Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
There are 1,116 matching records.
Displaying matches 121 through 140.
Vuln ID Summary CVSS Severity
CVE-2020-11565

** DISPUTED ** An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue “is a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.”.

Published: April 05, 2020; 9:15:12 PM -0400
V3.1: 6.0 MEDIUM
V2.0: 3.6 LOW
CVE-2020-8835

In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780)

Published: April 02, 2020; 2:15:18 PM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2020-7065

In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.

Published: April 01, 2020; 12:15:13 AM -0400
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-7064

In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.

Published: April 01, 2020; 12:15:13 AM -0400
V3.1: 5.4 MEDIUM
V2.0: 5.8 MEDIUM
CVE-2019-15796

Python-apt doesn't check if hashes are signed in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py or in `_fetch_archives()` of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5, 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5.

Published: March 26, 2020; 9:15:12 AM -0400
V3.1: 4.7 MEDIUM
V2.0: 2.6 LOW
CVE-2019-15795

python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and earlier. This allows a man-in-the-middle attack which could potentially be used to install altered packages and has been fixed in versions 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5.

Published: March 26, 2020; 9:15:12 AM -0400
V3.1: 4.7 MEDIUM
V2.0: 2.6 LOW
CVE-2020-0556

Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access

Published: March 12, 2020; 5:15:14 PM -0400
V3.1: 7.1 HIGH
V2.0: 5.8 MEDIUM
CVE-2020-8130

There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`.

Published: February 24, 2020; 10:15:11 AM -0500
V3.1: 6.4 MEDIUM
V2.0: 6.9 MEDIUM
CVE-2015-9542

add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and crash it. Arbitrary code execution might be possible, depending on the application, C library, compiler, and other factors.

Published: February 24, 2020; 10:15:10 AM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2019-11485

Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling.

Published: February 08, 2020; 12:15:13 AM -0500
V3.1: 3.3 LOW
V2.0: 2.1 LOW
CVE-2019-11484

Kevin Backhouse discovered an integer overflow in bson_ensure_space, as used in whoopsie.

Published: February 08, 2020; 12:15:13 AM -0500
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2019-11483

Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user.

Published: February 08, 2020; 12:15:13 AM -0500
V3.1: 3.3 LOW
V2.0: 2.1 LOW
CVE-2019-11482

Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories.

Published: February 08, 2020; 12:15:13 AM -0500
V3.1: 4.7 MEDIUM
V2.0: 1.9 LOW
CVE-2019-11481

Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences.

Published: February 08, 2020; 12:15:12 AM -0500
V3.1: 7.8 HIGH
V2.0: 6.1 MEDIUM
CVE-2020-8517

An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy.

Published: February 04, 2020; 3:15:14 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-8450

An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.

Published: February 04, 2020; 3:15:14 PM -0500
V3.1: 7.3 HIGH
V2.0: 7.5 HIGH
CVE-2020-8449

An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.

Published: February 04, 2020; 3:15:14 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2019-20446

In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.

Published: February 02, 2020; 9:15:10 AM -0500
V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-8492

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.

Published: January 30, 2020; 2:15:12 PM -0500
V3.1: 6.5 MEDIUM
V2.0: 7.1 HIGH
CVE-2019-20445

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.

Published: January 29, 2020; 4:15:11 PM -0500
V3.1: 9.1 CRITICAL
V2.0: 6.4 MEDIUM