Vulnerabilities (CVE)

Vendor filter

Canonical Subscribe

Product filter

Ubuntu Linux Subscribe

Filter

2059 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-11035 3 Php, Canonical, Netapp 3 Php, Ubuntu Linux, Storage Automation Store 2019-05-25 6.4
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash.
CVE-2019-11034 3 Php, Canonical, Netapp 3 Php, Ubuntu Linux, Storage Automation Store 2019-05-25 6.4
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.
CVE-2019-7317 3 Libpng, Canonical, Debian 3 Libpng, Ubuntu Linux, Debian Linux 2019-05-25 2.6
png_image_free in png.c in libpng 1.6.36 has a use-after-free because png_image_free_function is called under png_safe_execute.
CVE-2019-2627 2 Oracle, Canonical 2 Mysql, Ubuntu Linux 2019-05-23 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows...
CVE-2019-2614 2 Oracle, Canonical 2 Mysql, Ubuntu Linux 2019-05-23 3.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high...
CVE-2019-2422 6 Oracle, Netapp, Canonical and 3 more 15 Jdk, Jre, Oncommand Unified Manager and 12 more 2019-05-23 4.3
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated...
CVE-2018-3639 9 Arm, Intel, Mitel and 6 more 50 Cortex-a, Atom C, Atom E and 47 more 2019-05-23 4.9
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user...
CVE-2018-11212 7 Ijg, Netapp, Oracle and 4 more 13 Libjpeg, Oncommand Unified Manager, Oncommand Workflow Automation and 10 more 2019-05-23 4.3
An issue was discovered in libjpeg 9a. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.
CVE-2007-1864 4 Php, Canonical, Debian and 1 more 5 Php, Ubuntu Linux, Debian Linux and 2 more 2019-05-22 7.5
Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors.
CVE-2016-10712 2 Php, Canonical 2 Php, Ubuntu Linux 2019-05-22 5.0
In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a "$uri =...
CVE-2018-14647 4 Python, Canonical, Debian and 1 more 4 Python, Ubuntu Linux, Debian Linux and 1 more 2019-05-22 5.0
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash...
CVE-2018-1061 5 Python, Debian, Redhat and 2 more 8 Python, Debian Linux, Ansible Tower and 5 more 2019-05-22 5.0
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.
CVE-2018-1060 5 Python, Redhat, Canonical and 2 more 8 Python, Ansible Tower, Ubuntu Linux and 5 more 2019-05-22 5.0
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.
CVE-2019-11498 2 Wavpack, Canonical 2 Wavpack, Ubuntu Linux 2019-05-22 4.3
WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service (application crash) via a DFF...
CVE-2019-11068 3 Xmlsoft, Canonical, Debian 3 Libxslt, Ubuntu Linux, Debian Linux 2019-05-22 7.5
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and...
CVE-2018-12020 4 Gnupg, Canonical, Debian and 1 more 10 Gnupg, Ubuntu, Ubuntu Linux and 7 more 2019-05-22 5.0
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2"...
CVE-2019-1559 7 Openssl, Canonical, Debian and 4 more 18 Openssl, Ubuntu Linux, Debian Linux and 15 more 2019-05-22 4.3
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with...
CVE-2019-2537 4 Oracle, Netapp, Canonical and 1 more 6 Mysql, Oncommand Workflow Automation, Snapcenter and 3 more 2019-05-21 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged...
CVE-2019-2455 3 Oracle, Netapp, Canonical 5 Mysql, Oncommand Workflow Automation, Snapcenter and 2 more 2019-05-21 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged...
CVE-2018-3284 3 Oracle, Netapp, Canonical 6 Mysql, Oncommand Insight, Oncommand Workflow Automation and 3 more 2019-05-21 3.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network...