Skip to main content

Canonical

250 CVEs vendor

Monthly

CVE-2024-23983 MEDIUM This Month

Improper handling of canonical URL-encoding may lead to bypass not properly constrained by request rules. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Canonical
NVD
CVSS 4.0
5.8
EPSS
0.4%
CVE-2024-50226 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix use-after-free, permit out-of-order decoder shutdown In support of investigating an initialization failure report. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Canonical Use After Free Memory Corruption Denial Of Service Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-50118 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: btrfs: reject ro->rw reconfiguration if there are hard ro requirements [BUG] Syzbot reports the following crash: BTRFS info (device. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Canonical Debian Denial Of Service Linux Null Pointer Dereference +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-50102 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: x86: fix user address masking non-canonical speculation issue It turns out that AMD has a "Meltdown Lite(tm)" issue with. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Canonical Amd Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-49953 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice The km.state is not checked in driver's delayed work. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Canonical Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-49868 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix a NULL pointer dereference when failed to start a new trasacntion [BUG] Syzbot reported a NULL pointer dereference with. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Canonical Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-49863 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() Since commit 3f8ca2e115e5 ("vhost/scsi: Extract common handling code from. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Canonical Debian Denial Of Service Linux Null Pointer Dereference +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-47707 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() Blamed commit accidentally removed a check for rt->rt6i_idev being. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Canonical Google Null Pointer Dereference Denial Of Service Linux +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-46788 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Use a cpumask to know what threads are kthreads The start_kthread() and stop_thread() code was not always called. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Canonical Debian Denial Of Service Linux Null Pointer Dereference +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-45612 PHP MEDIUM PATCH This Month

Contao is an Open Source CMS. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Canonical Contao
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-44939 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: jfs: fix null ptr deref in dtInsertEntry [syzbot reported] general protection fault, probably for non-canonical address. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Google Canonical Denial Of Service Linux Null Pointer Dereference +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-44935 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: sctp: Fix null-ptr-deref in reuseport_add_sock(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Canonical Google Null Pointer Dereference Denial Of Service Linux +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-45234 HIGH This Week

An issue was discovered in Fort before 1.6.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Canonical Fort Validator
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-43846 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: lib: objagg: Fix general protection fault The library supports aggregation of objects into other objects only if the parent object. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Canonical Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-42083 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ionic: fix kernel panic due to multi-buffer handling Currently, the ionic_run_xdp() doesn't handle multi-buffer packets properly. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Canonical Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-40962 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: allocate dummy checksums for zoned NODATASUM writes Shin'ichiro reported that when he's running fstests' test-case. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Canonical Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-40961 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible NULL deref in fib6_nh_init() syzbot reminds us that in6_dev_get() can return NULL. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Canonical Google Null Pointer Dereference Denial Of Service Linux +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-40960 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible NULL dereference in rt6_probe() syzbot caught a NULL dereference in rt6_probe() [1] Bail out if. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Canonical Google Null Pointer Dereference Denial Of Service Linux +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-40959 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() ip6_dst_idev() can return NULL, xfrm6_get_saddr() must act. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Canonical Google Null Pointer Dereference Denial Of Service Linux +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-40905 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible race in __fib6_drop_pcpu_from() syzbot found a race in __fib6_drop_pcpu_from() [1] If compiler reads more than. Rated medium severity (CVSS 4.7). This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Canonical Google Null Pointer Dereference Denial Of Service Linux +1
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2024-36270 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: netfilter: tproxy: bail out if IP has been disabled on the device syzbot reports: general protection fault, probably for. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Canonical Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-36902 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() syzbot is able to trigger the following crash [1], caused. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Canonical Google Null Pointer Dereference Denial Of Service Linux +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-36901 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent NULL dereference in ip6_output() According to syzbot, there is a chance that ip6_dst_idev() returns NULL in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Google Canonical Denial Of Service Linux Null Pointer Dereference +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-36008 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ipv4: check for NULL idev in ip_route_use_hint() syzbot was able to trigger a NULL deref in fib_validate_source() in an old tree. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Canonical Debian Null Pointer Dereference Denial Of Service Linux +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-35949 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: btrfs: make sure that WRITTEN is set on all metadata blocks We previously would call btrfs_check_leaf() if we had the check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Canonical Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-35931 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Skip do PCI error slot reset during RAS recovery Why: The PCI error slot reset maybe triggered after inject ue to UMC. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Canonical Microsoft Code Injection Linux Ubuntu +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-35870 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in smb2_reconnect_server() The UAF bug is due to smb2_reconnect_server() accessing a session that is already. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Canonical Use After Free Memory Corruption Information Disclosure Linux +1
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-27062 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Race Condition Information Disclosure Canonical Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-3250 Go MEDIUM PATCH This Month

It was discovered that Canonical's Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Canonical Pebble
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-26793 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: gtp: fix use-after-free and null-ptr-deref in gtp_newlink() The gtp_link_ops operations structure for the subsystem must be. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Canonical Use After Free Memory Corruption Information Disclosure Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-26785 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix protection fault in iommufd_test_syz_conv_iova Syzkaller reported the following bug: general protection fault,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Canonical Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26766 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Unfortunately the commit `fd8958efe877` introduced another error causing the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Canonical Denial Of Service Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-26754 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() The gtp_net_ops pernet operations structure for the subsystem. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Canonical Use After Free Memory Corruption Information Disclosure Linux +2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-26695 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked The SEV platform device can be shutdown with a null. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Canonical Denial Of Service Linux Linux Kernel +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26674 HIGH PATCH This Week

{get,put}_user() fixups During memory error injection test on kernels >= v6.4, the kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Canonical Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-26663 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() syzbot reported the following general protection fault [1]:. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Canonical Denial Of Service Linux Linux Kernel +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26282 HIGH This Week

Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Canonical Mozilla Firefox
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2023-44378 Go MEDIUM PATCH This Month

gnark is a zk-SNARK library that offers a high-level API to design circuits. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Integer Overflow Buffer Overflow Canonical Gnark
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-36479 Maven LOW POC PATCH Monitor

Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. Public exploit code available.

Canonical Information Disclosure Jetty Debian Linux
NVD GitHub
CVSS 3.1
3.1
EPSS
1.0%
CVE-2023-40165 HIGH PATCH This Week

rubygems.org is the Ruby community's primary gem (library) hosting service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Canonical Information Disclosure Rubygems Org
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-2650 MEDIUM PATCH This Month

Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

OpenSSL Canonical Denial Of Service Debian Linux
NVD
CVSS 3.1
6.5
EPSS
75.1%
CVE-2022-24899 PHP MEDIUM POC PATCH This Month

Contao is a powerful open source CMS that allows you to create professional websites and scalable web applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Canonical XSS Contao
NVD GitHub
CVSS 3.1
6.1
EPSS
4.4%
CVE-2021-41272 HIGH PATCH This Week

Besu is an Ethereum client written in Java. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Canonical Information Disclosure Besu
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-39137 Go HIGH PATCH This Week

go-ethereum is the official Go implementation of the Ethereum protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Canonical Information Disclosure Go Ethereum
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-26265 Go MEDIUM PATCH This Month

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Canonical Go Ethereum
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-29573 HIGH PATCH This Week

sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Canonical Glibc Enterprise Linux +2
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2020-26241 Go HIGH PATCH This Week

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Canonical Go Ethereum
NVD GitHub
CVSS 3.1
7.1
EPSS
1.1%
CVE-2020-17029 MEDIUM PATCH This Month

Windows Canonical Display Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Microsoft Canonical Windows 10 Windows 7 +6
NVD
CVSS 3.1
5.5
EPSS
1.4%
CVE-2020-25032 PyPI HIGH PATCH This Week

An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Canonical Python Path Traversal Flask Cors Debian Linux +2
NVD GitHub
CVSS 3.1
7.5
EPSS
4.0%
CVE-2020-14966 npm HIGH POC PATCH This Week

An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Buffer Overflow Jwt Attack Canonical Jsrsasign +1
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-13822 npm HIGH POC PATCH This Week

The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Node.js Canonical Buffer Overflow Integer Overflow Elliptic
NVD GitHub
CVSS 3.1
7.7
EPSS
2.6%
CVE-2020-10029 MEDIUM POC This Month

The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Canonical Glibc Fedora +9
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2019-18978 Ruby MEDIUM PATCH This Month

An issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Canonical Rack Cors Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
5.3
EPSS
2.5%
CVE-2019-12749 HIGH This Week

dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ubuntu Canonical Dbus Ubuntu Linux
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2019-7304 CRITICAL POC THREAT Act Now

Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Canonical Snapd Ubuntu Linux
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
61.1%
CVE-2019-7303 HIGH POC This Week

A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert characters into a terminal on a 64-bit host. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Linux Canonical Information Disclosure Snapd Ubuntu Linux
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
3.7%
CVE-2018-19965 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the. Rated medium severity (CVSS 5.6).

Denial Of Service Canonical Xen Xenserver Debian Linux
NVD
CVSS 3.0
5.6
EPSS
0.4%
CVE-2017-7725 PHP MEDIUM POC This Month

concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options". Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Canonical Concrete Cms
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
3.6%
CVE-2016-9385 MEDIUM PATCH This Month

The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial of service (host crash) by leveraging lack of canonical. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Canonical Xen Xenserver
NVD VulDB
CVSS 3.0
6.0
EPSS
0.1%
CVE-2016-5189 MEDIUM This Month

Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted navigation to blob URLs with non-canonical origins, which allowed a remote attacker to spoof the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Canonical Google Authentication Bypass Chrome
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2015-2672 MEDIUM PATCH This Month

The xsave/xrstor implementation in arch/x86/include/asm/xsave.h in the Linux kernel before 3.19.2 creates certain .altinstr_replacement pointers and consequently does not provide any protection. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Canonical Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.0%
CVE-2016-2271 MEDIUM PATCH This Month

VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Canonical Intel Denial Of Service Xen
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-1571 MEDIUM This Month

The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Canonical Denial Of Service Xenserver Xen
NVD
CVSS 3.0
6.3
EPSS
0.3%
CVE-2015-3332 MEDIUM This Month

A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash). Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Canonical Denial Of Service Google Linux Debian Linux +2
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2015-1322 MEDIUM This Month

Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Canonical Ubuntu Ubuntu Linux Network Manager
NVD
CVSS 2.0
4.6
EPSS
0.0%
CVE-2014-3610 MEDIUM POC PATCH This Month

The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Canonical Denial Of Service Linux Linux Kernel Ubuntu Linux +3
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2014-4699 MEDIUM POC PATCH This Month

The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows. Rated medium severity (CVSS 6.9). Public exploit code available.

Canonical Race Condition Denial Of Service Intel Linux +3
NVD Exploit-DB GitHub
CVSS 2.0
6.9
EPSS
1.1%
CVE-2013-4558 LOW PATCH Monitor

The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Denial Of Service Apache Canonical Mod Dav Svn Subversion
NVD GitHub
CVSS 2.0
3.5
EPSS
1.8%
CVE-2012-2934 LOW PATCH Monitor

Xen 4.0, and 4.1, when running a 64-bit PV guest on "older" AMD CPUs, does not properly protect against a certain AMD processor bug, which allows local guest OS users to cause a denial of service. Rated low severity (CVSS 1.9).

Denial Of Service Canonical Amd Xen
NVD
CVSS 2.0
1.9
EPSS
0.2%
CVE-2012-0217 HIGH POC THREAT Act Now

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 88.0%.

Citrix Intel Buffer Overflow Oracle Canonical +12
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
88.0%
Threat
5.6
EPSS 0% CVSS 5.8
MEDIUM This Month

Improper handling of canonical URL-encoding may lead to bypass not properly constrained by request rules. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Canonical
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix use-after-free, permit out-of-order decoder shutdown In support of investigating an initialization failure report. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Canonical Use After Free Memory Corruption +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: btrfs: reject ro->rw reconfiguration if there are hard ro requirements [BUG] Syzbot reports the following crash: BTRFS info (device. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Canonical Debian Denial Of Service +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: x86: fix user address masking non-canonical speculation issue It turns out that AMD has a "Meltdown Lite(tm)" issue with. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Canonical Amd +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice The km.state is not checked in driver's delayed work. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Canonical Denial Of Service Linux +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix a NULL pointer dereference when failed to start a new trasacntion [BUG] Syzbot reported a NULL pointer dereference with. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Canonical Denial Of Service +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() Since commit 3f8ca2e115e5 ("vhost/scsi: Extract common handling code from. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Canonical Debian Denial Of Service +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() Blamed commit accidentally removed a check for rt->rt6i_idev being. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Canonical Google Null Pointer Dereference +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Use a cpumask to know what threads are kthreads The start_kthread() and stop_thread() code was not always called. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Canonical Debian Denial Of Service +3
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Contao is an Open Source CMS. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Canonical Contao
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: jfs: fix null ptr deref in dtInsertEntry [syzbot reported] general protection fault, probably for non-canonical address. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Google Canonical Denial Of Service +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: sctp: Fix null-ptr-deref in reuseport_add_sock(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Canonical Google Null Pointer Dereference +3
NVD
EPSS 0% CVSS 7.5
HIGH This Week

An issue was discovered in Fort before 1.6.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Canonical Fort Validator
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: lib: objagg: Fix general protection fault The library supports aggregation of objects into other objects only if the parent object. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Canonical Linux +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ionic: fix kernel panic due to multi-buffer handling Currently, the ionic_run_xdp() doesn't handle multi-buffer packets properly. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Canonical Denial Of Service +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: allocate dummy checksums for zoned NODATASUM writes Shin'ichiro reported that when he's running fstests' test-case. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Canonical Denial Of Service +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible NULL deref in fib6_nh_init() syzbot reminds us that in6_dev_get() can return NULL. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Canonical Google Null Pointer Dereference +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible NULL dereference in rt6_probe() syzbot caught a NULL dereference in rt6_probe() [1] Bail out if. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Canonical Google Null Pointer Dereference +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() ip6_dst_idev() can return NULL, xfrm6_get_saddr() must act. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Canonical Google Null Pointer Dereference +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible race in __fib6_drop_pcpu_from() syzbot found a race in __fib6_drop_pcpu_from() [1] If compiler reads more than. Rated medium severity (CVSS 4.7). This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Canonical Google Null Pointer Dereference +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: netfilter: tproxy: bail out if IP has been disabled on the device syzbot reports: general protection fault, probably for. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Canonical Denial Of Service +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() syzbot is able to trigger the following crash [1], caused. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Canonical Google Null Pointer Dereference +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent NULL dereference in ip6_output() According to syzbot, there is a chance that ip6_dst_idev() returns NULL in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Google Canonical Denial Of Service +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ipv4: check for NULL idev in ip_route_use_hint() syzbot was able to trigger a NULL deref in fib_validate_source() in an old tree. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Canonical Debian Null Pointer Dereference +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: btrfs: make sure that WRITTEN is set on all metadata blocks We previously would call btrfs_check_leaf() if we had the check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Canonical +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Skip do PCI error slot reset during RAS recovery Why: The PCI error slot reset maybe triggered after inject ue to UMC. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Canonical Microsoft Code Injection +3
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in smb2_reconnect_server() The UAF bug is due to smb2_reconnect_server() accessing a session that is already. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Canonical Use After Free Memory Corruption +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Race Condition Information Disclosure Canonical +2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

It was discovered that Canonical's Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Canonical Pebble
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: gtp: fix use-after-free and null-ptr-deref in gtp_newlink() The gtp_link_ops operations structure for the subsystem must be. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Canonical Use After Free Memory Corruption +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix protection fault in iommufd_test_syz_conv_iova Syzkaller reported the following bug: general protection fault,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Canonical Linux +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Unfortunately the commit `fd8958efe877` introduced another error causing the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Canonical Denial Of Service Linux +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() The gtp_net_ops pernet operations structure for the subsystem. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Canonical Use After Free Memory Corruption +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked The SEV platform device can be shutdown with a null. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Canonical Denial Of Service +3
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

{get,put}_user() fixups During memory error injection test on kernels >= v6.4, the kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Canonical +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() syzbot reported the following general protection fault [1]:. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Canonical Denial Of Service +3
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Canonical +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

gnark is a zk-SNARK library that offers a high-level API to design circuits. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Integer Overflow Buffer Overflow Canonical +1
NVD GitHub
EPSS 1% CVSS 3.1
LOW POC PATCH Monitor

Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. Public exploit code available.

Canonical Information Disclosure Jetty +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

rubygems.org is the Ruby community's primary gem (library) hosting service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Canonical Information Disclosure Rubygems Org
NVD GitHub
EPSS 75% CVSS 6.5
MEDIUM PATCH This Month

Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

OpenSSL Canonical Denial Of Service +1
NVD
EPSS 4% CVSS 6.1
MEDIUM POC PATCH This Month

Contao is a powerful open source CMS that allows you to create professional websites and scalable web applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Canonical XSS Contao
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Besu is an Ethereum client written in Java. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Canonical Information Disclosure Besu
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

go-ethereum is the official Go implementation of the Ethereum protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Canonical Information Disclosure Go Ethereum
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Canonical Go Ethereum
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Canonical +4
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Canonical Go Ethereum
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Windows Canonical Display Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Microsoft Canonical +8
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Canonical Python Path Traversal +4
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Buffer Overflow Jwt Attack +3
NVD GitHub VulDB
EPSS 3% CVSS 7.7
HIGH POC PATCH This Week

The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Node.js Canonical Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Canonical +11
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Canonical Rack Cors +2
NVD GitHub
EPSS 1% CVSS 7.1
HIGH This Week

dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ubuntu Canonical +2
NVD
EPSS 61% CVSS 9.8
CRITICAL POC THREAT Act Now

Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Canonical Snapd +1
NVD Exploit-DB
EPSS 4% CVSS 7.5
HIGH POC This Week

A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert characters into a terminal on a 64-bit host. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Linux Canonical Information Disclosure +2
NVD Exploit-DB
EPSS 0% CVSS 5.6
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the. Rated medium severity (CVSS 5.6).

Denial Of Service Canonical Xen +2
NVD
EPSS 4% CVSS 6.1
MEDIUM POC This Month

concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options". Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Canonical Concrete Cms
NVD Exploit-DB
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial of service (host crash) by leveraging lack of canonical. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Canonical Xen +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted navigation to blob URLs with non-canonical origins, which allowed a remote attacker to spoof the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Canonical Google +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The xsave/xrstor implementation in arch/x86/include/asm/xsave.h in the Linux kernel before 3.19.2 creates certain .altinstr_replacement pointers and consequently does not provide any protection. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Canonical Denial Of Service Linux +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Canonical Intel Denial Of Service +1
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Canonical Denial Of Service Xenserver +1
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash). Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Canonical Denial Of Service Google +4
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Canonical Ubuntu +2
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Canonical Denial Of Service Linux +5
NVD GitHub
EPSS 1% CVSS 6.9
MEDIUM POC PATCH This Month

The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows. Rated medium severity (CVSS 6.9). Public exploit code available.

Canonical Race Condition Denial Of Service +5
NVD Exploit-DB GitHub
EPSS 2% CVSS 3.5
LOW PATCH Monitor

The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Denial Of Service Apache Canonical +2
NVD GitHub
EPSS 0% CVSS 1.9
LOW PATCH Monitor

Xen 4.0, and 4.1, when running a 64-bit PV guest on "older" AMD CPUs, does not properly protect against a certain AMD processor bug, which allows local guest OS users to cause a denial of service. Rated low severity (CVSS 1.9).

Denial Of Service Canonical Amd +1
NVD
EPSS 88% 5.6 CVSS 7.2
HIGH POC THREAT Act Now

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 88.0%.

Citrix Intel Buffer Overflow +14
NVD Exploit-DB
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy