Vulnerabilities (CVE)

Filtered by vendor Canonical Subscribe
Total 3072 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-7547 10 Canonical, Debian, F5 and 7 more 30 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 27 more 2021-09-01 6.8 MEDIUM 8.1 HIGH
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
CVE-2017-16544 5 Busybox, Canonical, Debian and 2 more 8 Busybox, Ubuntu Linux, Debian Linux and 5 more 2021-08-19 6.5 MEDIUM 8.8 HIGH
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.
CVE-2017-12629 4 Apache, Canonical, Debian and 1 more 5 Solr, Ubuntu Linux, Debian Linux and 2 more 2021-08-17 7.5 HIGH 9.8 CRITICAL
Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr.
CVE-2017-5715 7 Arm, Canonical, Debian and 4 more 221 Cortex-a, Ubuntu Linux, Debian Linux and 218 more 2021-08-16 1.9 LOW 5.6 MEDIUM
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
CVE-2018-3639 12 Arm, Canonical, Debian and 9 more 321 Cortex-a, Ubuntu Linux, Debian Linux and 318 more 2021-08-13 2.1 LOW 5.5 MEDIUM
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
CVE-2020-10753 5 Canonical, Fedoraproject, Linuxfoundation and 2 more 6 Ubuntu Linux, Fedora, Ceph and 3 more 2021-08-11 4.3 MEDIUM 6.5 MEDIUM
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue.
CVE-2018-16846 4 Canonical, Debian, Opensuse and 1 more 6 Ubuntu Linux, Debian Linux, Leap and 3 more 2021-08-11 4.0 MEDIUM 6.5 MEDIUM
It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices.
CVE-2020-3341 4 Canonical, Cisco, Debian and 1 more 4 Ubuntu Linux, Clam Antivirus, Debian Linux and 1 more 2021-08-06 5.0 MEDIUM 7.5 HIGH
A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.
CVE-2019-10192 4 Canonical, Debian, Redhat and 1 more 5 Ubuntu Linux, Debian Linux, Enterprise Linux and 2 more 2021-08-04 6.5 MEDIUM 7.2 HIGH
A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer.
CVE-2018-1059 3 Canonical, Dpdk, Redhat 9 Ubuntu Linux, Data Plane Development Kit, Ceph Storage and 6 more 2021-08-04 2.9 LOW 6.1 MEDIUM
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.
CVE-2017-7481 3 Canonical, Debian, Redhat 10 Ubuntu Linux, Debian Linux, Ansible Engine and 7 more 2021-08-04 7.5 HIGH 9.8 CRITICAL
Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated.
CVE-2016-4985 2 Canonical, Redhat 2 Openstack Ironic, Openstack 2021-08-04 5.0 MEDIUM 7.5 HIGH
The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the v1/drivers/$DRIVER_NAME/vendor_passthru resource.
CVE-2016-3710 7 Canonical, Citrix, Debian and 4 more 15 Ubuntu Linux, Xenserver, Debian Linux and 12 more 2021-08-04 7.2 HIGH 8.8 HIGH
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.
CVE-2018-11806 4 Canonical, Debian, Qemu and 1 more 12 Ubuntu Linux, Debian Linux, Qemu and 9 more 2021-08-04 7.2 HIGH 8.2 HIGH
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
CVE-2016-4020 4 Canonical, Debian, Qemu and 1 more 12 Ubuntu Linux, Debian Linux, Qemu and 9 more 2021-08-04 2.1 LOW 6.5 MEDIUM
The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).
CVE-2017-7980 4 Canonical, Debian, Qemu and 1 more 12 Ubuntu Linux, Debian Linux, Qemu and 9 more 2021-08-04 4.6 MEDIUM 7.8 HIGH
Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation.
CVE-2016-2857 4 Canonical, Debian, Qemu and 1 more 12 Ubuntu Linux, Debian Linux, Qemu and 9 more 2021-08-04 3.6 LOW 8.4 HIGH
The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.
CVE-2018-16876 4 Canonical, Debian, Redhat and 1 more 10 Ubuntu Linux, Debian Linux, Ansible and 7 more 2021-08-04 3.5 LOW 5.3 MEDIUM
ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.
CVE-2019-10193 4 Canonical, Debian, Redhat and 1 more 5 Ubuntu Linux, Debian Linux, Enterprise Linux and 2 more 2021-08-04 6.5 MEDIUM 7.2 HIGH
A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer.
CVE-2018-1000115 4 Canonical, Debian, Memcached and 1 more 4 Ubuntu Linux, Debian Linux, Memcached and 1 more 2021-08-04 5.0 MEDIUM 7.5 HIGH
Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default.