Canonical Ubuntu Linux — known CVE vulnerabilities
Every CVE whose affected-product data names Canonical Ubuntu Linux, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (200)
CVE-2017-16845 — CVSS 10.0 (critical): hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access.
CVE-2015-2806 — CVSS 10.0 (critical): Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown…
CVE-2007-0063 — CVSS 10.0 (critical): Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before…
CVE-2015-2740 — CVSS 10.0 (critical): Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and…
CVE-2007-0061 — CVSS 10.0 (critical): The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and…
CVE-2014-0474 — CVSS 10.0 (critical): The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6…
CVE-2015-2739 — CVSS 10.0 (critical): The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird…
CVE-2012-1166 — CVSS 10.0 (critical): The default keybindings for wwm in LTSP Display Manager (ldm) 2.2.x before 2.2.7 allow remote attackers to execute arbitrary commands via…
CVE-2015-4473 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote…
CVE-2007-2442 — CVSS 10.0 (critical): The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute…
CVE-2015-4477 — CVSS 10.0 (critical): Use-after-free vulnerability in the MediaStream playback feature in Mozilla Firefox before 40.0 allows remote attackers to execute…
CVE-2014-0457 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows…
CVE-2012-0444 — CVSS 10.0 (critical): Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly…
CVE-2015-2738 — CVSS 10.0 (critical): The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x…
CVE-2015-4474 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 allow remote attackers to cause a denial of…
CVE-2015-0408 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and…
CVE-2015-2737 — CVSS 10.0 (critical): The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and…
CVE-2004-1064 — CVSS 10.0 (critical): The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the file path before passing the data to the realpath function…
CVE-2014-6601 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and…
CVE-2008-3529 — CVSS 10.0 (critical): Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers…
CVE-2010-3116 — CVSS 10.0 (critical): Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before…
CVE-2014-1488 — CVSS 10.0 (critical): The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code…
CVE-2010-3114 — CVSS 10.0 (critical): The text-editing implementation in Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not check a node type before…
CVE-2013-0767 — CVSS 10.0 (critical): The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1…
CVE-2015-4485 — CVSS 10.0 (critical): Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2…
CVE-2010-3113 — CVSS 10.0 (critical): Google Chrome before 5.0.375.127, and webkitgtk before 1.2.5, does not properly handle SVG documents, which allows remote attackers to…
CVE-2010-2495 — CVSS 10.0 (critical): The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP implementation in the Linux kernel before 2.6.34 does not properly…
CVE-2004-1018 — CVSS 10.0 (critical): Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or…
CVE-2008-2662 — CVSS 10.0 (critical): Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230…
CVE-2010-0159 — CVSS 10.0 (critical): The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3…
CVE-2018-18505 — CVSS 10.0 (critical): An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC…
CVE-2015-2734 — CVSS 10.0 (critical): The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x…
CVE-2015-1421 — CVSS 10.0 (critical): Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote…
CVE-2016-0494 — CVSS 10.0 (critical): Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65…
CVE-2008-2663 — CVSS 10.0 (critical): Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and…
CVE-2009-0846 — CVSS 10.0 (critical): The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5)…
CVE-2016-0483 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to…
CVE-2004-1063 — CVSS 10.0 (critical): PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when running in safe mode on a multithreaded Unix webserver, allows local users to bypass…
CVE-2005-2700 — CVSS 10.0 (critical): ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not…
CVE-2015-3408 — CVSS 10.0 (critical): Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not…
CVE-2008-5500 — CVSS 10.0 (critical): The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before…
CVE-2008-5018 — CVSS 10.0 (critical): The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x…
CVE-2015-2724 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before…
CVE-2008-5017 — CVSS 10.0 (critical): Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18…
CVE-2008-5014 — CVSS 10.0 (critical): jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before…
CVE-2020-13753 — CVSS 10.0 (critical): The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI…
CVE-2014-0456 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect…
CVE-2015-8104 — CVSS 10.0 (critical): The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host…
CVE-2012-5835 — CVSS 10.0 (critical): Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0…
CVE-2014-0429 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote…
CVE-2023-1523 — CVSS 10.0 (critical): Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it…
CVE-2014-0247 — CVSS 10.0 (critical): LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to…
CVE-2012-5144 — CVSS 10.0 (critical): Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, do not properly perform AAC decoding, which allows…
CVE-2012-4218 — CVSS 10.0 (critical): Use-after-free vulnerability in the BuildTextRunsScanner::BreakSink::SetBreaks function in Mozilla Firefox before 17.0, Thunderbird before…
CVE-2013-5842 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded…
CVE-2013-5830 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and…
CVE-2014-2421 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to…
CVE-2014-2523 — CVSS 10.0 (critical): net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote…
CVE-2012-4212 — CVSS 10.0 (critical): Use-after-free vulnerability in the XPCWrappedNative::Mark function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey…
CVE-2012-3983 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before…
CVE-2012-3968 — CVSS 10.0 (critical): Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before…
CVE-2012-3963 — CVSS 10.0 (critical): Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7…
CVE-2015-4486 — CVSS 10.0 (critical): The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to…
CVE-2013-5829 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded…
CVE-2012-3961 — CVSS 10.0 (critical): Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird…
CVE-2012-3960 — CVSS 10.0 (critical): Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefox before 15.0, Firefox ESR 10.x before…
CVE-2008-4061 — CVSS 10.0 (critical): Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and…
CVE-2012-3959 — CVSS 10.0 (critical): Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before…
CVE-2014-1528 — CVSS 10.0 (critical): The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote…
CVE-2012-3957 — CVSS 10.0 (critical): Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7…
CVE-2008-4062 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey…
CVE-2014-1512 — CVSS 10.0 (critical): Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4…
CVE-2013-5610 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers…
CVE-2014-1478 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers…
CVE-2012-3956 — CVSS 10.0 (critical): Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox before 15.0, Firefox ESR 10.x before…
CVE-2012-1976 — CVSS 10.0 (critical): Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues function in Mozilla Firefox before 15.0, Firefox ESR 10.x before…
CVE-2012-1975 — CVSS 10.0 (critical): Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7…
CVE-2012-1974 — CVSS 10.0 (critical): Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7…
CVE-2015-4479 — CVSS 10.0 (critical): Multiple integer overflows in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to…
CVE-2012-1973 — CVSS 10.0 (critical): Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before…
CVE-2012-1972 — CVSS 10.0 (critical): Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x…
CVE-2012-1970 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird…
CVE-2007-0956 — CVSS 10.0 (critical): The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username…
CVE-2015-0240 — CVSS 10.0 (critical): The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x…
CVE-2014-1532 — CVSS 9.8 (critical): Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0…
CVE-2018-1000140 — CVSS 9.8 (critical): rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that…
CVE-2018-1000802 — CVSS 9.8 (critical): Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command…
CVE-2018-1000517 — CVSS 9.8 (critical): BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in…
CVE-2018-1000300 — CVSS 9.8 (critical): curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and…
CVE-2020-15900 — CVSS 9.8 (critical): A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of…
CVE-2019-18609 — CVSS 9.8 (critical): An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap…
CVE-2019-16746 — CVSS 9.8 (critical): An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in…
CVE-2019-16378 — CVSS 9.8 (critical): OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which…
CVE-2019-16239 — CVSS 9.8 (critical): process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted…
CVE-2019-15505 — CVSS 9.8 (critical): drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic…
CVE-2019-15504 — CVSS 9.8 (critical): drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be…
CVE-2019-5477 — CVSS 9.8 (critical): A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open`…
CVE-2019-3822 — CVSS 9.8 (critical): libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM…
CVE-2019-14901 — CVSS 9.8 (critical): A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The…
CVE-2019-14897 — CVSS 9.8 (critical): A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to…
CVE-2019-3464 — CVSS 9.8 (critical): Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that…
CVE-2019-3463 — CVSS 9.8 (critical): Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict…
CVE-2019-14896 — CVSS 9.8 (critical): A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote…
CVE-2019-14895 — CVSS 9.8 (critical): A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver…
CVE-2020-12395 — CVSS 9.8 (critical): Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed…
CVE-2020-12284 — CVSS 9.8 (critical): cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling…
CVE-2019-13962 — CVSS 9.8 (critical): lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it…
CVE-2015-3166 — CVSS 9.8 (critical): The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before…
CVE-2019-19330 — CVSS 9.8 (critical): The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF…
CVE-2015-7545 — CVSS 9.8 (critical): The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and…
CVE-2019-17361 — CVSS 9.8 (critical): In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an…
CVE-2019-19844 — CVSS 9.8 (critical): Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to…
CVE-2019-13224 — CVSS 9.8 (critical): A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial…
CVE-2019-13132 — CVSS 9.8 (critical): In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq…
CVE-2019-19948 — CVSS 9.8 (critical): In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c.
CVE-2019-12900 — CVSS 9.8 (critical): BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
CVE-2019-12526 — CVSS 9.8 (critical): An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data…
CVE-2019-12525 — CVSS 9.8 (critical): An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses…
CVE-2019-12524 — CVSS 9.8 (critical): An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be…
CVE-2019-12519 — CVSS 9.8 (critical): An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This…
CVE-2019-12450 — CVSS 9.8 (critical): file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is…
CVE-2019-20788 — CVSS 9.8 (critical): libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large…
CVE-2019-11683 — CVSS 9.8 (critical): udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of…
CVE-2020-11945 — CVSS 9.8 (critical): An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to…
CVE-2019-11356 — CVSS 9.8 (critical): The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code…
CVE-2019-11235 — CVSS 9.8 (critical): FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group…
CVE-2019-11234 — CVSS 9.8 (critical): FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to…
CVE-2019-11068 — CVSS 9.8 (critical): libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon…
CVE-2015-8768 — CVSS 9.8 (critical): click/install.py in click does not require files in package filesystem tarballs to start with ./ (dot slash), which allows remote attackers…
CVE-2019-10269 — CVSS 9.8 (critical): BWA (aka Burrow-Wheeler Aligner) before 2019-01-23 has a stack-based buffer overflow in the bns_restore function in bntseq.c via a long…
CVE-2019-10160 — CVSS 9.8 (critical): A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions…
CVE-2015-8778 — CVSS 9.8 (critical): Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service…
CVE-2019-10126 — CVSS 9.8 (critical): A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mw…
CVE-2019-1010238 — CVSS 9.8 (critical): Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code…
CVE-2015-8779 — CVSS 9.8 (critical): Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent…
CVE-2015-8803 — CVSS 9.8 (critical): The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its…
CVE-2015-8804 — CVSS 9.8 (critical): x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation…
CVE-2015-8805 — CVSS 9.8 (critical): The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its…
CVE-2015-8812 — CVSS 9.8 (critical): drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote…
CVE-2015-9262 — CVSS 9.8 (critical): _XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code…
CVE-2018-8788 — CVSS 9.8 (critical): FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory…
CVE-2018-8787 — CVSS 9.8 (critical): FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function…
CVE-2018-8786 — CVSS 9.8 (critical): FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function…
CVE-2018-8785 — CVSS 9.8 (critical): FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress() that results in a memory corruption…
CVE-2018-8784 — CVSS 9.8 (critical): FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress_segment() that results in a memory…
CVE-2019-17266 — CVSS 9.8 (critical): libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does…
CVE-2018-8014 — CVSS 9.8 (critical): The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to…
CVE-2018-8013 — CVSS 9.8 (critical): In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the…
CVE-2019-6978 — CVSS 9.8 (critical): The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE…
CVE-2016-0705 — CVSS 9.8 (critical): Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g…
CVE-2018-7584 — CVSS 9.8 (critical): In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while…
CVE-2018-7548 — CVSS 9.8 (critical): In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result.
CVE-2022-1736 — CVSS 9.8 (critical): Ubuntu's configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by default.
CVE-2016-0718 — CVSS 9.8 (critical): Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input…
CVE-2018-7225 — CVSS 9.8 (critical): An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length…
CVE-2016-0746 — CVSS 9.8 (critical): Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a…
CVE-2018-7183 — CVSS 9.8 (critical): Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by…
CVE-2018-7054 — CVSS 9.8 (critical): An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when a server is disconnected during…
CVE-2018-7053 — CVSS 9.8 (critical): An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an…
CVE-2016-10714 — CVSS 9.8 (critical): In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters.
CVE-2016-10727 — CVSS 9.8 (critical): camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data…
CVE-2018-6913 — CVSS 9.8 (critical): Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a…
CVE-2018-6871 — CVSS 9.8 (critical): LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which…
CVE-2018-6797 — CVSS 9.8 (critical): An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over…
CVE-2009-3555 — CVSS 9.8 (critical): The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in…
CVE-2016-1578 — CVSS 9.8 (critical): Use-after-free vulnerability in Oxide allows remote attackers to cause a denial of service (application crash) or execute arbitrary code…
CVE-2009-4013 — CVSS 9.8 (critical): Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote…
CVE-2016-1659 — CVSS 9.8 (critical): Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have…
CVE-2010-1205 — CVSS 9.8 (critical): Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote…
CVE-2018-5188 — CVSS 9.8 (critical): Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and…
CVE-2018-5187 — CVSS 9.8 (critical): Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of memory corruption and we presume that…
CVE-2018-5186 — CVSS 9.8 (critical): Memory safety bugs present in Firefox 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort…
CVE-2018-5183 — CVSS 9.8 (critical): Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer…
CVE-2019-7304 — CVSS 9.8 (critical): Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as…
CVE-2018-5159 — CVSS 9.8 (critical): An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in…
CVE-2018-5156 — CVSS 9.8 (critical): A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result…
CVE-2018-5155 — CVSS 9.8 (critical): A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially…
CVE-2018-5154 — CVSS 9.8 (critical): A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially…
CVE-2018-5151 — CVSS 9.8 (critical): Memory safety bugs were reported in Firefox 59. Some of these bugs showed evidence of memory corruption and we presume that with enough…
CVE-2018-5150 — CVSS 9.8 (critical): Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory…
CVE-2018-5148 — CVSS 9.8 (critical): A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a…
CVE-2018-5145 — CVSS 9.8 (critical): Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough…
CVE-2010-2941 — CVSS 9.8 (critical): ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which…
CVE-2018-5128 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges during editor operations. This results in…
CVE-2018-5126 — CVSS 9.8 (critical): Memory safety bugs were reported in Firefox 58. Some of these bugs showed evidence of memory corruption and we presume that with enough…
CVE-2016-2090 — CVSS 9.8 (critical): Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors…
CVE-2018-5122 — CVSS 9.8 (critical): A potential integer overflow in the "DoCrypt" function of WebCrypto was identified. If a means was found of exploiting it, it could result…