Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Canonical)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-09-21 | CVE-2019-16680 | An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction. | Ubuntu_linux, Debian_linux, File\-Roller, Enterprise_linux | N/A | ||
| 2018-02-19 | CVE-2018-7253 | The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file. | Ubuntu_linux, Debian_linux, Wavpack | 7.8 | ||
| 2018-02-06 | CVE-2018-6767 | A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file. | Ubuntu_linux, Debian_linux, Wavpack | 7.8 | ||
| 2016-10-03 | CVE-2016-6352 | The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file. | Ubuntu_linux, Gdk\-Pixbuf, Leap, Opensuse | 7.5 | ||
| 2015-11-06 | CVE-2015-7697 | Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive. | Ubuntu_linux, Debian_linux, Unzip | N/A | ||
| 2015-11-06 | CVE-2015-7696 | Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value. | Ubuntu_linux, Debian_linux, Unzip | N/A | ||
| 2015-02-06 | CVE-2014-9636 | unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression. | Ubuntu_linux, Debian_linux, Fedora, Unzip | N/A | ||
| 2008-09-18 | CVE-2008-4098 | MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097. | Ubuntu_linux, Debian_linux, Mysql, Mysql | N/A | ||
| 2008-05-05 | CVE-2008-2079 | MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future. | Ubuntu_linux, Debian_linux, Mysql, Mysql | N/A | ||
| 2008-01-10 | CVE-2008-0226 | Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp. | Mac_os_x, Ubuntu_linux, Debian_linux, Mysql, Mysql, Yassl | N/A |