Filtered by vendor Canonical
Subscribe
Total
4203 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6634 | 3 Canonical, Microsoft, Parsecgaming | 3 Ubuntu Linux, Windows, Parsec | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in Parsec Windows 142-0 and Parsec 'Linux Ubuntu 16.04 LTS Desktop' Build 142-1 allows unauthorized users to maintain access to an account. | |||||
| CVE-2018-6616 | 4 Canonical, Debian, Oracle and 1 more | 4 Ubuntu Linux, Debian Linux, Georaster and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. | |||||
| CVE-2018-6594 | 3 Canonical, Debian, Dlitz | 3 Ubuntu Linux, Debian Linux, Pycrypto | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation. | |||||
| CVE-2018-6559 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace. | |||||
| CVE-2018-6557 | 2 Base-files Project, Canonical | 2 Base-files, Ubuntu Linux | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
| The MOTD update script in the base-files package in Ubuntu 18.04 LTS before 10.1ubuntu2.2, and Ubuntu 18.10 before 10.1ubuntu6 incorrectly handled temporary files. A local attacker could use this issue to cause a denial of service, or possibly escalate privileges if kernel symlink restrictions were disabled. | |||||
| CVE-2018-6556 | 4 Canonical, Linuxcontainers, Opensuse and 1 more | 6 Ubuntu Linux, Lxc, Leap and 3 more | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2. | |||||
| CVE-2018-6555 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket. | |||||
| CVE-2018-6554 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket. | |||||
| CVE-2018-6553 | 3 Canonical, Cups, Debian | 3 Ubuntu Linux, Cups, Debian Linux | 2024-11-21 | 4.6 MEDIUM | 8.8 HIGH |
| The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. A local attacker could possibly use this issue to escape confinement. This flaw affects versions prior to 2.2.7-1ubuntu2.1 in Ubuntu 18.04 LTS, prior to 2.2.4-7ubuntu3.1 in Ubuntu 17.10, prior to 2.1.3-4ubuntu0.5 in Ubuntu 16.04 LTS, and prior to 1.7.2-0ubuntu1.10 in Ubuntu 14.04 LTS. | |||||
| CVE-2018-6552 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. The is_same_ns() function returns True when /proc/<global pid>/ does not exist in order to indicate that the crash should be handled in the global namespace rather than inside of a container. However, the portion of the data/apport code that decides whether or not to forward a crash to a container does not always replace sys.argv[1] with the value stored in the host_pid variable when /proc/<global pid>/ does not exist which results in the container pid being used in the global namespace. This flaw affects versions 2.20.8-0ubuntu4 through 2.20.9-0ubuntu7, 2.20.7-0ubuntu3.7, 2.20.7-0ubuntu3.8, 2.20.1-0ubuntu2.15 through 2.20.1-0ubuntu2.17, and 2.14.1-0ubuntu3.28. | |||||
| CVE-2018-6541 | 2 Canonical, Zziplib Project | 2 Ubuntu Linux, Zziplib | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_trailer (zzip/zip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. | |||||
| CVE-2018-6540 | 2 Canonical, Zziplib Project | 2 Ubuntu Linux, Zziplib | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. | |||||
| CVE-2018-6484 | 2 Canonical, Zziplib Project | 2 Ubuntu Linux, Zziplib | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ZZIPlib 0.13.67, there is a memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. | |||||
| CVE-2018-6405 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allows remote attackers to cause a denial of service. | |||||
| CVE-2018-6381 | 2 Canonical, Zziplib Project | 2 Ubuntu Linux, Zziplib | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ZZIPlib 0.13.67, 0.13.66, 0.13.65, 0.13.64, 0.13.63, 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57 and 0.13.56 there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function (zzip/mmapped.c) because the size variable is not validated against the amount of file->stored data. | |||||
| CVE-2018-6307 | 3 Canonical, Debian, Libvnc Project | 3 Ubuntu Linux, Debian Linux, Libvncserver | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution. | |||||
| CVE-2018-6198 | 2 Canonical, Tats | 2 Ubuntu Linux, W3m | 2024-11-21 | 3.3 LOW | 4.7 MEDIUM |
| w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files. | |||||
| CVE-2018-6197 | 2 Canonical, Tats | 2 Ubuntu Linux, W3m | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c. | |||||
| CVE-2018-6196 | 2 Canonical, Tats | 2 Ubuntu Linux, W3m | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feed_table_block_tag function in table.c does not prevent a negative indent value. | |||||
| CVE-2018-6188 | 2 Canonical, Djangoproject | 2 Ubuntu Linux, Django | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive. | |||||