Vulnerabilities (CVE)

Vendor filter

Canonical Subscribe

Filter

1962 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-9628 2 Xmltooling Project, Canonical 2 Xmltooling, Ubuntu Linux 2019-04-18 5.0
The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled...
CVE-2019-3462 3 Debian, Netapp, Canonical 5 Apt, Active Iq, Element Software and 2 more 2019-04-18 9.3
Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.
CVE-2018-1301 5 Apache, Debian, Netapp and 2 more 8 Http Server, Debian Linux, Clustered Data Ontap and 5 more 2019-04-18 4.3
A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to...
CVE-2018-17294 2 Canonical, Opensuse 2 Ubuntu Linux, Leap 2019-04-18 4.3
The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file...
CVE-2018-14647 4 Python, Canonical, Debian and 1 more 4 Python, Ubuntu Linux, Debian Linux and 1 more 2019-04-18 5.0
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash...
CVE-2018-11763 5 Apache, Oracle, Canonical and 2 more 5 Http Server, Secure Global Desktop, Ubuntu Linux and 2 more 2019-04-18 4.3
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible...
CVE-2018-17456 4 Git-scm, Canonical, Debian and 1 more 11 Git, Ubuntu Linux, Debian Linux and 8 more 2019-04-18 7.5
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file...
CVE-2019-2422 6 Oracle, Netapp, Canonical and 3 more 15 Jdk, Jre, Oncommand Unified Manager and 12 more 2019-04-18 4.3
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated...
CVE-2018-17199 4 Apache, Netapp, Debian and 1 more 5 Http Server, Santricity Cloud Connector, Debian Linux and 2 more 2019-04-18 5.0
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the...
CVE-2018-6556 2 Linuxcontainers, Canonical 2 Lxc, Ubuntu Linux 2019-04-18 2.1
lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may...
CVE-2019-7308 3 Linux, Canonical, Opensuse 3 Linux Kernel, Ubuntu Linux, Leap 2019-04-18 4.7
kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to...
CVE-2019-7310 4 Freedesktop, Canonical, Debian and 1 more 4 Poppler, Ubuntu Linux, Debian Linux and 1 more 2019-04-18 6.8
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via...
CVE-2019-6111 5 Openbsd, Winscp, Canonical and 2 more 5 Openssh, Winscp, Ubuntu Linux and 2 more 2019-04-18 5.8
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name...
CVE-2019-6778 4 Qemu, Opensuse, Canonical and 1 more 4 Qemu, Leap, Ubuntu Linux and 1 more 2019-04-17 4.6
In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.
CVE-2019-7524 4 Dovecot, Debian, Canonical and 1 more 4 Dovecot, Debian Linux, Ubuntu Linux and 1 more 2019-04-17 7.2
In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.
CVE-2019-3814 3 Dovecot, Canonical, Opensuse 3 Dovecot, Ubuntu Linux, Leap 2019-04-17 4.9
It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.
CVE-2018-6951 2 Gnu, Canonical 2 Patch, Ubuntu Linux 2019-04-17 5.0
An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue.
CVE-2018-1000156 4 Gnu, Canonical, Debian and 1 more 9 Patch, Ubuntu Linux, Debian Linux and 6 more 2019-04-17 6.8
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed...
CVE-2019-3878 3 Canonical, Fedoraproject, Redhat 9 Ubuntu Linux, Fedora, Enterprise Linux and 6 more 2019-04-17 6.8
A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers...
CVE-2017-18360 2 Linux, Canonical 2 Linux Kernel, Ubuntu Linux 2019-04-17 4.9
In change_port_settings in drivers/usb/serial/io_ti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates.