Vulnerabilities (CVE)

Vendor filter

Canonical Subscribe

Product filter

Ubuntu Linux Subscribe

Filter

2086 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-3823 5 Haxx, Canonical, Debian and 2 more 7 Libcurl, Ubuntu Linux, Debian Linux and 4 more 2019-07-23 5.0
libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the...
CVE-2018-8013 4 Apache, Canonical, Debian and 1 more 20 Batik, Ubuntu Linux, Debian Linux and 17 more 2019-07-23 7.5
In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type...
CVE-2018-5407 7 Nodejs, Openssl, Canonical and 4 more 20 Node.js, Openssl, Ubuntu Linux and 17 more 2019-07-23 1.9
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
CVE-2018-1305 4 Apache, Debian, Canonical and 1 more 6 Tomcat, Debian Linux, Ubuntu Linux and 3 more 2019-07-23 4.0
Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this...
CVE-2018-1304 5 Apache, Redhat, Debian and 2 more 10 Tomcat, Jboss Enterprise Web Server, Debian Linux and 7 more 2019-07-23 4.3
The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint...
CVE-2018-17199 5 Apache, Netapp, Debian and 2 more 6 Http Server, Santricity Cloud Connector, Debian Linux and 3 more 2019-07-23 5.0
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the...
CVE-2018-16890 6 Haxx, Canonical, Debian and 3 more 8 Libcurl, Ubuntu Linux, Debian Linux and 5 more 2019-07-23 5.0
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is...
CVE-2018-1000301 5 Haxx, Canonical, Debian and 2 more 8 Curl, Ubuntu Linux, Debian Linux and 5 more 2019-07-23 6.4
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded...
CVE-2018-1000121 5 Haxx, Canonical, Debian and 2 more 8 Curl, Ubuntu Linux, Debian Linux and 5 more 2019-07-23 5.0
A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service
CVE-2018-0735 6 Netapp, Openssl, Canonical and 3 more 22 Cloud Backup, Oncommand Unified Manager, Santricity Smi-s Provider and 19 more 2019-07-23 4.3
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in...
CVE-2017-6056 3 Apache, Debian, Canonical 3 Debian Linux, Tomcat, Ubuntu Linux 2019-07-23 5.0
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of...
CVE-2018-14645 3 Haproxy, Redhat, Canonical 5 Haproxy, Openshift, Openshift Container Platform and 2 more 2019-07-23 5.0
A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service.
CVE-2018-8780 3 Ruby-lang, Canonical, Debian 3 Ruby, Ubuntu Linux, Debian Linux 2019-07-21 7.5
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional...
CVE-2018-8779 3 Ruby-lang, Canonical, Debian 3 Ruby, Ubuntu Linux, Debian Linux 2019-07-21 5.0
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket.
CVE-2018-8778 4 Ruby-lang, Canonical, Debian and 1 more 4 Ruby, Ubuntu Linux, Debian Linux and 1 more 2019-07-21 5.0
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack...
CVE-2018-8777 4 Ruby-lang, Debian, Canonical and 1 more 4 Ruby, Debian Linux, Ubuntu Linux and 1 more 2019-07-21 5.0
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a...
CVE-2018-6914 4 Ruby-lang, Canonical, Debian and 1 more 4 Ruby, Ubuntu Linux, Debian Linux and 1 more 2019-07-21 5.0
Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or...
CVE-2018-16396 4 Ruby-lang, Canonical, Debian and 1 more 4 Ruby, Ubuntu Linux, Debian Linux and 1 more 2019-07-21 6.8
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.
CVE-2018-16395 3 Ruby-lang, Canonical, Debian 3 Ruby, Ubuntu Linux, Debian Linux 2019-07-21 7.5
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects...
CVE-2018-18505 4 Mozilla, Canonical, Debian and 1 more 11 Firefox, Firefox Esr, Thunderbird and 8 more 2019-07-20 7.5
An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels...