Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 20 results


CVE-2023-1183

Medium priority
Needs evaluation

A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the...

1 affected packages

hsqldb1.8.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
hsqldb1.8.0 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-0614

Medium priority

Some fixes available 9 of 15

The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC.

2 affected packages

ldb, samba

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ldb Not in release Fixed Fixed Vulnerable Vulnerable
samba Fixed Fixed Fixed Vulnerable Vulnerable
Show less packages

CVE-2022-41853

Medium priority
Needs evaluation

Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any...

1 affected packages

hsqldb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
hsqldb Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-32746

Medium priority

Some fixes available 9 of 17

A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when...

2 affected packages

ldb, samba

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ldb Not in release Fixed Fixed Ignored Needs evaluation
samba Fixed Fixed Fixed Ignored Needs evaluation
Show less packages

CVE-2021-3670

Low priority

Some fixes available 2 of 10

MaxQueryDuration not honoured in Samba AD DC LDAP

2 affected packages

ldb, samba

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ldb Not in release Not affected Fixed Vulnerable Needs evaluation
samba Not affected Not affected Fixed Vulnerable Needs evaluation
Show less packages

CVE-2021-43668

Low priority
Needs evaluation

Go-Ethereum 1.10.9 nodes crash (denial of service) after receiving a serial of messages and cannot be recovered. They will crash with "runtime error: invalid memory address or nil pointer dereference" and arise a SEGV signal.

1 affected packages

golang-goleveldb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-goleveldb Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-20277

High priority
Fixed

A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from...

2 affected packages

ldb, samba

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ldb Fixed Fixed Fixed
samba Not affected Not affected Not affected
Show less packages

CVE-2020-27840

High priority
Fixed

A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The...

2 affected packages

ldb, samba

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ldb Fixed Fixed Fixed
samba Not affected Not affected Not affected
Show less packages

CVE-2019-12300

Medium priority

Some fixes available 11 of 14

Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to read the user details of a victim, they can login...

1 affected packages

buildbot

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
buildbot Fixed Fixed Fixed Vulnerable Not affected
Show less packages

CVE-2019-3824

Medium priority
Fixed

A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the LDAP server, could use this flaw...

1 affected packages

ldb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ldb Fixed Fixed
Show less packages