Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2021-3640 |
A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system. Published: March 03, 2022; 6:15:08 PM -0500 |
V3.1: 7.0 HIGH V2.0: 6.9 MEDIUM |
CVE-2022-0492 |
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. Published: March 03, 2022; 2:15:08 PM -0500 |
V3.1: 7.8 HIGH V2.0: 6.9 MEDIUM |
CVE-2021-44142 |
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. Published: February 21, 2022; 10:15:07 AM -0500 |
V3.1: 8.8 HIGH V2.0: 9.0 HIGH |
CVE-2021-45079 |
In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication. Published: January 31, 2022; 3:15:07 AM -0500 |
V3.1: 9.1 CRITICAL V2.0: 5.8 MEDIUM |
CVE-2021-4034 |
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine. Published: January 28, 2022; 3:15:12 PM -0500 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2021-45417 |
AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow. Published: January 20, 2022; 1:15:07 PM -0500 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2022-20698 |
A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that may result in an invalid pointer read. An attacker could exploit this vulnerability by sending a crafted OOXML file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition. Published: January 14, 2022; 1:15:09 AM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2020-0569 |
Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. Published: November 23, 2020; 12:15:12 PM -0500 |
V3.1: 5.7 MEDIUM V2.0: 2.7 LOW |
CVE-2020-28040 |
WordPress before 5.5.2 allows CSRF attacks that change a theme's background image. Published: November 02, 2020; 4:15:31 PM -0500 |
V3.1: 4.3 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-28039 |
is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected. Published: November 02, 2020; 4:15:31 PM -0500 |
V3.1: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2020-14837 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Published: October 21, 2020; 11:15:22 AM -0400 |
V3.1: 4.9 MEDIUM V2.0: 6.8 MEDIUM |
CVE-2020-26137 |
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. Published: September 30, 2020; 2:15:26 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 6.4 MEDIUM |
CVE-2020-26116 |
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. Published: September 27, 2020; 12:15:11 AM -0400 |
V3.1: 7.2 HIGH V2.0: 6.4 MEDIUM |
CVE-2020-26088 |
A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a. Published: September 24, 2020; 11:15:15 AM -0400 |
V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2019-20919 |
An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference. Published: September 17, 2020; 2:15:12 PM -0400 |
V3.1: 4.7 MEDIUM V2.0: 1.9 LOW |
CVE-2020-14314 |
A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability. Published: September 15, 2020; 4:15:13 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2020-8927 |
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits. Published: September 15, 2020; 6:15:12 AM -0400 |
V3.1: 6.5 MEDIUM V2.0: 6.4 MEDIUM |
CVE-2020-25285 |
A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. Published: September 13, 2020; 2:15:09 PM -0400 |
V3.1: 6.4 MEDIUM V2.0: 4.4 MEDIUM |
CVE-2020-25219 |
url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion. Published: September 09, 2020; 5:15:11 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2020-25212 |
A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. Published: September 09, 2020; 12:15:12 PM -0400 |
V3.1: 7.0 HIGH V2.0: 4.4 MEDIUM |