National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:canonical:ubuntu_linux:12.04::~~esm~~~
There are 268 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2019-0217

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.

Published: April 08, 2019; 05:29:00 PM -04:00
V3: 7.5 HIGH
V2: 6.0 MEDIUM
CVE-2019-3814

It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.

Published: March 27, 2019; 09:29:01 AM -04:00
V3: 6.8 MEDIUM
V2: 4.9 MEDIUM
CVE-2019-9024

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c.

Published: February 22, 2019; 06:29:00 PM -05:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2019-9023

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences.

Published: February 22, 2019; 06:29:00 PM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2019-9021

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c.

Published: February 22, 2019; 06:29:00 PM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2019-9020

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c.

Published: February 22, 2019; 06:29:00 PM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2017-18360

In change_port_settings in drivers/usb/serial/io_ti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates.

Published: January 31, 2019; 04:29:00 AM -05:00
V3: 5.5 MEDIUM
V2: 4.9 MEDIUM
CVE-2019-3462

Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.

Published: January 28, 2019; 04:29:00 PM -05:00
V3: 8.1 HIGH
V2: 9.3 HIGH
CVE-2018-5740

"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2.

Published: January 16, 2019; 03:29:01 PM -05:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2019-6133

In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.

Published: January 11, 2019; 09:29:00 AM -05:00
V3: 6.7 MEDIUM
V2: 4.4 MEDIUM
CVE-2019-6128

The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.

Published: January 11, 2019; 12:29:01 AM -05:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2018-20549

There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca 0.99.beta19.

Published: December 28, 2018; 11:29:05 AM -05:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2018-20548

There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 1bpp data.

Published: December 28, 2018; 11:29:04 AM -05:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2018-20547

There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for 24bpp data.

Published: December 28, 2018; 11:29:04 AM -05:00
V3: 8.1 HIGH
V2: 5.8 MEDIUM
CVE-2018-20546

There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case.

Published: December 28, 2018; 11:29:04 AM -05:00
V3: 8.1 HIGH
V2: 5.8 MEDIUM
CVE-2018-20545

There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 4bpp data.

Published: December 28, 2018; 11:29:04 AM -05:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2018-20544

There is floating point exception at caca/dither.c (function caca_dither_bitmap) in libcaca 0.99.beta19.

Published: December 28, 2018; 11:29:04 AM -05:00
V3: 6.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-9518

In nfc_llcp_build_sdreq_tlv of llcp_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-73083945.

Published: December 07, 2018; 06:29:00 PM -05:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2018-18313

Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.

Published: December 07, 2018; 04:29:00 PM -05:00
V3: 9.1 CRITICAL
V2: 6.4 MEDIUM
CVE-2018-18311

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

Published: December 07, 2018; 04:29:00 PM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH