Lucene search

K
CanonicalUbuntu Linux

49 matches found

CVE
CVE
added 2018/02/08 11:29 p.m.1318 views

CVE-2018-6789

An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.

9.8CVSS9.6AI score0.84656EPSS
CVE
CVE
added 2018/02/16 5:29 p.m.589 views

CVE-2017-18190

A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS serv...

7.5CVSS7.8AI score0.00242EPSS
CVE
CVE
added 2018/02/13 7:29 p.m.423 views

CVE-2018-6951

An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue.

7.5CVSS7.1AI score0.23094EPSS
CVE
CVE
added 2018/02/28 8:29 p.m.347 views

CVE-2018-1304

The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It ...

5.9CVSS6.7AI score0.01855EPSS
CVE
CVE
added 2018/02/09 11:29 p.m.330 views

CVE-2018-1000026

Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass...

7.7CVSS7.3AI score0.00865EPSS
CVE
CVE
added 2018/02/23 11:29 p.m.318 views

CVE-2018-1305

Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that po...

6.5CVSS6.3AI score0.0878EPSS
CVE
CVE
added 2018/02/09 11:29 p.m.317 views

CVE-2018-1000027

The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remo...

7.5CVSS7.5AI score0.1069EPSS
CVE
CVE
added 2018/02/09 11:29 p.m.294 views

CVE-2018-1000024

The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server de...

7.5CVSS7.5AI score0.02177EPSS
CVE
CVE
added 2018/02/12 7:29 p.m.261 views

CVE-2018-6927

The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value.

7.8CVSS7AI score0.00084EPSS
CVE
CVE
added 2018/02/08 5:29 p.m.254 views

CVE-2018-1000030

Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are han...

3.6CVSS6.4AI score0.00952EPSS
CVE
CVE
added 2018/02/16 9:29 p.m.252 views

CVE-2018-1049

In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denia...

5.9CVSS5.5AI score0.00764EPSS
CVE
CVE
added 2018/02/04 10:29 p.m.233 views

CVE-2018-6616

In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.

5.5CVSS5.6AI score0.00075EPSS
CVE
CVE
added 2018/02/09 6:29 a.m.232 views

CVE-2018-6871

LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.

9.8CVSS9.1AI score0.59797EPSS
CVE
CVE
added 2018/02/09 2:29 p.m.226 views

CVE-2018-1053

In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of pg_dumpall -g under umask which was in effect when the user invoked pg_upgrade, and not under 0077 whic...

7CVSS6.5AI score0.00053EPSS
CVE
CVE
added 2018/02/03 3:29 p.m.214 views

CVE-2018-6594

lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assu...

7.5CVSS7.2AI score0.00639EPSS
CVE
CVE
added 2018/02/13 8:29 p.m.190 views

CVE-2018-6954

systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This...

7.8CVSS7.2AI score0.00054EPSS
CVE
CVE
added 2018/02/26 8:29 p.m.184 views

CVE-2018-7492

A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST.

5.5CVSS5.7AI score0.0008EPSS
CVE
CVE
added 2018/02/13 5:29 a.m.166 views

CVE-2018-6942

An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.

6.5CVSS6.1AI score0.00316EPSS
CVE
CVE
added 2018/02/19 11:29 p.m.161 views

CVE-2018-7253

The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file.

7.8CVSS6.4AI score0.00879EPSS
CVE
CVE
added 2018/02/06 10:29 p.m.155 views

CVE-2018-6767

A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file.

7.8CVSS6.8AI score0.00879EPSS
CVE
CVE
added 2018/02/24 6:29 a.m.153 views

CVE-2018-7456

A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to pri...

6.5CVSS7.4AI score0.00742EPSS
CVE
CVE
added 2018/02/19 1:29 p.m.150 views

CVE-2018-5379

The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code.

9.8CVSS9.5AI score0.15491EPSS
CVE
CVE
added 2018/02/09 6:29 a.m.144 views

CVE-2016-10712

In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a "$uri = stream_get_meta_data(fopen($file, "r"))['uri']" call mishandles the case where $file...

7.5CVSS8.2AI score0.0027EPSS
CVE
CVE
added 2018/02/19 3:29 p.m.138 views

CVE-2018-7225

An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packe...

9.8CVSS8.7AI score0.0375EPSS
CVE
CVE
added 2018/02/25 8:29 p.m.137 views

CVE-2018-7480

The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure.

7.8CVSS7.5AI score0.00087EPSS
CVE
CVE
added 2018/02/23 5:29 p.m.125 views

CVE-2018-6764

util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.

7.8CVSS6.5AI score0.00038EPSS
CVE
CVE
added 2018/02/05 3:29 a.m.114 views

CVE-2018-6188

django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.

7.5CVSS7.1AI score0.0074EPSS
CVE
CVE
added 2018/02/27 10:29 p.m.101 views

CVE-2017-18206

In utils.c in zsh before 5.4, symlink expansion had a buffer overflow.

9.8CVSS7.2AI score0.00415EPSS
CVE
CVE
added 2018/02/09 8:29 p.m.98 views

CVE-2017-10689

In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.

5.5CVSS5.5AI score0.00092EPSS
CVE
CVE
added 2018/02/27 10:29 p.m.94 views

CVE-2014-10071

In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the ">& fd" syntax.

9.8CVSS7.4AI score0.00275EPSS
CVE
CVE
added 2018/02/19 1:29 p.m.92 views

CVE-2018-5381

The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAF...

7.5CVSS8.1AI score0.10093EPSS
CVE
CVE
added 2018/02/15 8:29 p.m.92 views

CVE-2018-7052

An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. When the number of windows exceeds the available space, a crash due to a NULL pointer dereference would occur.

7.5CVSS8.2AI score0.01142EPSS
CVE
CVE
added 2018/02/15 8:29 p.m.92 views

CVE-2018-7054

An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when a server is disconnected during netsplits. NOTE: this issue exists because of an incomplete fix for CVE-2017-7191.

9.8CVSS9.4AI score0.01646EPSS
CVE
CVE
added 2018/02/27 10:29 p.m.92 views

CVE-2018-7549

In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p.

7.5CVSS7.1AI score0.00276EPSS
CVE
CVE
added 2018/02/15 8:29 p.m.86 views

CVE-2018-7051

An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. Certain nick names could result in out-of-bounds access when printing theme strings.

7.5CVSS8.2AI score0.00672EPSS
CVE
CVE
added 2018/02/19 1:29 p.m.84 views

CVE-2018-5378

The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash.

7.1CVSS7.2AI score0.03721EPSS
CVE
CVE
added 2018/02/15 8:29 p.m.84 views

CVE-2018-7053

An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected order.

9.8CVSS9.2AI score0.00865EPSS
CVE
CVE
added 2018/02/23 10:29 p.m.84 views

CVE-2018-7443

The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c).

6.5CVSS6.2AI score0.01218EPSS
CVE
CVE
added 2018/02/15 8:29 p.m.83 views

CVE-2018-7050

An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. A NULL pointer dereference occurs for an "empty" nick.

7.5CVSS8.3AI score0.01142EPSS
CVE
CVE
added 2018/02/19 1:29 p.m.78 views

CVE-2018-5380

The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.

4.3CVSS6.5AI score0.01402EPSS
CVE
CVE
added 2018/02/27 10:29 p.m.74 views

CVE-2016-10714

In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters.

9.8CVSS7AI score0.00226EPSS
CVE
CVE
added 2018/02/02 9:29 a.m.67 views

CVE-2018-6540

In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

6.5CVSS5.5AI score0.00416EPSS
CVE
CVE
added 2018/02/02 9:29 a.m.65 views

CVE-2018-6541

In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_trailer (zzip/zip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

6.5CVSS5.4AI score0.00442EPSS
CVE
CVE
added 2018/02/09 6:29 a.m.61 views

CVE-2018-6869

In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

6.5CVSS5.5AI score0.01067EPSS
CVE
CVE
added 2018/02/02 2:29 p.m.60 views

CVE-2017-14177

Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an...

7.8CVSS7.6AI score0.00109EPSS
CVE
CVE
added 2018/02/01 5:29 a.m.60 views

CVE-2018-6484

In ZZIPlib 0.13.67, there is a memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

6.5CVSS5.5AI score0.00416EPSS
CVE
CVE
added 2018/02/27 10:29 p.m.54 views

CVE-2018-7548

In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result.

9.8CVSS8.4AI score0.00222EPSS
CVE
CVE
added 2018/02/02 2:29 p.m.50 views

CVE-2017-14180

Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than ...

7.8CVSS7.5AI score0.00052EPSS
CVE
CVE
added 2018/02/02 2:29 p.m.45 views

CVE-2017-14179

Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers.

7.8CVSS7.5AI score0.00034EPSS