Ubuntu_linux - Vulncode-DB

Date	Id	Summary	Products	Score
2018-10-26	CVE-2018-15688	A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.	Ubuntu_linux, Debian_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Systemd	8.8
2019-01-09	CVE-2018-20679	An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option() in networking/udhcp/common.c that 4-byte options are indeed 4 bytes.	Busybox, Ubuntu_linux	7.5
2019-01-09	CVE-2019-5747	An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP client, server, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte length when decoding DHCP_SUBNET. NOTE: this issue exists because of an incomplete fix for CVE-2018-20679.	Busybox, Ubuntu_linux	7.5
2019-06-19	CVE-2019-12900	BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.	Bzip2, Ubuntu_linux, Debian_linux, Freebsd, Leap, Python	9.8
2020-01-21	CVE-2019-20386	An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.	Ubuntu_linux, Fedora, Active_iq_unified_manager, Cloud_backup, Steelstore_cloud_integrated_storage, Leap, Systemd	2.4
2024-01-08	CVE-2022-3328	Race condition in snap-confine's must_mkdir_and_open_with_perms()	Snapd, Ubuntu_linux	7.0
2019-06-24	CVE-2018-20843	In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).	Ubuntu_linux, Debian_linux, Fedora, Libexpat, Leap, Hospitality_res_3700, Http_server, Outside_in_technology, Nessus	7.5
2020-05-09	CVE-2020-12762	json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.	Ubuntu_linux, Debian_linux, Fedora, Json\-C, Sinec_ins	7.8
2019-09-24	CVE-2019-5094	An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.	Ubuntu_linux, Debian_linux, E2fsprogs, Fedora, Hci_management_node, Solidfire	7.5
2020-07-15	CVE-2020-14581	Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to...	Ubuntu_linux, Debian_linux, Fedora, Epolicy_orchestrator, 7\-Mode_transition_tool, Active_iq_unified_manager, Cloud_backup, Cloud_secure_agent, E\-Series_performance_analyzer, E\-Series_santricity_os_controller, E\-Series_santricity_web_services, Oncommand_insight, Oncommand_workflow_automation, Santricity_unified_manager, Snapmanager, Steelstore_cloud_integrated_storage, Storagegrid, Leap, Jdk, Jre, Openjdk	N/A

Product: Ubuntu_linux (Canonical)

Product:
Ubuntu_linux
(Canonical)