Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Canonical)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2020-06-30 | CVE-2020-5973 | NVIDIA Virtual GPU Manager and the guest drivers contain a vulnerability in vGPU plugin, in which there is the potential to execute privileged operations, which may lead to denial of service. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3). | Ubuntu_linux, Virtual_gpu | 4.4 | ||
2020-07-15 | CVE-2019-20908 | An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. Incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032. | Ubuntu_linux, Linux_kernel, Leap | 6.7 | ||
2016-04-21 | CVE-2013-7449 | The ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | Ubuntu_linux, Hexchat, Xchat, Xchat_gnome | 6.5 | ||
2018-03-08 | CVE-2018-7183 | Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array. | Ubuntu_linux, Freebsd, Element_software, Ntp | 9.8 | ||
2012-06-16 | CVE-2011-3193 | Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. | Ubuntu_linux, Pango, Opensuse, Qt, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation | N/A | ||
2018-08-24 | CVE-2018-15120 | libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences. | Ubuntu_linux, Pango | 6.5 | ||
2019-11-18 | CVE-2019-19069 | A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka CID-fc739a058d99. | Fabric_operating_system, Ubuntu_linux, Linux_kernel, Active_iq_unified_manager, Aff_a400_firmware, Aff_a700s_firmware, Data_availability_services, E\-Series_santricity_os_controller, Fas8300_firmware, Fas8700_firmware, H610s_firmware, Hci_compute_node, Hci_management_node, Hci_storage_node, Solidfire, Steelstore_cloud_integrated_storage | 7.5 | ||
2014-05-08 | CVE-2014-0190 | The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image. | Ubuntu_linux, Fedora, Opensuse, Qt | N/A | ||
2021-06-12 | CVE-2021-32553 | It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users. | Ubuntu_linux, Openjdk | 5.5 | ||
2021-06-12 | CVE-2021-32554 | It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data to other local users. | Ubuntu_linux | 5.5 |