cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password.
Max CVSS
6.4
EPSS Score
0.04%
Published
2023-12-12
Updated
2023-12-18
An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size.
Max CVSS
6.5
EPSS Score
0.13%
Published
2020-06-17
Updated
2022-03-09
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings.
Max CVSS
5.5
EPSS Score
0.09%
Published
2020-06-17
Updated
2022-03-09
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings.
Max CVSS
5.5
EPSS Score
0.09%
Published
2020-06-17
Updated
2022-03-09
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings.
Max CVSS
5.5
EPSS Score
0.11%
Published
2020-06-17
Updated
2022-03-09
An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c.
Max CVSS
7.5
EPSS Score
0.61%
Published
2020-06-17
Updated
2022-03-10
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.
Max CVSS
7.5
EPSS Score
1.09%
Published
2020-06-17
Updated
2022-03-10
An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference.
Max CVSS
7.5
EPSS Score
0.14%
Published
2020-06-17
Updated
2022-03-10
libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file.
Max CVSS
6.5
EPSS Score
1.63%
Published
2019-02-04
Updated
2020-08-24
libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file.
Max CVSS
6.5
EPSS Score
0.33%
Published
2019-02-04
Updated
2019-11-06
rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission.
Max CVSS
7.8
EPSS Score
0.04%
Published
2019-02-04
Updated
2021-05-28
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode.
Max CVSS
7.5
EPSS Score
0.97%
Published
2020-06-17
Updated
2022-03-10
libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename.
Max CVSS
7.5
EPSS Score
1.26%
Published
2020-06-17
Updated
2022-03-10
libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690.
Max CVSS
9.8
EPSS Score
0.71%
Published
2020-04-23
Updated
2022-03-10
LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.
Max CVSS
7.5
EPSS Score
1.06%
Published
2019-10-29
Updated
2022-04-05
FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.
Max CVSS
7.8
EPSS Score
0.23%
Published
2019-07-04
Updated
2023-02-28
In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due to a buffer overflow in the library. Users running public servers with the above configuration are highly encouraged to upgrade as soon as possible, as there are no known mitigations.
Max CVSS
9.8
EPSS Score
70.71%
Published
2019-07-10
Updated
2023-02-28
http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character.
Max CVSS
6.5
EPSS Score
0.84%
Published
2019-06-30
Updated
2023-01-13
Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image file.
Max CVSS
6.5
EPSS Score
0.27%
Published
2019-06-30
Updated
2023-02-28
A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to an std::bad_alloc exception) via a crafted PNG image file.
Max CVSS
6.5
EPSS Score
0.67%
Published
2019-06-30
Updated
2023-02-28
A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted CRW image file.
Max CVSS
6.5
EPSS Score
0.51%
Published
2019-06-30
Updated
2023-02-02
mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.
Max CVSS
6.1
EPSS Score
0.29%
Published
2019-06-29
Updated
2023-03-13
arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected.
Max CVSS
7.0
EPSS Score
0.05%
Published
2019-06-25
Updated
2022-04-18
An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP.
Max CVSS
5.3
EPSS Score
0.62%
Published
2019-07-01
Updated
2020-08-24
dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.
Max CVSS
7.1
EPSS Score
0.05%
Published
2019-06-11
Updated
2020-08-24
421 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!