Filtered by vendor Canonical
Subscribe
Total
4202 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-3144 | 4 Canonical, Debian, Isc and 1 more | 9 Ubuntu Linux, Debian Linux, Dhcp and 6 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested. | |||||
| CVE-2019-8980 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures. | |||||
| CVE-2018-10881 | 4 Canonical, Debian, Linux and 1 more | 8 Ubuntu Linux, Debian Linux, Linux Kernel and 5 more | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
| A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. | |||||
| CVE-2018-16276 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges. | |||||
| CVE-2018-14622 | 4 Canonical, Debian, Libtirpc Project and 1 more | 8 Ubuntu Linux, Debian Linux, Libtirpc and 5 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections. | |||||
| CVE-2018-19535 | 4 Canonical, Debian, Exiv2 and 1 more | 6 Ubuntu Linux, Debian Linux, Exiv2 and 3 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file. | |||||
| CVE-2018-12405 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. | |||||
| CVE-2019-7582 | 2 Canonical, Libming | 2 Ubuntu Linux, Libming | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| The readBytes function in util/read.c in libming through 0.4.8 allows remote attackers to have unspecified impact via a crafted swf file that triggers a memory allocation failure. | |||||
| CVE-2018-0501 | 2 Canonical, Debian | 2 Ubuntu Linux, Advanced Package Tool | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail. | |||||
| CVE-2018-3284 | 4 Canonical, Mariadb, Netapp and 1 more | 7 Ubuntu Linux, Mariadb, Active Iq Unified Manager and 4 more | 2024-02-28 | 3.5 LOW | 4.4 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2018-10878 | 4 Canonical, Debian, Linux and 1 more | 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more | 2024-02-28 | 6.1 MEDIUM | 7.8 HIGH |
| A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image. | |||||
| CVE-2018-16750 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found. | |||||
| CVE-2018-20662 | 5 Canonical, Debian, Fedoraproject and 2 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing. | |||||
| CVE-2018-18506 | 5 Canonical, Debian, Mozilla and 2 more | 12 Ubuntu Linux, Debian Linux, Firefox and 9 more | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. This vulnerability affects Firefox < 65. | |||||
| CVE-2018-3071 | 3 Canonical, Netapp, Oracle | 6 Ubuntu Linux, Oncommand Insight, Oncommand Workflow Automation and 3 more | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Audit Log). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2018-16880 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-02-28 | 6.9 MEDIUM | 7.0 HIGH |
| A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. Versions from v4.16 and newer are vulnerable. | |||||
| CVE-2018-16645 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is an excessive memory allocation issue in the functions ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image file. | |||||
| CVE-2018-2767 | 6 Canonical, Debian, Mariadb and 3 more | 14 Ubuntu Linux, Debian Linux, Mariadb and 11 more | 2024-02-28 | 3.5 LOW | 3.1 LOW |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2018-15856 | 2 Canonical, Xkbcommon | 2 Ubuntu Linux, Xkbcommon | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| An infinite loop when reaching EOL unexpectedly in compose/parser.c (aka the keymap parser) in xkbcommon before 0.8.1 could be used by local attackers to cause a denial of service during parsing of crafted keymap files. | |||||
| CVE-2018-16542 | 4 Artifex, Canonical, Debian and 1 more | 8 Ghostscript, Ubuntu Linux, Debian Linux and 5 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter. | |||||