Vulnerabilities (CVE)

Filtered by vendor Canonical Subscribe
Total 3772 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-14870 3 Canonical, Fedoraproject, Samba 3 Ubuntu Linux, Fedora, Samba 2022-11-26 6.4 MEDIUM 5.4 MEDIUM
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. In AD this is implemented by a user attribute delegation_not_allowed (aka not-delegated), which translates to disallow-forwardable. However the Samba AD DC does not do that for S4U2Self and does set the forwardable flag even if the impersonated client has the not-delegated flag set.
CVE-2019-19221 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2022-11-22 2.1 LOW 5.5 MEDIUM
In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive.
CVE-2020-1968 5 Canonical, Debian, Fujitsu and 2 more 25 Ubuntu Linux, Debian Linux, M10-1 and 22 more 2022-11-21 4.3 MEDIUM 3.7 LOW
The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v).
CVE-2020-25641 5 Canonical, Debian, Linux and 2 more 5 Ubuntu Linux, Debian Linux, Linux Kernel and 2 more 2022-11-21 4.9 MEDIUM 5.5 MEDIUM
A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2020-14355 5 Canonical, Debian, Opensuse and 2 more 10 Ubuntu Linux, Debian Linux, Leap and 7 more 2022-11-21 6.5 MEDIUM 6.6 MEDIUM
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution.
CVE-2020-12866 3 Canonical, Opensuse, Sane-project 3 Ubuntu Linux, Leap, Sane Backends 2022-11-21 2.7 LOW 5.7 MEDIUM
A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079.
CVE-2020-12861 3 Canonical, Opensuse, Sane-project 3 Ubuntu Linux, Leap, Sane Backends 2022-11-21 7.9 HIGH 8.8 HIGH
A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080.
CVE-2020-14356 6 Canonical, Debian, Linux and 3 more 11 Ubuntu Linux, Debian Linux, Linux Kernel and 8 more 2022-11-18 7.2 HIGH 7.8 HIGH
A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system.
CVE-2019-15505 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2022-11-16 10.0 HIGH 9.8 CRITICAL
drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir).
CVE-2020-14364 6 Canonical, Debian, Fedoraproject and 3 more 7 Ubuntu Linux, Debian Linux, Fedora and 4 more 2022-11-16 4.4 MEDIUM 5.0 MEDIUM
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.
CVE-2020-7729 3 Canonical, Debian, Gruntjs 3 Ubuntu Linux, Debian Linux, Grunt 2022-11-16 4.6 MEDIUM 7.1 HIGH
The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.
CVE-2020-15706 7 Canonical, Debian, Gnu and 4 more 14 Ubuntu Linux, Debian Linux, Grub2 and 11 more 2022-11-16 4.4 MEDIUM 6.4 MEDIUM
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.
CVE-2020-12867 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2022-11-16 2.1 LOW 5.5 MEDIUM
A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075.
CVE-2020-10761 4 Canonical, Opensuse, Qemu and 1 more 4 Ubuntu Linux, Leap, Qemu and 1 more 2022-11-16 4.0 MEDIUM 5.0 MEDIUM
An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service.
CVE-2020-13659 4 Canonical, Debian, Opensuse and 1 more 4 Ubuntu Linux, Debian Linux, Leap and 1 more 2022-11-16 1.9 LOW 2.5 LOW
address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer.
CVE-2020-12783 4 Canonical, Debian, Exim and 1 more 4 Ubuntu Linux, Debian Linux, Exim and 1 more 2022-11-16 5.0 MEDIUM 7.5 HIGH
Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c.
CVE-2020-12137 5 Canonical, Debian, Fedoraproject and 2 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2022-11-16 4.3 MEDIUM 6.1 MEDIUM
GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code.
CVE-2019-14907 6 Canonical, Debian, Fedoraproject and 3 more 10 Ubuntu Linux, Debian Linux, Fedora and 7 more 2022-11-16 2.6 LOW 6.5 MEDIUM
All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).
CVE-2019-17026 2 Canonical, Mozilla 4 Ubuntu Linux, Firefox, Firefox Esr and 1 more 2022-11-16 6.8 MEDIUM 8.8 HIGH
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1.
CVE-2014-0160 10 Canonical, Debian, Fedoraproject and 7 more 31 Ubuntu Linux, Debian Linux, Fedora and 28 more 2022-11-15 5.0 MEDIUM 7.5 HIGH
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.