Vulnerabilities (CVE)

Filtered by vendor Canonical Subscribe
Total 4182 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-16532 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2024-07-17 7.2 HIGH 6.6 MEDIUM
The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE-2015-2925 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2024-07-17 6.9 MEDIUM N/A
The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack."
CVE-2024-6387 9 Amazon, Canonical, Debian and 6 more 20 Linux 2023, Ubuntu Linux, Debian Linux and 17 more 2024-07-17 N/A 8.1 HIGH
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
CVE-2017-12617 6 Apache, Canonical, Debian and 3 more 58 Tomcat, Ubuntu Linux, Debian Linux and 55 more 2024-07-16 6.8 MEDIUM 8.1 HIGH
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
CVE-2010-4344 4 Canonical, Debian, Exim and 1 more 4 Ubuntu Linux, Debian Linux, Exim and 1 more 2024-07-16 9.3 HIGH 9.8 CRITICAL
Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
CVE-2010-4345 4 Canonical, Debian, Exim and 1 more 4 Ubuntu Linux, Debian Linux, Exim and 1 more 2024-07-16 6.9 MEDIUM 7.8 HIGH
Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
CVE-2019-11043 6 Canonical, Debian, Fedoraproject and 3 more 23 Ubuntu Linux, Debian Linux, Fedora and 20 more 2024-07-16 7.5 HIGH 9.8 CRITICAL
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
CVE-2015-2590 6 Canonical, Debian, Opensuse and 3 more 21 Ubuntu Linux, Debian Linux, Opensuse and 18 more 2024-07-16 10.0 HIGH 9.8 CRITICAL
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732.
CVE-2020-7247 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2024-07-16 10.0 HIGH 9.8 CRITICAL
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
CVE-2013-1675 5 Canonical, Debian, Mozilla and 2 more 19 Ubuntu Linux, Debian Linux, Firefox and 16 more 2024-07-16 4.3 MEDIUM 6.5 MEDIUM
Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.
CVE-2013-1690 6 Canonical, Debian, Mozilla and 3 more 16 Ubuntu Linux, Debian Linux, Firefox and 13 more 2024-07-09 9.3 HIGH 8.8 HIGH
Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location.
CVE-2022-28657 2 Apport Project, Canonical 2 Apport, Ubuntu Linux 2024-07-03 N/A 7.8 HIGH
Apport does not disable python crash handler before entering chroot
CVE-2018-4233 3 Apple, Canonical, Microsoft 8 Icloud, Iphone Os, Itunes and 5 more 2024-07-03 6.8 MEDIUM 8.8 HIGH
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
CVE-2014-0160 13 Broadcom, Canonical, Debian and 10 more 35 Symantec Messaging Gateway, Ubuntu Linux, Debian Linux and 32 more 2024-07-02 5.0 MEDIUM 7.5 HIGH
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
CVE-2014-3153 6 Canonical, Linux, Opensuse and 3 more 9 Ubuntu Linux, Linux Kernel, Opensuse and 6 more 2024-07-02 7.2 HIGH 7.8 HIGH
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
CVE-2010-0840 3 Canonical, Opensuse, Oracle 3 Ubuntu Linux, Opensuse, Jre 2024-06-28 7.5 HIGH 9.8 CRITICAL
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) "a similar trust issue with interfaces," aka "Trusted Methods Chaining Remote Code Execution Vulnerability."
CVE-2015-4495 6 Canonical, Mozilla, Opensuse and 3 more 16 Ubuntu Linux, Firefox, Firefox Esr and 13 more 2024-06-28 4.3 MEDIUM 8.8 HIGH
The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.
CVE-2016-1646 6 Canonical, Debian, Google and 3 more 10 Ubuntu Linux, Debian Linux, Chrome and 7 more 2024-06-28 9.3 HIGH 8.8 HIGH
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code.
CVE-2021-4034 7 Canonical, Oracle, Polkit Project and 4 more 32 Ubuntu Linux, Http Server, Zfs Storage Appliance Kit and 29 more 2024-06-28 7.2 HIGH 7.8 HIGH
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
CVE-2021-3560 4 Canonical, Debian, Polkit Project and 1 more 7 Ubuntu Linux, Debian Linux, Polkit and 4 more 2024-06-27 7.2 HIGH 7.8 HIGH
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.