Lucene search

K
CanonicalUbuntu Linux18.10

425 matches found

CVE
CVE
added 2018/10/09 10:29 p.m.127 views

CVE-2018-17958

Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.

7.5CVSS8.4AI score0.02654EPSS
CVE
CVE
added 2018/11/29 6:29 p.m.126 views

CVE-2018-8785

FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress() that results in a memory corruption and probably even a remote code execution.

9.8CVSS9.7AI score0.14661EPSS
CVE
CVE
added 2019/03/21 4:1 p.m.126 views

CVE-2019-3832

It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash.

5.5CVSS5.9AI score0.00848EPSS
CVE
CVE
added 2018/06/21 6:29 p.m.125 views

CVE-2018-12617

qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a cra...

7.5CVSS7.5AI score0.45671EPSS
CVE
CVE
added 2019/03/30 2:29 p.m.125 views

CVE-2019-10649

In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file.

5.5CVSS5.1AI score0.00384EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.124 views

CVE-2018-12395

By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.

7.5CVSS7AI score0.01888EPSS
CVE
CVE
added 2018/04/19 2:29 a.m.124 views

CVE-2018-2810

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

4.9CVSS5AI score0.0009EPSS
CVE
CVE
added 2018/11/26 2:29 a.m.123 views

CVE-2018-19535

In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file.

6.5CVSS6.2AI score0.00365EPSS
CVE
CVE
added 2019/02/06 7:29 p.m.123 views

CVE-2019-3464

Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.

9.8CVSS9.3AI score0.07932EPSS
CVE
CVE
added 2019/04/09 4:29 p.m.123 views

CVE-2019-3887

A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash...

6.7CVSS6AI score0.00011EPSS
CVE
CVE
added 2019/04/01 7:29 p.m.122 views

CVE-2019-8956

In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory.

7.8CVSS7.4AI score0.01164EPSS
CVE
CVE
added 2019/03/21 4:0 p.m.120 views

CVE-2018-18849

In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value.

5.5CVSS7.1AI score0.00047EPSS
CVE
CVE
added 2018/11/23 8:29 a.m.120 views

CVE-2018-19486

Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.

9.8CVSS9.2AI score0.00311EPSS
CVE
CVE
added 2019/03/26 6:29 p.m.120 views

CVE-2019-3878

A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP...

8.1CVSS7.7AI score0.03208EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.119 views

CVE-2018-12406

Mozilla developers and community members reported memory safety bugs present in Firefox 63. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 64.

8.8CVSS8AI score0.00379EPSS
CVE
CVE
added 2018/11/07 4:29 p.m.119 views

CVE-2018-19058

An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.

6.5CVSS6.2AI score0.00273EPSS
CVE
CVE
added 2018/11/08 8:29 a.m.117 views

CVE-2018-19107

In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file.

6.5CVSS6.4AI score0.00308EPSS
CVE
CVE
added 2019/02/06 7:29 p.m.117 views

CVE-2019-3463

Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.

9.8CVSS9.2AI score0.08711EPSS
CVE
CVE
added 2020/06/17 4:15 p.m.116 views

CVE-2020-14403

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings.

5.5CVSS6.1AI score0.0085EPSS
CVE
CVE
added 2020/06/17 4:15 p.m.116 views

CVE-2020-14404

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings.

5.5CVSS6.1AI score0.01019EPSS
CVE
CVE
added 2018/08/21 4:29 p.m.115 views

CVE-2018-6557

The MOTD update script in the base-files package in Ubuntu 18.04 LTS before 10.1ubuntu2.2, and Ubuntu 18.10 before 10.1ubuntu6 incorrectly handled temporary files. A local attacker could use this issue to cause a denial of service, or possibly escalate privileges if kernel symlink restrictions were...

7CVSS7AI score0.00114EPSS
CVE
CVE
added 2018/10/09 10:29 p.m.111 views

CVE-2018-17963

qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.

9.8CVSS9.7AI score0.0481EPSS
CVE
CVE
added 2019/03/21 6:29 p.m.108 views

CVE-2019-9903

PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.

6.5CVSS6.3AI score0.00445EPSS
CVE
CVE
added 2019/02/18 5:29 p.m.106 views

CVE-2019-8904

do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf.

8.8CVSS6.1AI score0.0051EPSS
CVE
CVE
added 2019/04/22 4:29 p.m.105 views

CVE-2019-11454

Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an...

6.1CVSS6.3AI score0.01535EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.102 views

CVE-2018-12403

If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users. This vulnerability affects Firefox < 63.

5.3CVSS6.1AI score0.01508EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.101 views

CVE-2018-12399

When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approving a protocol handler that they otherwise would not have. This vulnerability affects Firefox < 63.

4.3CVSS5.5AI score0.0057EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.99 views

CVE-2018-12407

A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module. This results in a potentially exploitable crash. This vulnerability affects Firefox < 64.

9.8CVSS7.3AI score0.05316EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.98 views

CVE-2018-12398

By using the reflected URL in some special resource URIs, such as chrome:, it is possible to inject stylesheets and bypass Content Security Policy (CSP). This vulnerability affects Firefox < 63.

6.5CVSS7AI score0.00431EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.98 views

CVE-2018-12402

The internal WebBrowserPersist code does not use correct origin context for a resource being saved. This manifests when sub-resources are loaded as part of "Save Page As..." functionality. For example, a malicious page could recover a visitor's Windows username and NTLM hash by including resources ...

6.5CVSS7.1AI score0.0012EPSS
CVE
CVE
added 2018/11/07 4:29 p.m.97 views

CVE-2018-19059

An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.

6.5CVSS6.3AI score0.00131EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.96 views

CVE-2018-12388

Mozilla developers and community members reported memory safety bugs present in Firefox 62. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63.

8.8CVSS9.4AI score0.00457EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.96 views

CVE-2018-12401

Some special resource URIs will cause a non-exploitable crash if loaded with optional parameters following a '?' in the parsed string. This could lead to denial of service (DOS) attacks. This vulnerability affects Firefox < 63.

7.5CVSS7.4AI score0.0255EPSS
CVE
CVE
added 2018/11/10 7:29 p.m.96 views

CVE-2018-19149

Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.

6.5CVSS6.4AI score0.002EPSS
CVE
CVE
added 2019/02/05 9:29 p.m.95 views

CVE-2018-18503

When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatch in some situations. This vulnerability affects Firefox < 65.

8.8CVSS5.2AI score0.02345EPSS
CVE
CVE
added 2019/08/29 3:15 p.m.95 views

CVE-2019-11476

An integer overflow in whoopsie before versions 0.2.52.5ubuntu0.1, 0.2.62ubuntu0.1, 0.2.64ubuntu0.1, 0.2.66, results in an out-of-bounds write to a heap allocated buffer when processing large crash dumps. This results in a crash or possible code-execution in the context of the whoopsie process.

7.8CVSS7.1AI score0.00104EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.94 views

CVE-2018-18495

WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pages and use capabilities that were intended to be restricted from extensions. T...

6.5CVSS6.8AI score0.00725EPSS
CVE
CVE
added 2019/04/22 4:29 p.m.94 views

CVE-2019-11455

A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage).

8.1CVSS7.5AI score0.02266EPSS
CVE
CVE
added 2019/02/28 6:29 p.m.92 views

CVE-2018-18497

Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. This could allow a malicious WebExtension to open privileged about: or file: locations. This vuln...

6.5CVSS6.6AI score0.00986EPSS
CVE
CVE
added 2018/11/07 4:29 p.m.92 views

CVE-2018-19060

An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.

6.5CVSS6.3AI score0.0015EPSS
CVE
CVE
added 2019/03/27 1:29 p.m.91 views

CVE-2019-3877

A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. Thi...

6.1CVSS6.6AI score0.00708EPSS
CVE
CVE
added 2019/02/05 9:29 p.m.90 views

CVE-2018-18502

Mozilla developers and community members reported memory safety bugs present in Firefox 64. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 65.

10CVSS6.4AI score0.05242EPSS
CVE
CVE
added 2019/02/05 9:29 p.m.90 views

CVE-2018-18504

A crash and out-of-bounds read can occur when the buffer of a texture client is freed while it is still in use during graphic operations. This results is a potentially exploitable crash and the possibility of reading from the memory of the freed buffers. This vulnerability affects Firefox < 65.

9.8CVSS5.3AI score0.03653EPSS
CVE
CVE
added 2018/10/26 2:29 p.m.88 views

CVE-2018-15687

A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.

7.8CVSS7.6AI score0.00352EPSS
CVE
CVE
added 2019/03/25 12:29 a.m.86 views

CVE-2019-10018

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case.

5.5CVSS5.8AI score0.00486EPSS
CVE
CVE
added 2017/07/24 1:29 a.m.84 views

CVE-2017-11591

There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.

7.5CVSS7.2AI score0.00491EPSS
CVE
CVE
added 2018/11/02 10:29 p.m.84 views

CVE-2018-16847

An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU pr...

7.8CVSS8.4AI score0.00109EPSS
CVE
CVE
added 2018/10/26 2:29 p.m.83 views

CVE-2018-18661

An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c.

6.5CVSS7.1AI score0.00263EPSS
CVE
CVE
added 2018/12/20 11:29 p.m.79 views

CVE-2018-20191

hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference).

7.5CVSS6.9AI score0.01625EPSS
CVE
CVE
added 2017/07/27 6:29 a.m.78 views

CVE-2017-11683

There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.

6.5CVSS6.5AI score0.00408EPSS
Total number of security vulnerabilities425