CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Canonical » Ubuntu Linux » 18.04 ~~lts~~~ : Security Vulnerabilities

Cpe Name:cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2011-2767 94 Exec Code 2018-08-26 2019-09-24
10.0
None Remote Low Not required Complete Complete Complete
mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.
2 CVE-2016-3616 476 DoS Exec Code 2017-02-13 2019-08-06
6.8
None Remote Medium Not required Partial Partial Partial
The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.
3 CVE-2016-5824 416 DoS 2017-01-27 2019-04-02
4.3
None Remote Medium Not required None None Partial
libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file.
4 CVE-2017-5934 79 XSS 2018-10-15 2018-11-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5 CVE-2017-6519 346 DoS +Info 2017-04-30 2019-10-02
6.4
None Remote Low Not required Partial None Partial
avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809.
6 CVE-2017-7810 119 Overflow Mem. Corr. 2018-06-11 2018-08-01
10.0
None Remote Low Not required Complete Complete Complete
Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
7 CVE-2017-7826 119 Overflow Mem. Corr. 2018-06-11 2018-08-01
10.0
None Remote Low Not required Complete Complete Complete
Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.
8 CVE-2017-11591 DoS 2017-07-23 2019-10-02
5.0
None Remote Low Not required None None Partial
There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.
9 CVE-2017-11683 617 DoS 2017-07-27 2019-10-02
4.3
None Remote Medium Not required None None Partial
There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.
10 CVE-2017-12691 770 DoS 2017-09-01 2019-10-02
7.1
None Remote Medium Not required None None Complete
The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
11 CVE-2017-12692 770 DoS 2017-09-01 2019-10-02
7.1
None Remote Medium Not required None None Complete
The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file.
12 CVE-2017-12693 770 DoS 2017-09-01 2019-10-02
7.1
None Remote Medium Not required None None Complete
The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted BMP file.
13 CVE-2017-13168 732 2017-12-06 2019-10-02
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability in the kernel scsi driver. Product: Android. Versions: Android kernel. Android ID A-65023233.
14 CVE-2017-14060 476 DoS 2017-08-31 2019-05-14
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a malformed image file.
15 CVE-2017-14177 400 DoS +Priv 2018-02-02 2018-02-15
7.2
None Local Low Not required Complete Complete Complete
Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1324.
16 CVE-2017-14179 400 DoS +Priv 2018-02-02 2018-02-15
7.2
None Local Low Not required Complete Complete Complete
Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers.
17 CVE-2017-14180 400 DoS +Priv 2018-02-02 2018-02-15
7.2
None Local Low Not required Complete Complete Complete
Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179.
18 CVE-2017-14325 772 DoS 2017-09-12 2019-10-02
7.1
None Remote Medium Not required None None Complete
In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function PersistPixelCache in magick/cache.c, which allows attackers to cause a denial of service (memory consumption in ReadMPCImage in coders/mpc.c) via a crafted file.
19 CVE-2017-14326 772 DoS 2017-09-12 2019-10-02
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file.
20 CVE-2017-14341 400 2017-09-12 2019-05-14
7.1
None Remote Medium Not required None None Complete
ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file.
21 CVE-2017-14342 400 2017-09-12 2019-04-17
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file.
22 CVE-2017-14343 772 2017-09-12 2019-10-02
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file.
23 CVE-2017-14531 770 2017-09-17 2019-10-02
7.1
None Remote Medium Not required None None Complete
ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c.
24 CVE-2017-14532 476 2017-09-17 2019-05-14
7.5
None Remote Low Not required Partial Partial Partial
ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c.
25 CVE-2017-14533 772 2017-09-17 2019-10-02
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c.
26 CVE-2017-14607 125 2017-09-20 2019-04-17
5.8
None Remote Medium Not required Partial None Partial
In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.
27 CVE-2017-14624 476 2017-09-21 2019-05-14
7.5
None Remote Low Not required Partial Partial Partial
ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c.
28 CVE-2017-14625 476 2017-09-21 2019-05-14
7.5
None Remote Low Not required Partial Partial Partial
ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_output_create in coders/sixel.c.
29 CVE-2017-14626 476 2017-09-21 2019-05-14
7.5
None Remote Low Not required Partial Partial Partial
ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c.
30 CVE-2017-15015 476 2017-10-04 2019-05-14
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c.
31 CVE-2017-15016 476 2017-10-04 2019-04-16
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c.
32 CVE-2017-15017 476 2017-10-04 2019-05-14
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c.
33 CVE-2017-15032 772 2017-10-05 2019-10-02
7.5
None Remote Low Not required Partial Partial Partial
ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.
34 CVE-2017-15033 772 2017-10-05 2019-10-02
5.0
None Remote Low Not required None None Partial
ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c.
35 CVE-2017-15105 20 2018-01-23 2019-10-09
5.0
None Remote Low Not required None Partial None
A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof.
36 CVE-2017-15217 772 2017-10-10 2019-10-02
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c.
37 CVE-2017-15218 772 2017-10-10 2019-10-02
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c.
38 CVE-2017-15281 119 DoS Overflow 2017-10-12 2019-05-14
6.8
None Remote Medium Not required Partial Partial Partial
ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s)."
39 CVE-2017-15705 20 DoS 2018-09-17 2018-12-16
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts. In Apache SpamAssassin, using HTML::Parser, we setup an object and hook into the begin and end tag event handlers In both cases, the "open" event is immediately followed by a "close" event - even if the tag *does not* close in the HTML being parsed. Because of this, we are missing the "text" event to deal with the object normally. This can cause carefully crafted emails that might take more scan time than expected leading to a Denial of Service. The issue is possibly a bug or design decision in HTML::Parser that specifically impacts the way Apache SpamAssassin uses the module with poorly formed html. The exploit has been seen in the wild but not believed to have been purposefully part of a Denial of Service attempt. We are concerned that there may be attempts to abuse the vulnerability in the future.
40 CVE-2017-15710 787 DoS 2018-03-26 2019-08-15
5.0
None Remote Low Not required None None Partial
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.
41 CVE-2017-15715 20 2018-03-26 2019-08-15
6.8
None Remote Medium Not required Partial Partial Partial
In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.
42 CVE-2017-16546 119 DoS Overflow 2017-11-05 2019-04-16
6.8
None Remote Medium Not required Partial Partial Partial
The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.
43 CVE-2017-17499 416 2017-12-10 2019-04-16
7.5
None Remote Low Not required Partial Partial Partial
ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp.
44 CVE-2017-17504 125 2017-12-10 2019-10-02
4.3
None Remote Medium Not required None None Partial
ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage.
45 CVE-2017-17669 125 DoS 2017-12-13 2019-10-02
4.3
None Remote Medium Not required None None Partial
There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack.
46 CVE-2017-17680 772 DoS 2017-12-14 2019-10-02
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted xpm image file.
47 CVE-2017-17681 835 DoS 2017-12-14 2019-10-02
7.1
None Remote Medium Not required None None Complete
In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file.
48 CVE-2017-17682 400 DoS 2017-12-14 2019-05-14
7.1
None Remote Medium Not required None None Complete
In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file that triggers a ReadWPGImage call.
49 CVE-2017-17879 125 2017-12-27 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error.
50 CVE-2017-17881 772 DoS 2017-12-27 2019-10-02
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted MAT image file.
Total number of vulnerabilities : 686   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.