Lucene search

K
CanonicalUbuntu Linux17.10

491 matches found

CVE
CVE
added 2018/03/02 3:29 p.m.115 views

CVE-2017-15130

A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart.

5.9CVSS5.8AI score0.0141EPSS
CVE
CVE
added 2018/06/08 6:29 p.m.115 views

CVE-2018-4222

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" co...

8.8CVSS8AI score0.68543EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.115 views

CVE-2018-5129

A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firef...

8.6CVSS9.2AI score0.02394EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.114 views

CVE-2017-7826

Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thu...

10CVSS8.9AI score0.02508EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.114 views

CVE-2018-5127

A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.

8.8CVSS9.2AI score0.18402EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.114 views

CVE-2018-5144

An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7.

7.5CVSS7.8AI score0.04415EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.114 views

CVE-2018-5145

Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7.

9.8CVSS9.6AI score0.03792EPSS
CVE
CVE
added 2017/12/01 5:29 p.m.113 views

CVE-2017-16611

In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.

5.5CVSS5.2AI score0.00056EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.113 views

CVE-2018-12369

WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. This allowed a malicious WebExtension to gain full browser permissions. This vulnerability affects Firefox ESR < 60.1 and Firefox < 61.

9.8CVSS8AI score0.0247EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.113 views

CVE-2018-5187

Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox...

9.8CVSS8.9AI score0.03757EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.112 views

CVE-2018-5185

Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.

6.5CVSS7.3AI score0.0034EPSS
CVE
CVE
added 2018/02/05 3:29 a.m.112 views

CVE-2018-6188

django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.

7.5CVSS7.1AI score0.0074EPSS
CVE
CVE
added 2018/01/31 8:29 p.m.111 views

CVE-2017-18043

Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash).

5.5CVSS6.9AI score0.00037EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.111 views

CVE-2017-7810

Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thu...

10CVSS8.9AI score0.02513EPSS
CVE
CVE
added 2018/04/24 6:29 p.m.111 views

CVE-2018-1059

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions be...

6.1CVSS5.8AI score0.00256EPSS
CVE
CVE
added 2018/04/23 8:29 p.m.111 views

CVE-2018-1106

An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system.

5.5CVSS5.2AI score0.0003EPSS
CVE
CVE
added 2018/05/29 7:29 a.m.111 views

CVE-2018-11531

Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp.

9.8CVSS7AI score0.00255EPSS
CVE
CVE
added 2018/06/01 3:29 p.m.109 views

CVE-2018-11656

In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file.

6.5CVSS6.9AI score0.00187EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.109 views

CVE-2018-5157

Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR < 52.8...

7.5CVSS6.1AI score0.00606EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.109 views

CVE-2018-5184

Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.

7.5CVSS7.2AI score0.00789EPSS
CVE
CVE
added 2016/08/02 2:59 p.m.108 views

CVE-2016-6185

The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.

7.8CVSS7.7AI score0.00451EPSS
CVE
CVE
added 2018/07/27 4:29 p.m.107 views

CVE-2017-15119

The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from s...

8.6CVSS8.6AI score0.01766EPSS
CVE
CVE
added 2017/11/17 8:29 p.m.107 views

CVE-2017-16845

hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access.

10CVSS9.2AI score0.02074EPSS
CVE
CVE
added 2018/06/08 6:29 p.m.107 views

CVE-2018-4232

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attacker...

4.3CVSS5.2AI score0.01891EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.107 views

CVE-2018-5170

It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.

4.3CVSS6.1AI score0.0117EPSS
CVE
CVE
added 2018/05/10 2:29 p.m.106 views

CVE-2017-18266

The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment ...

8.8CVSS8.2AI score0.01377EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.106 views

CVE-2018-5130

When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59.

8.8CVSS8.5AI score0.01193EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.106 views

CVE-2018-5131

Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessib...

5.9CVSS6.3AI score0.01451EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.105 views

CVE-2018-2846

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. ...

4.9CVSS5AI score0.0038EPSS
CVE
CVE
added 2018/04/03 6:29 a.m.105 views

CVE-2018-4127

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers ...

8.8CVSS8.7AI score0.00579EPSS
CVE
CVE
added 2018/05/10 2:29 a.m.104 views

CVE-2018-10958

In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call.

6.5CVSS6.4AI score0.01419EPSS
CVE
CVE
added 2018/06/08 6:29 p.m.104 views

CVE-2018-4199

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attacker...

8.8CVSS8.7AI score0.03352EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.104 views

CVE-2018-5180

A use-after-free vulnerability can occur during WebGL operations. While this results in a potentially exploitable crash, the vulnerability is limited because the memory is freed and reused in a brief window of time during the freeing of the same callstack. This vulnerability affects Firefox < 60...

7.5CVSS6.5AI score0.03059EPSS
CVE
CVE
added 2018/12/07 10:29 p.m.104 views

CVE-2018-5801

An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.

6.5CVSS7AI score0.01363EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.102 views

CVE-2018-12370

In Reader View SameSite cookie protections are not checked on exiting. This allows for a payload to be triggered when Reader View is exited if loaded by a malicious site while Reader mode is active, bypassing CSRF protections. This vulnerability affects Firefox < 61.

8.8CVSS7.9AI score0.00392EPSS
CVE
CVE
added 2018/02/27 10:29 p.m.101 views

CVE-2017-18206

In utils.c in zsh before 5.4, symlink expansion had a buffer overflow.

9.8CVSS7.2AI score0.00415EPSS
CVE
CVE
added 2018/05/28 1:29 p.m.101 views

CVE-2018-11508

The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex.

5.5CVSS4.9AI score0.01537EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.101 views

CVE-2018-5151

Memory safety bugs were reported in Firefox 59. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 60.

10CVSS7.6AI score0.04615EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.101 views

CVE-2018-5173

The filename appearing in the "Downloads" panel improperly renders some Unicode characters, allowing for the file name to be spoofed. This can be used to obscure the file extension of potentially executable files from user view in the panel. Note: the dialog to open the file will show the full, cor...

5.3CVSS6.2AI score0.00927EPSS
CVE
CVE
added 2017/12/11 2:29 a.m.100 views

CVE-2017-17499

ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp.

9.8CVSS9.2AI score0.02031EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.100 views

CVE-2018-5162

Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.

7.5CVSS7.3AI score0.00699EPSS
CVE
CVE
added 2018/04/03 6:29 a.m.99 views

CVE-2017-13885

An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attacker...

8.8CVSS7.7AI score0.00385EPSS
CVE
CVE
added 2018/05/12 4:29 a.m.99 views

CVE-2018-10998

An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call.

6.5CVSS6.2AI score0.01214EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.99 views

CVE-2018-2777

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

4.9CVSS5AI score0.0009EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.99 views

CVE-2018-2786

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

5.5CVSS5.4AI score0.00074EPSS
CVE
CVE
added 2018/12/07 10:29 p.m.99 views

CVE-2018-5800

An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.

6.5CVSS7.2AI score0.02261EPSS
CVE
CVE
added 2018/10/18 1:29 p.m.98 views

CVE-2018-12358

Service workers can use redirection to avoid the tainting of cross-origin resources in some instances, allowing a malicious site to read responses which are supposed to be opaque. This vulnerability affects Firefox < 61.

4.3CVSS5.1AI score0.00399EPSS
CVE
CVE
added 2018/04/03 6:29 a.m.98 views

CVE-2018-4161

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" compon...

8.8CVSS8.6AI score0.00759EPSS
CVE
CVE
added 2018/06/08 6:29 p.m.98 views

CVE-2018-4190

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attacker...

8.8CVSS6.9AI score0.01516EPSS
CVE
CVE
added 2018/06/08 6:29 p.m.98 views

CVE-2018-4218

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" co...

8.8CVSS8.7AI score0.53585EPSS
Total number of security vulnerabilities491