Vulnerabilities (CVE)

Vendor filter

Canonical Subscribe

Filter

2121 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-1010305 3 Kyzer, Canonical, Fedoraproject 3 Libmspack, Ubuntu Linux, Fedora 2019-08-23 4.3
libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted...
CVE-2019-9516 6 Apache, Apple, Synology and 3 more 8 Traffic Server, Swiftnio, Diskstation Manager and 5 more 2019-08-23 7.8
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or...
CVE-2019-9513 6 Apache, Apple, Synology and 3 more 8 Traffic Server, Swiftnio, Diskstation Manager and 5 more 2019-08-23 7.8
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to...
CVE-2019-9511 6 Apache, Apple, Synology and 3 more 8 Traffic Server, Swiftnio, Diskstation Manager and 5 more 2019-08-23 7.8
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple...
CVE-2019-11042 3 Php, Canonical, Debian 3 Php, Ubuntu Linux, Debian Linux 2019-08-22 6.8
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read...
CVE-2019-11041 3 Php, Canonical, Debian 3 Php, Ubuntu Linux, Debian Linux 2019-08-22 6.8
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read...
CVE-2019-2791 2 Oracle, Canonical 2 Mysql, Ubuntu Linux 2019-08-22 5.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker...
CVE-2019-2741 2 Oracle, Canonical 2 Mysql, Ubuntu Linux 2019-08-22 3.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Log). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Difficult to exploit vulnerability allows low privileged attacker with...
CVE-2018-13043 2 Debian, Canonical 3 Devscript, Ubuntu Linux, Devscripts 2019-08-19 7.5
scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing.
CVE-2018-7584 4 Php, Ubuntu, Canonical and 1 more 4 Php, Ubuntu, Ubuntu Linux and 1 more 2019-08-19 7.5
In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c....
CVE-2018-5712 3 Php, Canonical, Debian 3 Php, Ubuntu Linux, Debian Linux 2019-08-19 4.3
An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.
CVE-2018-5711 3 Php, Canonical, Debian 3 Php, Ubuntu Linux, Debian Linux 2019-08-19 4.3
gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as...
CVE-2018-14851 4 Php, Canonical, Debian and 1 more 4 Php, Ubuntu Linux, Debian Linux and 1 more 2019-08-19 4.3
exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted...
CVE-2018-10549 4 Php, Canonical, Netapp and 1 more 4 Php, Ubuntu Linux, Storage Automation Store and 1 more 2019-08-19 6.8
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a...
CVE-2018-10548 4 Php, Canonical, Debian and 1 more 4 Php, Ubuntu Linux, Debian Linux and 1 more 2019-08-19 5.0
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of...
CVE-2018-10547 4 Php, Canonical, Debian and 1 more 4 Php, Ubuntu Linux, Debian Linux and 1 more 2019-08-19 4.3
An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file....
CVE-2018-10546 4 Php, Canonical, Netapp and 1 more 4 Php, Ubuntu Linux, Storage Automation Store and 1 more 2019-08-19 5.0
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences.
CVE-2018-10545 4 Php, Canonical, Debian and 1 more 4 Php, Ubuntu Linux, Debian Linux and 1 more 2019-08-19 1.9
An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing...
CVE-2017-16642 4 Php, Netapp, Canonical and 1 more 5 Php, Storage Automation Store, Ubuntu Linux and 2 more 2019-08-19 5.0
In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from...
CVE-2019-13565 2 Openldap, Canonical 2 Openldap, Ubuntu Linux 2019-08-19 5.0
An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a...