntu Linux, Debian Linux, Unzip | 2019-12-16 | 4.3 MEDIUM | N/A |
| Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive. | |||||
| CVE-2015-3406 | 2 Canonical, Module-signature Project | 2 Ubuntu Linux, Module-signature | 2019-12-16 | 6.4 MEDIUM | 7.5 HIGH |
| The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors. | |||||
| CVE-2012-4428 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2019-12-16 | 5.0 MEDIUM | 7.5 HIGH |
| openslp: SLPIntersectStringList()' Function has a DoS vulnerability | |||||
| CVE-2012-6639 | 3 Canonical, Debian, Suse | 3 Cloud-init, Debian Linux, Linux Enterprise Server | 2019-12-05 | 9.0 HIGH | 8.8 HIGH |
| An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data. | |||||
| CVE-2019-3466 | 3 Canonical, Debian, Postgresql | 3 Ubuntu Linux, Debian Linux, Postgresql-common | 2019-12-03 | 7.2 HIGH | 7.8 HIGH |
| The pg_ctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation. | |||||
| CVE-2018-16151 | 3 Canonical, Debian, Strongswan | 3 Ubuntu Linux, Debian Linux, Strongswan | 2019-12-01 | 5.0 MEDIUM | 7.5 HIGH |
| In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in the same version of strongSwan regarding digestAlgorithm.parameters, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. | |||||
| CVE-2018-16152 | 3 Canonical, Debian, Strongswan | 3 Ubuntu Linux, Debian Linux, Strongswan | 2019-12-01 | 5.0 MEDIUM | 7.5 HIGH |
| In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. This is a variant of CVE-2006-4790 and CVE-2014-1568. | |||||
| CVE-2018-17540 | 3 Canonical, Debian, Strongswan | 3 Ubuntu Linux, Debian Linux, Strongswan | 2019-12-01 | 5.0 MEDIUM | 7.5 HIGH |
| The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate. | |||||
| CVE-2016-4355 | 2 Canonical, Libksba Project | 2 Ubuntu Linux, Libksba | 2019-11-29 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 allow remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow. | |||||
| CVE-2016-4354 | 2 Canonical, Libksba Project | 2 Ubuntu Linux, Libksba | 2019-11-29 | 5.0 MEDIUM | 7.5 HIGH |
| ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow. | |||||
| CVE-2016-4353 | 2 Canonical, Libksba Project | 2 Ubuntu Linux, Libksba | 2019-11-29 | 5.0 MEDIUM | 7.5 HIGH |
| ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service (abort) via crafted BER data. | |||||
| CVE-2016-4574 | 3 Canonical, Libksba Project, Opensuse | 4 Ubuntu Linux, Libksba, Leap and 1 more | 2019-11-29 | 5.0 MEDIUM | 7.5 HIGH |
| Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-4356. | |||||
| CVE-2016-4579 | 3 Canonical, Libksba Project, Opensuse | 3 Ubuntu Linux, Libksba, Leap | 2019-11-29 | 5.0 MEDIUM | 7.5 HIGH |
| Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl." | |||||
| CVE-2016-4356 | 2 Canonical, Libksba Project | 2 Ubuntu Linux, Libksba | 2019-11-29 | 5.0 MEDIUM | 7.5 HIGH |
| The append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.3 allows remote attackers to cause a denial of service (out-of-bounds read) by clearing the high bit of the byte after invalid utf-8 encoded data. | |||||
| CVE-2019-15098 | 4 Canonical, Linux, Netapp and 1 more | 7 Ubuntu Linux, Linux Kernel, Active Iq Performance Analytics Services and 4 more | 2019-11-25 | 4.9 MEDIUM | 4.6 MEDIUM |
| drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. | |||||
| CVE-2012-3543 | 3 Canonical, Debian, Mono-project | 3 Ubuntu Linux, Debian Linux, Mono | 2019-11-22 | 5.0 MEDIUM | 7.5 HIGH |
| mono 2.10.x ASP.NET Web Form Hash collision DoS | |||||
| CVE-2015-1607 | 2 Canonical, Gnupg | 2 Ubuntu Linux, Gnupg | 2019-11-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and "memcpy with overlapping ranges." | |||||
| CVE-2015-3167 | 3 Canonical, Debian, Postgresql | 3 Ubuntu Linux, Debian Linux, Postgresql | 2019-11-22 | 5.0 MEDIUM | 7.5 HIGH |
| contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack. | |||||
| CVE-2015-3166 | 3 Canonical, Debian, Postgresql | 3 Ubuntu Linux, Debian Linux, Postgresql | 2019-11-22 | 7.5 HIGH | 9.8 CRITICAL |
| The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error. | |||||
| CVE-2013-1429 | 2 Canonical, Debian | 3 Ubuntu Linux, Debian Linux, Lintian | 2019-11-14 | 4.3 MEDIUM | 6.3 MEDIUM |
| Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using crafted symlinks. | |||||
| CVE-2017-5333 | 5 Canonical, Debian, Icoutils Project and 2 more | 11 Ubuntu Linux, Debian Linux, Icoutils and 8 more | 2019-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file. | |||||
| CVE-2019-17134 | 2 Canonical, Opendev | 2 Ubuntu Linux, Octavia | 2019-11-06 | 6.4 MEDIUM | 9.1 CRITICAL |
| Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the cmd/agent.py gunicorn cert_reqs option is True but is supposed to be ssl.CERT_REQUIRED. | |||||
| CVE-2017-5332 | 5 Canonical, Debian, Icoutils Project and 2 more | 11 Ubuntu Linux, Debian Linux, Icoutils and 8 more | 2019-11-06 | 6.8 MEDIUM | 7.8 HIGH |
| The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. | |||||
| CVE-2019-17266 | 2 Canonical, Gnome | 2 Ubuntu Linux, Libsoup | 2019-11-06 | 7.5 HIGH | 9.8 CRITICAL |
| libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy. | |||||
| CVE-2018-19854 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2019-11-06 | 1.9 LOW | 4.7 MEDIUM |
| An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker does not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option). | |||||
| CVE-2019-6706 | 2 Canonical, Lua | 2 Ubuntu Linux, Lua | 2019-11-06 | 5.0 MEDIUM | 7.5 HIGH |
| Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships. | |||||
| CVE-2018-1000878 | 6 Canonical, Debian, Fedoraproject and 3 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2019-11-06 | 6.8 MEDIUM | 8.8 HIGH |
| libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive. | |||||
| CVE-2018-1000877 | 5 Canonical, Debian, Fedoraproject and 2 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2019-11-06 | 6.8 MEDIUM | 8.8 HIGH |
| libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted RAR archive. | |||||
| CVE-2019-1000019 | 6 Canonical, Debian, Fedoraproject and 3 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2019-11-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file. | |||||
| CVE-2018-18284 | 5 Artifex, Canonical, Debian and 2 more | 11 Ghostscript, Gpl Ghostscript, Ubuntu Linux and 8 more | 2019-11-05 | 6.8 MEDIUM | 8.6 HIGH |
| Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. | |||||
| CVE-2018-15910 | 5 Artifex, Canonical, Debian and 2 more | 9 Ghostscript, Gpl Ghostscript, Ubuntu Linux and 6 more | 2019-11-05 | 6.8 MEDIUM | 7.8 HIGH |
| In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code. | |||||
| CVE-2018-16513 | 4 Artifex, Canonical, Debian and 1 more | 5 Ghostscript, Gpl Ghostscript, Ubuntu Linux and 2 more | 2019-11-05 | 6.8 MEDIUM | 7.8 HIGH |
| In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact. | |||||
| CVE-2017-5331 | 4 Canonical, Debian, Icoutils Project and 1 more | 5 Ubuntu Linux, Debian Linux, Icoutils and 2 more | 2019-11-05 | 4.6 MEDIUM | 7.8 HIGH |
| Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. | |||||
| CVE-2019-18408 | 4 Canonical, Debian, Libarchive and 1 more | 4 Ubuntu Linux, Debian Linux, Libarchive and 1 more | 2019-11-01 | 5.0 MEDIUM | 7.5 HIGH |
| archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol. | |||||