Vulnerabilities (CVE)

Vendor filter

Canonical Subscribe

Filter

2168 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-1000030 2 Python, Canonical 2 Python, Ubuntu Linux 2019-10-09 6.8
Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed....
CVE-2017-7526 3 Gnupg, Canonical, Debian 3 Libgcrypt, Ubuntu Linux, Debian Linux 2019-10-09 4.3
libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on...
CVE-2017-7518 4 Canonical, Debian, Linux and 1 more 9 Ubuntu Linux, Debian Linux, Linux Kernel and 6 more 2019-10-09 4.6
A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A...
CVE-2017-3144 4 Isc, Canonical, Debian and 1 more 9 Dhcp, Ubuntu Linux, Debian Linux and 6 more 2019-10-09 5.0
A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6....
CVE-2017-2592 2 Openstack, Canonical 2 Oslo.middleware, Ubuntu Linux 2019-10-09 2.1
python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to...
CVE-2017-15132 3 Dovecot, Canonical, Debian 3 Dovecot, Ubuntu Linux, Debian Linux 2019-10-09 5.0
A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes...
CVE-2017-15119 4 Qemu, Redhat, Canonical and 1 more 4 Qemu, Virtualization, Ubuntu Linux and 1 more 2019-10-09 5.0
The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A...
CVE-2017-15118 3 Qemu, Canonical, Redhat 3 Qemu, Ubuntu Linux, Enterprise Linux 2019-10-09 7.5
A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds...
CVE-2017-15105 3 Nlnetlabs, Debian, Canonical 3 Unbound, Debian Linux, Ubuntu Linux 2019-10-09 5.0
A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound...
CVE-2017-12153 3 Linux, Canonical, Debian 3 Linux Kernel, Ubuntu Linux, Debian Linux 2019-10-09 4.9
A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are present in a Netlink request. This request can...
CVE-2017-0903 4 Rubygems, Canonical, Debian and 1 more 9 Rubygems, Ubuntu Linux, Debian Linux and 6 more 2019-10-09 7.5
RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to...
CVE-2017-0902 4 Rubygems, Canonical, Debian and 1 more 9 Rubygems, Ubuntu Linux, Debian Linux and 6 more 2019-10-09 6.8
RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.
CVE-2017-0901 4 Rubygems, Canonical, Debian and 1 more 9 Rubygems, Ubuntu Linux, Debian Linux and 6 more 2019-10-09 6.4
RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.
CVE-2016-9600 3 Jasper Project, Canonical, Redhat 8 Jasper, Ubuntu Linux, Enterprise Linux Desktop and 5 more 2019-10-09 4.3
JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.
CVE-2016-9597 6 Hp, Xmlsoft, Canonical and 3 more 7 Icewall Federation Agent, Icewall File Manager, Libxml2 and 4 more 2019-10-09 5.0
It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a...
CVE-2016-7056 4 Openssl, Canonical, Debian and 1 more 4 Openssl, Ubuntu Linux, Debian Linux and 1 more 2019-10-09 2.1
A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.
CVE-2016-1585 1 Canonical 1 Apparmor 2019-10-09 7.5
In all versions of AppArmor mount rules are accidentally widened when compiled.
CVE-2016-1579 1 Canonical 1 Ubuntu Download Manager 2019-10-09 7.5
UDM provides support for running commands after a download is completed, this is currently made use of for click package installation. This functionality was not restricted to unconfined applications. Before UDM version...
CVE-2015-4000 12 Google, Openssl, Apple and 9 more 25 Safari, Network Security Services, Ie and 22 more 2019-10-09 4.3
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a...
CVE-2015-2301 7 Apple, Php, Canonical and 4 more 12 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 9 more 2019-10-09 7.5
Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger...