Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Canonical)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-01-21 | CVE-2016-0466 | Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect availability via vectors related to JAXP. | Ubuntu_linux, Jdk, Jre | N/A | ||
| 2016-01-21 | CVE-2016-0483 | Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a heap-based buffer overflow in the readImage function, which allows remote attackers to execute arbitrary code via crafted image data. | Ubuntu_linux, Jdk, Jre, Jrockit | N/A | ||
| 2016-01-21 | CVE-2016-0494 | Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | Ubuntu_linux, Jdk, Jre | N/A | ||
| 2018-04-19 | CVE-2018-2800 | Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or... | Ubuntu_linux, Debian_linux, Xp7_command_view, Jdk, Jre, Jrockit, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Satellite, Struxureware_data_center_expert | 4.2 | ||
| 2020-06-27 | CVE-2020-15358 | In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. | Icloud, Ipados, Iphone_os, Macos, Tvos, Watchos, Ubuntu_linux, Communications_cloud_native_core_policy, Communications_messaging_server, Communications_network_charging_and_control, Enterprise_manager_ops_center, Hyperion_infrastructure_technology, Mysql, Outside_in_technology, Sinec_infrastructure_network_services, Sqlite | 5.5 | ||
| 2019-09-17 | CVE-2019-16394 | SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers. | Ubuntu_linux, Debian_linux, Spip | 5.3 | ||
| 2019-12-17 | CVE-2019-19830 | _core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database. | Ubuntu_linux, Debian_linux, Spip | 6.5 | ||
| 2020-04-30 | CVE-2020-11652 | An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users. | Workspaces_server, Ubuntu_linux, Debian_linux, Leap, Salt, Application_remote_collector | 6.5 | ||
| 2020-05-09 | CVE-2020-12769 | An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8. | Ubuntu_linux, Debian_linux, Linux_kernel, A700s_firmware, Active_iq_unified_manager, Cloud_backup, Element_software, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H610c_firmware, H610s_firmware, H615c_firmware, H700e_firmware, H700s_firmware, Hci_compute_node_firmware, Hci_management_node, Solidfire, Steelstore_cloud_integrated_storage, Leap | 5.5 | ||
| 2020-07-09 | CVE-2020-12405 | When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. | Ubuntu_linux, Firefox, Firefox_esr, Thunderbird | 5.3 |