Product:
Ubuntu_linux
(Canonical)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-09-26 | CVE-2019-16869 | Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling. | Ubuntu_linux, Debian_linux, Netty, Jboss_enterprise_application_platform | 7.5 | ||
| 2009-08-06 | CVE-2009-2625 | XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework. | Xerces2_java, Ubuntu_linux, Debian_linux, Fedora, Opensuse, Jdk, Primavera_p6_enterprise_project_portfolio_management, Primavera_web_services, Linux_enterprise_server | N/A | ||
| 2013-07-23 | CVE-2013-4002 | XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related... | Xerces2_java, Ubuntu_linux, Host_on\-Demand, Java, Sterling_b2b_integrator, Sterling_file_gateway, Tivoli_application_dependency_discovery_manager, Opensuse, Jdk, Jre, Jrockit, Linux_enterprise_desktop, Linux_enterprise_java, Linux_enterprise_sdk, Linux_enterprise_server | N/A | ||
| 2016-02-15 | CVE-2016-0742 | The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response. | Ubuntu_linux, Debian_linux, Nginx, Leap | 7.5 | ||
| 2016-02-15 | CVE-2016-0746 | Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing. | Ubuntu_linux, Debian_linux, Nginx, Leap | 9.8 | ||
| 2016-02-15 | CVE-2016-0747 | The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution. | Ubuntu_linux, Debian_linux, Nginx, Leap | 5.3 | ||
| 2018-11-07 | CVE-2018-16843 | nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file. | Ubuntu_linux, Debian_linux, Nginx, Leap | 7.5 | ||
| 2018-11-07 | CVE-2018-16844 | nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file. | Ubuntu_linux, Debian_linux, Nginx | 7.5 | ||
| 2018-11-07 | CVE-2018-16845 | nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an... | Ubuntu_linux, Debian_linux, Nginx, Leap | 6.1 | ||
| 2020-05-13 | CVE-2020-3327 | A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacker could exploit this vulnerability by sending a crafted ARJ file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. | Ubuntu_linux, Clam_antivirus, Debian_linux, Fedora | 7.5 |