Vulnerabilities (CVE)

Filtered by vendor Canonical Subscribe
Total 3072 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-3491 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2021-09-14 7.2 HIGH 8.8 HIGH
The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT limit to be bypassed in the PROVIDE_BUFFERS operation, which led to negative values being usedin mem_rw when reading /proc/<PID>/mem. This could be used to create a heap overflow leading to arbitrary code execution in the kernel. It was addressed via commit d1f82808877b ("io_uring: truncate lengths larger than MAX_RW_COUNT on provide buffers") (v5.13-rc1) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced in ddf0322db79c ("io_uring: add IORING_OP_PROVIDE_BUFFERS") (v5.7-rc1).
CVE-2021-3489 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2021-09-14 7.2 HIGH 7.8 HIGH
The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee ("bpf, ringbuf: Deny reserve of buffers larger than ringbuf") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced via 457f44363a88 ("bpf: Implement BPF ring buffer and verifier support for it") (v5.8-rc1).
CVE-2016-10708 4 Canonical, Debian, Netapp and 1 more 12 Ubuntu Linux, Debian Linux, Cloud Backup and 9 more 2021-09-14 5.0 MEDIUM 7.5 HIGH
sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.
CVE-2019-20421 3 Canonical, Debian, Exiv2 3 Ubuntu Linux, Debian Linux, Exiv2 2021-09-14 7.8 HIGH 7.5 HIGH
In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.
CVE-2019-20445 6 Apache, Canonical, Debian and 3 more 8 Spark, Ubuntu Linux, Debian Linux and 5 more 2021-09-14 6.4 MEDIUM 9.1 CRITICAL
HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.
CVE-2019-20444 5 Canonical, Debian, Fedoraproject and 2 more 7 Ubuntu Linux, Debian Linux, Fedora and 4 more 2021-09-14 6.4 MEDIUM 9.1 CRITICAL
HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."
CVE-2019-12900 5 Bzip, Canonical, Debian and 2 more 5 Bzip2, Ubuntu Linux, Debian Linux and 2 more 2021-09-14 7.5 HIGH 9.8 CRITICAL
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
CVE-2019-18218 6 Canonical, Debian, Fedoraproject and 3 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2021-09-14 7.5 HIGH 9.8 CRITICAL
cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).
CVE-2019-17571 6 Apache, Canonical, Debian and 3 more 15 Log4j, Ubuntu Linux, Debian Linux and 12 more 2021-09-14 7.5 HIGH 9.8 CRITICAL
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.
CVE-2020-11937 1 Canonical 2 Ubuntu Linux, Whoopsie 2021-09-13 2.1 LOW 5.5 MEDIUM
In whoopsie, parse_report() from whoopsie.c allows a local attacker to cause a denial of service via a crafted file. The DoS is caused by resource exhaustion due to a memory leak. Fixed in 0.2.52.5ubuntu0.5, 0.2.62ubuntu0.5 and 0.2.69ubuntu0.1.
CVE-2020-15707 8 Canonical, Debian, Gnu and 5 more 15 Ubuntu Linux, Debian Linux, Grub2 and 12 more 2021-09-13 4.4 MEDIUM 6.4 MEDIUM
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.
CVE-2019-7305 3 Canonical, Debian, Extplorer 3 Ubuntu Linux, Debian Linux, Extplorer 2021-09-13 7.5 HIGH 9.8 CRITICAL
Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system directories world-accessible over HTTP. Introduced in the Makefile patch file debian/patches/debian-changes-2.1.0b6+dfsg-1 or debian/patches/adds-a-makefile.patch, this can lead to data leakage, information disclosure and potentially remote code execution on the web server. This issue affects all versions of eXtplorer in Ubuntu and Debian
CVE-2013-0256 2 Canonical, Ruby-lang 3 Ubuntu Linux, Rdoc, Ruby 2021-09-09 4.3 MEDIUM N/A
darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.
CVE-2019-10092 8 Apache, Canonical, Debian and 5 more 10 Http Server, Ubuntu Linux, Debian Linux and 7 more 2021-09-09 4.3 MEDIUM 6.1 MEDIUM
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.
CVE-2015-1212 7 Apple, Canonical, Google and 4 more 11 Macos, Ubuntu Linux, Chrome and 8 more 2021-09-08 7.5 HIGH N/A
Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2015-1211 7 Apple, Canonical, Google and 4 more 11 Macos, Ubuntu Linux, Chrome and 8 more 2021-09-08 7.5 HIGH N/A
The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme during a ServiceWorker registration, which allows remote attackers to gain privileges via a filesystem: URI.
CVE-2015-1210 7 Apple, Canonical, Google and 4 more 11 Macos, Ubuntu Linux, Chrome and 8 more 2021-09-08 5.0 MEDIUM N/A
The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the throwing of an exception, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
CVE-2015-1209 7 Apple, Canonical, Google and 4 more 11 Macos, Ubuntu Linux, Chrome and 8 more 2021-09-08 7.5 HIGH N/A
Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper handling of a shadow-root anchor.
CVE-2013-0894 7 Apple, Canonical, Ffmpeg and 4 more 7 Macos, Ubuntu Linux, Ffmpeg and 4 more 2021-09-08 7.5 HIGH N/A
Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds array access) or possibly have unspecified other impact via vectors involving a zero value for a bark map size.
CVE-2013-7423 4 Canonical, Gnu, Opensuse and 1 more 4 Ubuntu Linux, Glibc, Opensuse and 1 more 2021-09-01 5.0 MEDIUM N/A
The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.