Vulnerabilities (CVE)

Vendor filter

Canonical Subscribe

Product filter

Ubuntu Linux Subscribe

Filter

2085 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-8780 3 Ruby-lang, Canonical, Debian 3 Ruby, Ubuntu Linux, Debian Linux 2019-07-21 7.5
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional...
CVE-2018-8779 3 Ruby-lang, Canonical, Debian 3 Ruby, Ubuntu Linux, Debian Linux 2019-07-21 5.0
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket.
CVE-2018-8778 4 Ruby-lang, Canonical, Debian and 1 more 4 Ruby, Ubuntu Linux, Debian Linux and 1 more 2019-07-21 5.0
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack...
CVE-2018-8777 4 Ruby-lang, Debian, Canonical and 1 more 4 Ruby, Debian Linux, Ubuntu Linux and 1 more 2019-07-21 5.0
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a...
CVE-2018-6914 4 Ruby-lang, Canonical, Debian and 1 more 4 Ruby, Ubuntu Linux, Debian Linux and 1 more 2019-07-21 5.0
Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or...
CVE-2018-16396 4 Ruby-lang, Canonical, Debian and 1 more 4 Ruby, Ubuntu Linux, Debian Linux and 1 more 2019-07-21 6.8
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.
CVE-2018-16395 3 Ruby-lang, Canonical, Debian 3 Ruby, Ubuntu Linux, Debian Linux 2019-07-21 7.5
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects...
CVE-2018-18505 4 Mozilla, Canonical, Debian and 1 more 11 Firefox, Firefox Esr, Thunderbird and 8 more 2019-07-20 7.5
An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels...
CVE-2018-18074 2 Python-requests, Canonical 2 Requests, Ubuntu Linux 2019-07-20 5.0
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
CVE-2019-10193 4 Redhat, Redislabs, Canonical and 1 more 5 Openstack, Redis, Ubuntu Linux and 2 more 2019-07-19 6.5
A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to...
CVE-2019-10192 4 Redhat, Redislabs, Canonical and 1 more 5 Openstack, Redis, Ubuntu Linux and 2 more 2019-07-19 6.5
A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick...
CVE-2019-3822 6 Haxx, Canonical, Debian and 3 more 8 Libcurl, Ubuntu Linux, Debian Linux and 5 more 2019-07-19 7.5
libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header...
CVE-2019-13132 3 Zeromq, Canonical, Debian 3 Libzmq, Ubuntu Linux, Debian Linux 2019-07-18 7.5
In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack...
CVE-2013-1064 2 Ubuntu Developers, Canonical 3 Ubuntu Linux, Apt-xapian-index, Apt-xapian-index 2019-07-18 4.6
apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess...
CVE-2018-7073 1 Canonical 1 Ubuntu Linux 2019-07-17 2.1
A local arbitrary file modification vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24.
CVE-2018-1000027 3 Squid-cache, Debian, Canonical 3 Squid, Debian Linux, Ubuntu Linux 2019-07-17 5.0
The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the...
CVE-2018-1000024 3 Squid-cache, Debian, Canonical 3 Squid, Debian Linux, Ubuntu Linux 2019-07-17 5.0
The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This...
CVE-2018-18311 7 Perl, Canonical, Debian and 4 more 17 Perl, Ubuntu Linux, Debian Linux and 14 more 2019-07-16 7.5
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
CVE-2007-0063 2 Vmware, Canonical 7 Server, Esx Server, Workstation and 4 more 2019-07-16 10.0
Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1...
CVE-2007-0061 2 Vmware, Canonical 6 Server, Player, Workstation and 3 more 2019-07-16 10.0
The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and...