Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Canonical)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2018-10-08 | CVE-2018-1000808 | Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploitable via Depends upon calling application, however it could be as simple as initiating a TLS connection. Anything that would cause the calling application to reload certificates from a PKCS #12 store.. This... | Ubuntu_linux, Pyopenssl, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Gluster_storage, Openstack | 5.9 | ||
2018-10-09 | CVE-2018-17963 | qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. | Ubuntu_linux, Debian_linux, Qemu, Openstack, Virtualization, Virtualization_manager | 9.8 | ||
2017-07-25 | CVE-2017-7980 | Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation. | Ubuntu_linux, Debian_linux, Qemu, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openstack, Virtualization | 7.8 | ||
2019-01-03 | CVE-2018-16876 | ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data. | Ubuntu_linux, Debian_linux, Ansible, Ansible_engine, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Openstack, Package_hub | 5.3 | ||
2019-10-14 | CVE-2019-17544 | libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character. | Ubuntu_linux, Aspell | 9.1 | ||
2019-05-08 | CVE-2019-11815 | An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup. | Ubuntu_linux, Debian_linux, Linux_kernel, Active_iq_unified_manager, Cn1610_firmware, Hci_compute_node, Hci_management_node, Hci_storage_node, Snapprotect, Solidfire, Storage_replication_adapter, Vasa_provider_for_clustered_data_ontap, Virtual_storage_console, Leap | 8.1 | ||
2019-09-13 | CVE-2019-15031 | In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c. | Ubuntu_linux, Linux_kernel, Leap, Enterprise_linux | 4.4 | ||
2019-09-25 | CVE-2019-13627 | It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7. | Ubuntu_linux, Libgcrypt20, Leap | 6.3 | ||
2019-10-14 | CVE-2019-17542 | FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c. | Ubuntu_linux, Debian_linux, Ffmpeg | 9.8 | ||
2020-01-08 | CVE-2019-17020 | If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the Content Security Policy applied to the XML document. This vulnerability affects Firefox < 72. | Ubuntu_linux, Firefox | 6.5 |