Vulnerabilities (CVE)

Vendor filter

Canonical Subscribe

Filter

1547 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-16866 2 Nlnetlabs, Canonical 2 Unbound, Ubuntu Linux 2019-10-16 5.0
Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.
CVE-2019-17134 1 Canonical 1 Ubuntu Linux 2019-10-15 6.4
Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via...
CVE-2019-7303 1 Canonical 2 Ubuntu Linux, Snapd 2019-10-09 5.0
A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert characters into a terminal on a 64-bit host. The seccomp rules were generated to match 64-bit ioctl(2) commands on a 64-bit...
CVE-2019-3825 3 Gnome, Canonical, Redhat 3 Gnome Display Manager, Ubuntu Linux, Enterprise Linux 2019-10-09 6.9
A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain...
CVE-2019-11476 1 Canonical 1 Ubuntu Linux 2019-10-09 4.6
An integer overflow in whoopsie before versions 0.2.52.5ubuntu0.1, 0.2.62ubuntu0.1, 0.2.64ubuntu0.1, 0.2.66, results in an out-of-bounds write to a heap allocated buffer when processing large crash dumps. This results in a crash or possible...
CVE-2018-6555 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2019-10-09 7.2
The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have...
CVE-2018-6554 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2019-10-09 4.9
Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket.
CVE-2018-5733 4 Isc, Canonical, Debian and 1 more 8 Dhcp, Ubuntu Linux, Debian Linux and 5 more 2019-10-09 5.0
A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0...
CVE-2018-5388 3 Strongswan, Debian, Canonical 3 Strongswan, Debian Linux, Ubuntu Linux 2019-10-09 4.0
In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket.
CVE-2018-5381 3 Quagga, Canonical, Debian 3 Quagga, Ubuntu Linux, Debian Linux 2019-10-09 5.0
The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a...
CVE-2018-5380 3 Quagga, Debian, Canonical 3 Quagga, Debian Linux, Ubuntu Linux 2019-10-09 4.0
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.
CVE-2018-5378 3 Quagga, Debian, Canonical 3 Quagga, Debian Linux, Ubuntu Linux 2019-10-09 4.9
The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash.
CVE-2018-1139 3 Samba, Canonical, Redhat 5 Samba, Ubuntu Linux, Enterprise Linux Desktop and 2 more 2019-10-09 4.3
A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed...
CVE-2018-1130 4 Canonical, Debian, Linux and 1 more 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more 2019-10-09 4.9
Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls.
CVE-2018-1125 3 Canonical, Debian, Procps-ng Project 3 Ubuntu Linux, Debian Linux, Procps-ng 2019-10-09 5.0
procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise...
CVE-2018-1123 3 Canonical, Debian, Procps-ng Project 3 Ubuntu Linux, Debian Linux, Procps-ng 2019-10-09 5.0
procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash...
CVE-2018-1100 3 Zsh, Canonical, Redhat 5 Zsh, Ubuntu Linux, Enterprise Linux Desktop and 2 more 2019-10-09 7.2
zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker could exploit this to execute arbitrary code in the context of another user.
CVE-2018-1087 4 Canonical, Debian, Linux and 1 more 11 Ubuntu Linux, Debian Linux, Linux Kernel and 8 more 2019-10-09 4.6
kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov...
CVE-2018-1083 4 Zsh, Canonical, Debian and 1 more 7 Zsh, Ubuntu Linux, Debian Linux and 4 more 2019-10-09 7.2
Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries...
CVE-2018-1058 3 Postgresql, Redhat, Canonical 3 Postgresql, Cloudforms, Ubuntu Linux 2019-10-09 6.5
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through...