cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password.
Max CVSS
6.4
EPSS Score
0.04%
Published
2023-12-12
Updated
2023-12-18

CVE-2021-3493

Known exploited
Public exploit
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.
Max CVSS
8.8
EPSS Score
0.59%
Published
2021-04-17
Updated
2023-07-07
CISA KEV Added
2022-10-20
Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562.
Max CVSS
8.8
EPSS Score
0.05%
Published
2021-04-17
Updated
2021-05-21
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.
Max CVSS
7.2
EPSS Score
0.31%
Published
2020-09-27
Updated
2023-05-24
Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.
Max CVSS
7.8
EPSS Score
0.05%
Published
2020-08-20
Updated
2023-11-22
Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.
Max CVSS
7.8
EPSS Score
0.05%
Published
2020-08-20
Updated
2022-12-03
Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection."
Max CVSS
5.9
EPSS Score
0.24%
Published
2020-06-21
Updated
2023-02-27
An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux.
Max CVSS
6.7
EPSS Score
0.05%
Published
2020-08-05
Updated
2022-11-29
A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash.
Max CVSS
7.5
EPSS Score
1.52%
Published
2020-07-06
Updated
2022-04-28
Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate.
Max CVSS
5.8
EPSS Score
0.15%
Published
2020-06-15
Updated
2023-03-01
Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.
Max CVSS
5.9
EPSS Score
0.32%
Published
2020-06-15
Updated
2022-04-27
An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data.
Max CVSS
7.5
EPSS Score
0.16%
Published
2020-05-21
Updated
2022-04-27
An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions.
Max CVSS
8.2
EPSS Score
0.23%
Published
2020-05-21
Updated
2022-04-26
An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093.
Max CVSS
9.1
EPSS Score
0.19%
Published
2020-05-21
Updated
2023-01-27
exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error.
Max CVSS
5.5
EPSS Score
0.05%
Published
2020-05-09
Updated
2023-01-27
json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.
Max CVSS
7.8
EPSS Score
0.11%
Published
2020-05-09
Updated
2023-09-25
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).
Max CVSS
7.5
EPSS Score
8.43%
Published
2020-04-28
Updated
2022-04-29
An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients.
Max CVSS
5.5
EPSS Score
0.04%
Published
2020-06-08
Updated
2023-06-12
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.
Max CVSS
8.8
EPSS Score
0.42%
Published
2020-03-12
Updated
2022-08-12
In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.
Max CVSS
6.5
EPSS Score
0.43%
Published
2020-08-21
Updated
2021-12-02

CVE-2020-8617

Public exploit
Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results.
Max CVSS
7.5
EPSS Score
97.20%
Published
2020-05-19
Updated
2022-09-09
eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.
Max CVSS
9.8
EPSS Score
12.52%
Published
2020-02-03
Updated
2023-05-05
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.
Max CVSS
7.1
EPSS Score
0.84%
Published
2020-01-30
Updated
2023-05-24
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
Max CVSS
7.5
EPSS Score
0.60%
Published
2020-01-21
Updated
2022-07-25
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information.
Max CVSS
5.3
EPSS Score
0.45%
Published
2020-10-02
Updated
2021-12-02
312 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!