Ubuntu Linux@17.10 Security Vulnerabilities and Issues — Page 10 of Ubuntu Linux@17.10 CVE List

Lucene search

CanonicalUbuntu Linux17.10

491 matches found

CVE•added 2017/10/05 7:29 a.m.•64 views

CVE-2017-15033

ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c.

7.5CVSS8.2AI score0.00257EPSS

CVE•added 2017/12/27 5:8 p.m.•64 views

CVE-2017-17885

In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allows attackers to cause a denial of service via a crafted PICT image file.

6.5CVSS6.5AI score0.0045EPSS

CVE•added 2018/01/12 8:29 p.m.•64 views

CVE-2017-18028

In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allow remote attackers to cause a denial of service via a crafted file.

7.1CVSS6.6AI score0.00625EPSS

CVE•added 2018/03/01 9:29 p.m.•64 views

CVE-2017-18209

In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ImageMagick 7.0.7, a NULL pointer dereference vulnerability occurs because a memory allocation result is not checked, related to GetOpenCLCacheDirectory.

8.8CVSS7AI score0.00389EPSS

CVE•added 2018/04/19 2:29 a.m.•64 views

CVE-2018-2778

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successfu...

4.9CVSS5AI score0.0038EPSS

CVE•added 2017/09/12 8:29 a.m.•63 views

CVE-2017-14326

In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file.

6.5CVSS6.5AI score0.00377EPSS

CVE•added 2018/12/07 10:29 p.m.•63 views

CVE-2017-16909

An error related to the "LibRaw::panasonic_load_raw()" function (dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image.

8.8CVSS8.4AI score0.00584EPSS

CVE•added 2017/12/27 5:8 p.m.•63 views

CVE-2017-17882

In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file.

6.5CVSS6.5AI score0.0045EPSS

CVE•added 2018/03/15 7:29 p.m.•63 views

CVE-2017-18236

An issue was discovered in Exempi before 2.4.4. The ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted .asf file.

5.5CVSS5.7AI score0.00173EPSS

CVE•added 2018/04/19 2:29 a.m.•63 views

CVE-2018-2776

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Group Replication GCS). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via XCom to compromise MySQL Server. Successful attacks ...

4.9CVSS5.1AI score0.0038EPSS

CVE•added 2017/09/12 8:29 a.m.•62 views

CVE-2017-14325

In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function PersistPixelCache in magick/cache.c, which allows attackers to cause a denial of service (memory consumption in ReadMPCImage in coders/mpc.c) via a crafted file.

7.1CVSS6.5AI score0.00421EPSS

CVE•added 2018/04/03 6:29 a.m.•62 views

CVE-2017-7161

An issue was discovered in certain Apple products. Safari before 11.0.2 is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to execute arbitrary code via special characters that trigger command injection.

8.8CVSS7.2AI score0.00954EPSS

CVE•added 2018/04/19 2:29 a.m.•62 views

CVE-2018-2780

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

6.5CVSS5.6AI score0.00494EPSS

CVE•added 2017/09/21 5:29 a.m.•61 views

CVE-2017-14626

ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c.

9.8CVSS7.5AI score0.01117EPSS

CVE•added 2018/01/05 7:29 p.m.•61 views

CVE-2017-18022

In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand in MagickWand/montage.c.

6.5CVSS7.1AI score0.0029EPSS

CVE•added 2018/01/29 5:29 p.m.•61 views

CVE-2018-6381

In ZZIPlib 0.13.67, 0.13.66, 0.13.65, 0.13.64, 0.13.63, 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57 and 0.13.56 there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function (zzip/mmapped.c) because the size variable is not validated against the amount of fi...

6.5CVSS5.7AI score0.00317EPSS

CVE•added 2018/02/09 6:29 a.m.•61 views

CVE-2018-6869

In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

6.5CVSS5.5AI score0.01067EPSS

CVE•added 2018/02/02 2:29 p.m.•60 views

CVE-2017-14177

Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an...

7.8CVSS7.6AI score0.00109EPSS

CVE•added 2017/09/12 5:29 p.m.•60 views

CVE-2017-14343

ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file.

6.5CVSS6.2AI score0.00406EPSS

CVE•added 2017/10/10 8:29 p.m.•60 views

CVE-2017-15218

ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c.

6.5CVSS7AI score0.00467EPSS

CVE•added 2018/02/01 5:29 a.m.•60 views

CVE-2018-6484

In ZZIPlib 0.13.67, there is a memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

6.5CVSS5.5AI score0.00416EPSS

CVE•added 2018/01/12 8:29 p.m.•59 views

CVE-2017-18027

In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.

6.5CVSS6.6AI score0.00615EPSS

CVE•added 2018/01/12 8:29 p.m.•59 views

CVE-2017-18029

In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.

6.5CVSS6.6AI score0.00897EPSS

CVE•added 2018/03/06 6:29 p.m.•59 views

CVE-2018-7729

An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the PostScript_MetaHandler::ParsePSFile() function in XMPFiles/source/FileHandlers/PostScript_Handler.cpp.

5.5CVSS6.1AI score0.00344EPSS

CVE•added 2017/09/12 5:29 p.m.•58 views

CVE-2017-14342

ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file.

6.5CVSS6.8AI score0.00266EPSS

CVE•added 2018/01/01 8:29 a.m.•57 views

CVE-2017-18008

In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in coders/pwp.c.

6.5CVSS7.1AI score0.00469EPSS

CVE•added 2018/04/10 6:29 p.m.•56 views

CVE-2018-9918

libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and QPDF_Dictionary classes, because nesting in direct objects is not restricted.

7.8CVSS7.2AI score0.00107EPSS

CVE•added 2017/10/05 7:29 a.m.•54 views

CVE-2017-15032

ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.

9.8CVSS9.1AI score0.00316EPSS

CVE•added 2017/12/27 5:8 p.m.•54 views

CVE-2017-17886

In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service via a crafted psd image file.

6.5CVSS6.3AI score0.00447EPSS

CVE•added 2018/05/31 4:29 p.m.•54 views

CVE-2018-11625

In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file allows attackers to cause a heap-based buffer over-read via a crafted file.

8.8CVSS8.1AI score0.00193EPSS

CVE•added 2018/07/01 10:29 p.m.•54 views

CVE-2018-13043

scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing.

9.8CVSS9.4AI score0.01277EPSS

CVE•added 2018/02/27 10:29 p.m.•54 views

CVE-2018-7548

In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result.

9.8CVSS8.4AI score0.00222EPSS

CVE•added 2017/09/18 1:29 a.m.•53 views

CVE-2017-14533

ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c.

6.5CVSS7AI score0.00467EPSS

CVE•added 2018/06/01 3:29 p.m.•53 views

CVE-2018-11655

In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function GetImagePixelCache in MagickCore/cache.c, which allows attackers to cause a denial of service via a crafted CALS image file.

6.5CVSS6.5AI score0.00253EPSS

CVE•added 2018/01/12 9:29 a.m.•53 views

CVE-2018-5358

ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes function in coders/json.c, as demonstrated by the ReadPSDLayersInternal function in coders/psd.c.

6.5CVSS6.9AI score0.00406EPSS

CVE•added 2017/10/10 8:29 p.m.•52 views

CVE-2017-15217

ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c.

6.5CVSS7AI score0.00534EPSS

CVE•added 2018/03/06 6:29 p.m.•52 views

CVE-2018-7731

An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FormatSupport/WEBP_Support.cpp does not check whether a bitstream has a NULL value, leading to a NULL pointer dereference in the WEBP::VP8XChunk class.

5.5CVSS6AI score0.00478EPSS

CVE•added 2018/03/28 8:29 p.m.•51 views

CVE-2018-8885

screenresolution-mechanism in screen-resolution-extra 0.17.2 does not properly use the PolicyKit D-Bus API, which allows local users to bypass intended access restrictions by leveraging a race condition via a setuid or pkexec process that is mishandled in a PolicyKitService._check_permission call.

7CVSS6.5AI score0.0004EPSS

CVE•added 2018/02/02 2:29 p.m.•50 views

CVE-2017-14180

Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than ...

7.8CVSS7.5AI score0.00052EPSS

CVE•added 2018/02/02 2:29 p.m.•45 views

CVE-2017-14179

Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers.

7.8CVSS7.5AI score0.00034EPSS

CVE•added 2018/08/06 8:29 p.m.•38 views

CVE-2018-7073

A local arbitrary file modification vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24.

5.5CVSS5.4AI score0.00727EPSS

Total number of security vulnerabilities491