CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Canonical » Ubuntu Linux » 16.04 ~~lts~~~ : Security Vulnerabilities

Cpe Name:cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-1000301 119 DoS Overflow 2018-05-24 2018-07-18
6.4
None Remote Low Not required Partial None Partial
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0.
2 CVE-2018-1000300 119 DoS Overflow 2018-05-24 2018-07-18
7.5
None Remote Low Not required Partial Partial Partial
curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0.
3 CVE-2018-1000199 388 Exec Code Mem. Corr. 2018-05-24 2018-06-27
4.9
None Local Low Not required None None Complete
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.
4 CVE-2018-1000156 20 Exec Code 2018-04-06 2018-06-28
6.8
None Remote Medium Not required Partial Partial Partial
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.
5 CVE-2018-1000127 190 Overflow 2018-03-13 2018-07-31
5.0
None Remote Low Not required None None Partial
memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to the memcached service. This vulnerability appears to have been fixed in 1.4.37 and later.
6 CVE-2018-1000122 119 DoS Overflow +Info 2018-03-14 2018-07-18
6.4
None Remote Low Not required Partial None Partial
A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage
7 CVE-2018-1000121 476 DoS 2018-03-14 2018-07-18
5.0
None Remote Low Not required None None Partial
A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service
8 CVE-2018-1000120 787 DoS Overflow 2018-03-14 2018-07-18
7.5
None Remote Low Not required Partial Partial Partial
A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.
9 CVE-2018-1000115 20 DoS 2018-03-05 2018-06-07
5.0
None Remote Low Not required None None Partial
Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default.
10 CVE-2018-1000097 119 Exec Code Overflow 2018-03-12 2018-04-13
6.8
None Remote Medium Not required Partial Partial Partial
Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Failure to perform checking of the buffer containing input line. that can result in Could lead to code execution. This attack appear to be exploitable via Victim have to run unshar command on a specially crafted file..
11 CVE-2018-12600 787 2018-06-20 2018-08-09
6.8
None Remote Medium Not required Partial Partial Partial
In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file.
12 CVE-2018-12599 787 2018-06-20 2018-08-09
6.8
None Remote Medium Not required Partial Partial Partial
In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file.
13 CVE-2018-12293 190 Overflow 2018-06-19 2018-08-13
6.8
None Remote Medium Not required Partial Partial Partial
The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer overflow, which could be abused by crafted HTML content.
14 CVE-2018-12265 125 Overflow 2018-06-13 2018-08-02
6.8
None Remote Medium Not required Partial Partial Partial
Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp.
15 CVE-2018-12264 125 Overflow 2018-06-13 2018-08-02
6.8
None Remote Medium Not required Partial Partial Partial
Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp.
16 CVE-2018-12020 19 2018-06-08 2018-08-01
5.0
None Remote Low Not required None Partial None
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.
17 CVE-2018-12015 22 Dir. Trav. Bypass 2018-06-07 2018-08-06
6.4
None Remote Low Not required None Partial Partial
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
18 CVE-2018-11685 119 Overflow 2018-06-04 2018-06-25
6.8
None Remote Medium Not required Partial Partial Partial
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c.
19 CVE-2018-11684 119 Overflow 2018-06-04 2018-06-25
6.8
None Remote Medium Not required Partial Partial Partial
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c.
20 CVE-2018-11683 119 Overflow 2018-06-04 2018-06-25
6.8
None Remote Medium Not required Partial Partial Partial
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.
21 CVE-2018-11656 399 DoS 2018-06-01 2018-06-27
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file.
22 CVE-2018-11655 399 DoS 2018-06-01 2018-06-27
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function GetImagePixelCache in MagickCore/cache.c, which allows attackers to cause a denial of service via a crafted CALS image file.
23 CVE-2018-11577 19 2018-05-30 2018-07-13
6.8
None Remote Medium Not required Partial Partial Partial
Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c.
24 CVE-2018-11440 119 Overflow 2018-05-25 2018-06-25
6.8
None Remote Medium Not required Partial Partial Partial
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c.
25 CVE-2018-11410 416 DoS 2018-05-24 2018-06-26
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Liblouis 3.5.0. A invalid free in the compileRule function in compileTranslationTable.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
26 CVE-2018-11235 254 Exec Code Dir. Trav. Bypass 2018-05-30 2018-07-11
6.8
None Remote Medium Not required Partial Partial Partial
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.
27 CVE-2018-11233 125 2018-05-30 2018-07-11
5.0
None Remote Low Not required Partial None None
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.
28 CVE-2018-10768 476 DoS 2018-05-06 2018-06-12
5.0
None Remote Low Not required None None Partial
There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.
29 CVE-2018-10549 125 2018-04-29 2018-07-06
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final '\0' character.
30 CVE-2018-10548 476 DoS 2018-04-29 2018-07-06
5.0
None Remote Low Not required None None Partial
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value.
31 CVE-2018-10547 79 XSS 2018-04-29 2018-07-06
4.3
None Remote Medium Not required None Partial None
An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712.
32 CVE-2018-10546 400 2018-04-29 2018-07-06
5.0
None Remote Low Not required None None Partial
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences.
33 CVE-2018-10545 200 Bypass +Info 2018-04-29 2018-07-06
1.9
None Local Medium Not required Partial None None
An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensitive information from the process memory of a second user's PHP applications by running gcore on the PID of the PHP-FPM worker process.
34 CVE-2018-10529 125 2018-04-28 2018-06-04
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecting the X3F property table list implementation in libraw_x3f.cpp and libraw_cxx.cpp.
35 CVE-2018-10528 125 Overflow 2018-04-28 2018-06-04
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer overflow in the utf2char function in libraw_cxx.cpp.
36 CVE-2018-10194 119 DoS Overflow 2018-04-18 2018-05-23
6.8
None Remote Medium Not required Partial Partial Partial
The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.
37 CVE-2018-9918 399 DoS 2018-04-10 2018-05-23
6.8
None Remote Medium Not required Partial Partial Partial
libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and QPDF_Dictionary classes, because nesting in direct objects is not restricted.
38 CVE-2018-8960 119 Overflow 2018-03-23 2018-08-09
6.8
None Remote Medium Not required Partial Partial Partial
The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation, leading to a heap-based buffer over-read.
39 CVE-2018-8897 264 2018-05-08 2018-07-27
7.2
None Local Low Not required Complete Complete Complete
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.
40 CVE-2018-8885 362 Bypass 2018-03-28 2018-04-27
4.4
None Local Medium Not required Partial Partial Partial
screenresolution-mechanism in screen-resolution-extra 0.17.2 does not properly use the PolicyKit D-Bus API, which allows local users to bypass intended access restrictions by leveraging a race condition via a setuid or pkexec process that is mishandled in a PolicyKitService._check_permission call.
41 CVE-2018-8781 190 Exec Code Overflow 2018-04-23 2018-08-03
7.2
None Local Low Not required Complete Complete Complete
The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space.
42 CVE-2018-8780 22 Dir. Trav. 2018-04-03 2018-08-02
7.5
None Remote Low Not required Partial Partial Partial
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed.
43 CVE-2018-8779 20 2018-04-03 2018-08-02
5.0
None Remote Low Not required None Partial None
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket.
44 CVE-2018-8778 200 +Info 2018-04-03 2018-08-02
5.0
None Remote Low Not required Partial None None
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure.
45 CVE-2018-8043 476 DoS 2018-03-10 2018-05-09
2.1
None Local Low Not required None None Partial
The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference).
46 CVE-2018-8014 254 2018-05-16 2018-06-28
7.5
None Remote Low Not required Partial Partial Partial
The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue.
47 CVE-2018-7537 185 2018-03-09 2018-04-02
5.0
None Remote Low Not required None None Partial
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.
48 CVE-2018-7536 185 2018-03-09 2018-04-02
5.0
None Remote Low Not required None None Partial
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.
49 CVE-2018-6914 22 Dir. Trav. 2018-04-03 2018-08-02
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument.
50 CVE-2018-6913 119 Exec Code Overflow 2018-04-17 2018-05-22
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.
Total number of vulnerabilities : 428   Page : 1 (This Page)2 3 4 5 6 7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.