Vulnerabilities (CVE)

Filtered by vendor Canonical Subscribe
Filtered by product Ubuntu Linux
Total 4150 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-10903 3 Canonical, Cryptography, Redhat 3 Ubuntu Linux, Python-cryptography, Openstack 2024-02-28 5.0 MEDIUM 7.5 HIGH
A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.
CVE-2018-20685 9 Canonical, Debian, Fujitsu and 6 more 30 Ubuntu Linux, Debian Linux, M10-1 and 27 more 2024-02-28 2.6 LOW 5.3 MEDIUM
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
CVE-2018-0735 6 Canonical, Debian, Netapp and 3 more 23 Ubuntu Linux, Debian Linux, Cloud Backup and 20 more 2024-02-28 4.3 MEDIUM 5.9 MEDIUM
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).
CVE-2018-19787 3 Canonical, Debian, Lxml 3 Ubuntu Linux, Debian Linux, Lxml 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-3146.
CVE-2018-19931 3 Canonical, Gnu, Netapp 3 Ubuntu Linux, Binutils, Vasa Provider 2024-02-28 6.8 MEDIUM 7.8 HIGH
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted.
CVE-2018-14618 4 Canonical, Debian, Haxx and 1 more 4 Ubuntu Linux, Debian Linux, Libcurl and 1 more 2024-02-28 10.0 HIGH 9.8 CRITICAL
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)
CVE-2018-20191 3 Canonical, Fedoraproject, Qemu 3 Ubuntu Linux, Fedora, Qemu 2024-02-28 5.0 MEDIUM 7.5 HIGH
hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference).
CVE-2018-16867 3 Canonical, Fedoraproject, Qemu 3 Ubuntu Linux, Fedora, Qemu 2024-02-28 4.4 MEDIUM 7.8 HIGH
A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lead do DoS scenario OR possibly lead to code execution on the host.
CVE-2018-16846 4 Canonical, Debian, Opensuse and 1 more 6 Ubuntu Linux, Debian Linux, Leap and 3 more 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices.
CVE-2018-19407 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2024-02-28 4.9 MEDIUM 5.5 MEDIUM
The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized.
CVE-2018-15862 2 Canonical, Xkbcommon 3 Ubuntu Linux, Libxkbcommon, Xkbcommon 2024-02-28 2.1 LOW 5.5 MEDIUM
Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers.
CVE-2018-16062 5 Canonical, Debian, Elfutils Project and 2 more 7 Ubuntu Linux, Debian Linux, Elfutils and 4 more 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.
CVE-2019-7576 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2024-02-28 6.8 MEDIUM 8.8 HIGH
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).
CVE-2019-7665 5 Canonical, Debian, Elfutils Project and 2 more 11 Ubuntu Linux, Debian Linux, Elfutils and 8 more 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.
CVE-2018-2952 6 Canonical, Debian, Hp and 3 more 26 Ubuntu Linux, Debian Linux, Xp7 Command View and 23 more 2024-02-28 4.3 MEDIUM 3.7 LOW
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2019-9077 4 Canonical, F5, Gnu and 1 more 4 Ubuntu Linux, Traffix Signaling Delivery Controller, Binutils and 1 more 2024-02-28 6.8 MEDIUM 7.8 HIGH
An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.
CVE-2018-20021 3 Canonical, Debian, Libvnc Project 3 Ubuntu Linux, Debian Linux, Libvncserver 2024-02-28 7.8 HIGH 7.5 HIGH
LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835: Infinite loop vulnerability in VNC client code. Vulnerability allows attacker to consume excessive amount of resources like CPU and RAM
CVE-2018-14647 6 Canonical, Debian, Fedoraproject and 3 more 8 Ubuntu Linux, Debian Linux, Fedora and 5 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.
CVE-2019-3813 4 Canonical, Debian, Redhat and 1 more 9 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 6 more 2024-02-28 5.4 MEDIUM 7.5 HIGH
Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.
CVE-2018-14350 4 Canonical, Debian, Mutt and 1 more 4 Ubuntu Linux, Debian Linux, Mutt and 1 more 2024-02-28 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long INTERNALDATE field.