Vulnerabilities (CVE)

Filtered by vendor Canonical Subscribe
Total 3072 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-7481 3 Canonical, Debian, Redhat 10 Ubuntu Linux, Debian Linux, Ansible Engine and 7 more 2021-08-04 7.5 HIGH 9.8 CRITICAL
Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated.
CVE-2018-16876 4 Canonical, Debian, Redhat and 1 more 10 Ubuntu Linux, Debian Linux, Ansible and 7 more 2021-08-04 3.5 LOW 5.3 MEDIUM
ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.
CVE-2020-10756 5 Canonical, Debian, Libslirp Project and 2 more 6 Ubuntu Linux, Debian Linux, Libslirp and 3 more 2021-08-04 2.1 LOW 6.5 MEDIUM
An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1.
CVE-2018-1000807 3 Canonical, Pyopenssl, Redhat 6 Ubuntu Linux, Pyopenssl, Enterprise Linux Desktop and 3 more 2021-08-04 6.8 MEDIUM 8.1 HIGH
Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory.. This vulnerability appears to have been fixed in 17.5.0.
CVE-2018-7536 4 Canonical, Debian, Djangoproject and 1 more 4 Ubuntu Linux, Debian Linux, Django and 1 more 2021-08-04 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.
CVE-2018-10875 4 Canonical, Debian, Redhat and 1 more 11 Ubuntu Linux, Debian Linux, Ansible Engine and 8 more 2021-08-04 4.6 MEDIUM 7.8 HIGH
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.
CVE-2018-10903 3 Canonical, Cryptography, Redhat 3 Ubuntu Linux, Python-cryptography, Openstack 2021-08-04 5.0 MEDIUM 7.5 HIGH
A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.
CVE-2018-10855 3 Canonical, Debian, Redhat 6 Ubuntu Linux, Debian Linux, Ansible Engine and 3 more 2021-08-04 4.3 MEDIUM 5.9 MEDIUM
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.
CVE-2018-17963 4 Canonical, Debian, Qemu and 1 more 6 Ubuntu Linux, Debian Linux, Qemu and 3 more 2021-08-04 7.5 HIGH 9.8 CRITICAL
qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.
CVE-2018-1000808 3 Canonical, Pyopenssl Project, Redhat 7 Ubuntu Linux, Pyopenssl, Enterprise Linux Desktop and 4 more 2021-08-04 4.3 MEDIUM 5.9 MEDIUM
Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploitable via Depends upon calling application, however it could be as simple as initiating a TLS connection. Anything that would cause the calling application to reload certificates from a PKCS #12 store.. This vulnerability appears to have been fixed in 17.5.0.
CVE-2018-17204 4 Canonical, Debian, Openvswitch and 1 more 4 Ubuntu Linux, Debian Linux, Openvswitch and 1 more 2021-08-04 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and command earlier, when it might still be invalid. This causes an assertion failure (via OVS_NOT_REACHED). ovs-vswitchd does not enable support for OpenFlow 1.5 by default.
CVE-2018-17205 3 Canonical, Openvswitch, Redhat 3 Ubuntu Linux, Openvswitch, Openstack 2021-08-04 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added (e.g., the flow action is a go-to for a group id that does not exist), OvS tries to revert back all previous flows that were successfully applied from the same bundle. This is possible since OvS maintains list of old flows that were replaced by flows from the bundle. While reinserting old flows, OvS has an assertion failure due to a check on rule state != RULE_INITIALIZED. This would work for new flows, but for an old flow the rule state is RULE_REMOVED. The assertion failure causes an OvS crash.
CVE-2018-10915 4 Canonical, Debian, Postgresql and 1 more 9 Ubuntu Linux, Debian Linux, Postgresql and 6 more 2021-08-04 6.0 MEDIUM 7.5 HIGH
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected.
CVE-2018-17206 4 Canonical, Debian, Openvswitch and 1 more 4 Ubuntu Linux, Debian Linux, Openvswitch and 1 more 2021-08-04 4.0 MEDIUM 4.9 MEDIUM
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding.
CVE-2019-17544 2 Canonical, Gnu 2 Ubuntu Linux, Aspell 2021-08-02 6.4 MEDIUM 9.1 CRITICAL
libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character.
CVE-2019-8457 4 Canonical, Fedoraproject, Opensuse and 1 more 4 Ubuntu Linux, Fedora, Leap and 1 more 2021-07-31 7.5 HIGH 9.8 CRITICAL
SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.
CVE-2019-13057 2 Canonical, Openldap 2 Ubuntu Linux, Openldap 2021-07-31 3.5 LOW 4.9 MEDIUM
An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.)
CVE-2019-16168 7 Canonical, Debian, Fedoraproject and 4 more 19 Ubuntu Linux, Debian Linux, Fedora and 16 more 2021-07-31 4.3 MEDIUM 6.5 MEDIUM
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
CVE-2016-4472 2 Canonical, Libexpat Project 2 Ubuntu Linux, Libexpat 2021-07-31 6.8 MEDIUM 8.1 HIGH
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.
CVE-2016-5300 4 Canonical, Debian, Google and 1 more 4 Ubuntu Linux, Debian Linux, Android and 1 more 2021-07-31 7.8 HIGH 7.5 HIGH
The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.