Vulnerabilities (CVE)

Filtered by vendor Canonical Subscribe
Total 3079 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-7317 3 Canonical, Debian, Libpng 3 Ubuntu Linux, Debian Linux, Libpng 2021-10-20 2.6 LOW 5.3 MEDIUM
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
CVE-2020-1968 4 Canonical, Debian, Openssl and 1 more 4 Ubuntu Linux, Debian Linux, Openssl and 1 more 2021-10-20 4.3 MEDIUM 3.7 LOW
The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v).
CVE-2018-20843 6 Canonical, Debian, Fedoraproject and 3 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2021-10-20 7.8 HIGH 7.5 HIGH
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).
CVE-2020-7595 7 Canonical, Debian, Fedoraproject and 4 more 27 Ubuntu Linux, Debian Linux, Fedora and 24 more 2021-10-20 5.0 MEDIUM 7.5 HIGH
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
CVE-2020-10683 5 Canonical, Dom4j Project, Netapp and 2 more 34 Ubuntu Linux, Dom4j, Oncommand Api Services and 31 more 2021-10-20 7.5 HIGH 9.8 CRITICAL
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.
CVE-2020-1945 3 Apache, Canonical, Fedoraproject 3 Ant, Ubuntu Linux, Fedora 2021-10-20 3.3 LOW 6.3 MEDIUM
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.
CVE-2020-7065 3 Canonical, Debian, Php 3 Ubuntu Linux, Debian Linux, Php 2021-10-20 6.8 MEDIUM 8.8 HIGH
In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.
CVE-2020-7069 6 Canonical, Debian, Fedoraproject and 3 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2021-10-20 6.4 MEDIUM 6.5 MEDIUM
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.
CVE-2020-7070 6 Canonical, Debian, Fedoraproject and 3 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2021-10-20 5.0 MEDIUM 5.3 MEDIUM
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information.
CVE-2020-9484 7 Apache, Canonical, Debian and 4 more 20 Tomcat, Ubuntu Linux, Debian Linux and 17 more 2021-10-20 4.4 MEDIUM 7.0 HIGH
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.
CVE-2020-10724 3 Canonical, Dpdk, Fedoraproject 3 Ubuntu Linux, Data Plane Development Kit, Fedora 2021-10-19 2.1 LOW 4.4 MEDIUM
A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read.
CVE-2020-14392 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2021-10-19 2.1 LOW 5.5 MEDIUM
An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability.
CVE-2020-14311 4 Canonical, Gnu, Opensuse and 1 more 7 Ubuntu Linux, Grub2, Leap and 4 more 2021-10-19 3.6 LOW 6.0 MEDIUM
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.
CVE-2020-14310 4 Canonical, Gnu, Opensuse and 1 more 7 Ubuntu Linux, Grub2, Leap and 4 more 2021-10-19 3.6 LOW 6.0 MEDIUM
There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow.
CVE-2016-1576 2 Canonical, Linux 4 Ubuntu Core, Ubuntu Linux, Ubuntu Touch and 1 more 2021-10-18 7.2 HIGH 7.8 HIGH
The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.
CVE-2016-1575 2 Canonical, Linux 4 Ubuntu Core, Ubuntu Linux, Ubuntu Touch and 1 more 2021-10-18 7.2 HIGH 7.8 HIGH
The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.
CVE-2019-17571 6 Apache, Canonical, Debian and 3 more 15 Log4j, Ubuntu Linux, Debian Linux and 12 more 2021-10-18 7.5 HIGH 9.8 CRITICAL
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.
CVE-2020-16119 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2021-10-16 4.6 MEDIUM 7.8 HIGH
Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196.
CVE-2021-3710 1 Canonical 2 Apport, Ubuntu Linux 2021-10-08 4.7 MEDIUM 5.5 MEDIUM
An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;
CVE-2021-3709 1 Canonical 2 Apport, Ubuntu Linux 2021-10-08 2.1 LOW 5.5 MEDIUM
Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;