Filtered by vendor Canonical
Subscribe
Total
4202 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-11803 | 2 Apache, Canonical | 2 Subversion, Ubuntu Linux | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation. | |||||
CVE-2018-12369 | 2 Canonical, Mozilla | 3 Ubuntu Linux, Firefox, Firefox Esr | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. This allowed a malicious WebExtension to gain full browser permissions. This vulnerability affects Firefox ESR < 60.1 and Firefox < 61. | |||||
CVE-2018-5733 | 4 Canonical, Debian, Isc and 1 more | 8 Ubuntu Linux, Debian Linux, Dhcp and 5 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0. | |||||
CVE-2017-18344 | 3 Canonical, Linux, Redhat | 9 Ubuntu Linux, Linux Kernel, Enterprise Linux Desktop and 6 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE). | |||||
CVE-2018-10873 | 4 Canonical, Debian, Redhat and 1 more | 11 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 8 more | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts. | |||||
CVE-2018-18314 | 5 Canonical, Debian, Netapp and 2 more | 8 Ubuntu Linux, Debian Linux, E-series Santricity Os Controller and 5 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations. | |||||
CVE-2018-12375 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Memory safety bugs present in Firefox 61. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62. | |||||
CVE-2018-10880 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2024-02-28 | 7.1 HIGH | 5.5 MEDIUM |
Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service. | |||||
CVE-2018-12376 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. | |||||
CVE-2018-17407 | 3 Canonical, Debian, Tug | 3 Ubuntu Linux, Debian Linux, Tex Live | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex. | |||||
CVE-2019-6111 | 10 Apache, Canonical, Debian and 7 more | 27 Mina Sshd, Ubuntu Linux, Debian Linux and 24 more | 2024-02-28 | 5.8 MEDIUM | 5.9 MEDIUM |
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file). | |||||
CVE-2018-14359 | 4 Canonical, Debian, Mutt and 1 more | 4 Ubuntu Linux, Debian Linux, Mutt and 1 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They have a buffer overflow via base64 data. | |||||
CVE-2019-3463 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands. | |||||
CVE-2018-4208 | 4 Apple, Canonical, Microsoft and 1 more | 9 Icloud, Iphone Os, Itunes and 6 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. | |||||
CVE-2018-12392 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3. | |||||
CVE-2018-12389 | 4 Canonical, Debian, Mozilla and 1 more | 10 Ubuntu Linux, Debian Linux, Firefox Esr and 7 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.3 and Thunderbird < 60.3. | |||||
CVE-2018-14734 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-02-28 | 6.1 MEDIUM | 7.8 HIGH |
drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free). | |||||
CVE-2018-14434 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c. | |||||
CVE-2018-16402 | 5 Canonical, Debian, Elfutils Project and 2 more | 7 Ubuntu Linux, Debian Linux, Elfutils and 4 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice. | |||||
CVE-2018-15863 | 2 Canonical, Xkbcommon | 3 Ubuntu Linux, Libxkbcommon, Xkbcommon | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression. |