Product:

Ubuntu_linux

(Canonical)
Repositories https://github.com/torvalds/linux
https://github.com/ImageMagick/ImageMagick
https://github.com/LibRaw/LibRaw
https://github.com/neomutt/neomutt
https://github.com/xkbcommon/libxkbcommon
https://github.com/kyz/libmspack
https://github.com/FreeRDP/FreeRDP
https://github.com/gpac/gpac
https://github.com/krb5/krb5
https://github.com/curl/curl
https://github.com/dbry/WavPack
https://github.com/file/file
https://github.com/audreyt/module-signature
https://github.com/ntp-project/ntp
https://github.com/apache/httpd
https://github.com/openvswitch/ovs
https://github.com/newsoft/libvncserver
https://github.com/LibVNC/libvncserver
https://github.com/Perl/perl5
https://github.com/rubygems/rubygems
https://github.com/libarchive/libarchive
https://github.com/tats/w3m
https://github.com/erikd/libsndfile
https://github.com/libgd/libgd
https://github.com/memcached/memcached
https://github.com/dosfstools/dosfstools
https://github.com/php/php-src
https://github.com/WebKit/webkit
https://github.com/lxc/lxcfs
https://github.com/bagder/curl
https://github.com/vrtadmin/clamav-devel
https://github.com/ImageMagick/ImageMagick6
https://github.com/requests/requests
https://github.com/opencontainers/runc
https://github.com/GNOME/pango
https://github.com/kennethreitz/requests
https://github.com/ansible/ansible
https://github.com/lxml/lxml
https://github.com/beanshell/beanshell
https://github.com/glennrp/libpng
https://github.com/openssh/openssh-portable
https://github.com/git/git
https://github.com/mm2/Little-CMS
https://github.com/openbsd/src
https://github.com/libjpeg-turbo/libjpeg-turbo
• git://git.openssl.org/openssl.git
https://github.com/mysql/mysql-server
https://github.com/dovecot/core
https://git.kernel.org/pub/scm/git/git.git
https://github.com/openstack/nova-lxd
https://github.com/apple/cups
https://github.com/derickr/timelib
https://git.savannah.gnu.org/git/patch.git
https://github.com/puppetlabs/puppet
https://github.com/lxc/lxc
https://github.com/flori/json
https://github.com/qpdf/qpdf
https://github.com/TeX-Live/texlive-source
https://github.com/liblouis/liblouis
https://github.com/lavv17/lftp
https://github.com/Cisco-Talos/clamav-devel
https://github.com/moinwiki/moin-1.9
https://github.com/pyca/cryptography
https://github.com/libimobiledevice/libimobiledevice
https://github.com/jpirko/libndp
https://github.com/wikimedia/mediawiki
https://github.com/kohler/t1utils
https://github.com/khaledhosny/ots
https://github.com/jmacd/xdelta-devel
https://github.com/quassel/quassel
https://github.com/hexchat/hexchat
https://github.com/mongodb/mongo-python-driver
https://github.com/openstack/glance
https://github.com/openstack/nova
#Vulnerabilities 2948
Date Id Summary Products Score Patch Annotated
2008-12-29 CVE-2008-4539 Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320. Ubuntu_linux, Debian_linux, Kvm, Qemu N/A
2018-05-30 CVE-2018-10196 NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file. Ubuntu_linux, Fedora, Graphviz 5.5
2018-10-23 CVE-2018-18584 In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write. Cabextract, Ubuntu_linux, Debian_linux, Libmspack, Enterprise_linux, Linux_enterprise_server 6.5
2018-10-31 CVE-2016-6328 A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications' private data). Ubuntu_linux, Debian_linux, Libexif 8.1
2016-06-30 CVE-2016-4971 GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. Ubuntu_linux, Wget, Solaris, Pan\-Os 8.8
2020-05-19 CVE-2020-10724 A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read. Ubuntu_linux, Data_plane_development_kit, Fedora 4.4
2020-09-30 CVE-2020-14375 A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhost_crypto has validated it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Ubuntu_linux, Data_plane_development_kit, Leap 7.8
2020-02-24 CVE-2020-1935 In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely. Tomcat, Ubuntu_linux, Debian_linux, Data_availability_services, Oncommand_system_manager, Leap, Agile_engineering_data_management, Agile_product_lifecycle_management, Communications_element_manager, Communications_instant_messaging_server, Health_sciences_empirica_inspections, Health_sciences_empirica_signal, Hospitality_guest_access, Hyperion_infrastructure_technology, Instantis_enterprisetrack, Mysql_enterprise_monitor, Retail_order_broker, Siebel_ui_framework, Transportation_management, Workload_manager 4.8