Vulnerabilities > Canonical > Ubuntu Linux > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-02-21 CVE-2021-44142 Out-of-bounds Write vulnerability in multiple products
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes.
network
low complexity
samba debian canonical synology fedoraproject redhat CWE-787
critical
9.0
2022-02-18 CVE-2020-25719 Improper Authentication vulnerability in multiple products
A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication.
network
low complexity
samba debian fedoraproject canonical redhat CWE-287
critical
9.0
2020-08-17 CVE-2020-1472 Use of Insufficiently Random Values vulnerability in multiple products
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.
9.3
2020-08-10 CVE-2020-15659 Out-of-bounds Write vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0.
network
mozilla opensuse canonical CWE-787
critical
9.3
2020-07-09 CVE-2020-12410 Out-of-bounds Write vulnerability in multiple products
Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8.
network
mozilla canonical CWE-787
critical
9.3
2020-07-09 CVE-2020-12417 Incorrect Conversion between Numeric Types vulnerability in multiple products
Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash.
network
mozilla canonical opensuse CWE-681
critical
9.3
2020-07-09 CVE-2020-12420 Use After Free vulnerability in multiple products
When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash.
network
mozilla canonical opensuse CWE-416
critical
9.3
2020-05-26 CVE-2020-12395 Out-of-bounds Write vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7.
network
low complexity
mozilla canonical CWE-787
critical
10.0
2020-04-28 CVE-2020-12284 Out-of-bounds Write vulnerability in multiple products
cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check.
network
low complexity
ffmpeg canonical debian CWE-787
critical
10.0
2020-01-29 CVE-2020-7247 Improper Handling of Exceptional Conditions vulnerability in multiple products
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field.
network
low complexity
openbsd debian fedoraproject canonical CWE-755
critical
10.0