Search Results (Refine Search)
- CPE Product Version: cpe:/o:canonical:ubuntu_linux:12.04::~~lts~~~
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2021-3493 |
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges. Published: April 17, 2021; 1:15:14 AM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2021-3492 |
Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562. Published: April 17, 2021; 1:15:13 AM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2020-16119 |
Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196. Published: January 13, 2021; 8:15:13 PM -0500 |
V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2020-8620 |
In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit. Published: August 21, 2020; 5:15:12 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2015-7747 |
Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as demonstrated by sixteen-stereo-to-eight-mono.c. Published: February 19, 2020; 4:15:11 PM -0500 |
V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2014-2030 |
Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947. Published: February 06, 2020; 10:15:10 AM -0500 |
V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2014-1958 |
Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030. Published: February 06, 2020; 10:15:10 AM -0500 |
V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2015-6815 |
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors. Published: January 31, 2020; 5:15:11 PM -0500 |
V3.1: 3.5 LOW V2.0: 2.7 LOW |
CVE-2015-5278 |
The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets. Published: January 23, 2020; 3:15:11 PM -0500 |
V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2015-5239 |
Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop. Published: January 23, 2020; 3:15:11 PM -0500 |
V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2013-4532 |
Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. Published: January 02, 2020; 11:15:11 AM -0500 |
V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2013-4357 |
The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. Published: December 31, 2019; 2:15:10 PM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2012-4428 |
openslp: SLPIntersectStringList()' Function has a DoS vulnerability Published: December 02, 2019; 1:15:09 PM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2015-3406 |
The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors. Published: November 29, 2019; 4:15:10 PM -0500 |
V3.1: 7.5 HIGH V2.0: 6.4 MEDIUM |
CVE-2012-3543 |
mono 2.10.x ASP.NET Web Form Hash collision DoS Published: November 21, 2019; 9:15:12 AM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2015-3167 |
contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack. Published: November 20, 2019; 4:15:11 PM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2015-3166 |
The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error. Published: November 20, 2019; 4:15:11 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2015-1607 |
kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and "memcpy with overlapping ranges." Published: November 20, 2019; 2:15:11 PM -0500 |
V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-5333 |
Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file. Published: November 04, 2019; 4:15:11 PM -0500 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-5332 |
The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. Published: November 04, 2019; 4:15:11 PM -0500 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |