Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Canonical)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2005-05-13 | CVE-2005-0758 | zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. | Ubuntu_linux, Gzip | N/A | ||
2018-11-29 | CVE-2018-8785 | FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress() that results in a memory corruption and probably even a remote code execution. | Ubuntu_linux, Freerdp | 9.8 | ||
2018-11-29 | CVE-2018-8784 | FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress_segment() that results in a memory corruption and probably even a remote code execution. | Ubuntu_linux, Freerdp | 9.8 | ||
2018-10-26 | CVE-2018-6559 | The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace. | Ubuntu_linux, Linux_kernel | 3.3 | ||
2018-09-04 | CVE-2018-6555 | The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket. | Ubuntu_linux, Debian_linux, Linux_kernel | 7.8 | ||
2018-09-04 | CVE-2018-6554 | Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket. | Ubuntu_linux, Debian_linux, Linux_kernel | 5.5 | ||
2018-02-19 | CVE-2018-5381 | The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service. | Ubuntu_linux, Debian_linux, Quagga, Ruggedcom_rox_ii_firmware | 7.5 | ||
2018-02-19 | CVE-2018-5380 | The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input. | Ubuntu_linux, Debian_linux, Quagga, Ruggedcom_rox_ii_firmware | 4.3 | ||
2018-02-19 | CVE-2018-5379 | The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code. | Ubuntu_linux, Debian_linux, Quagga, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Ruggedcom_rox_ii_firmware | 9.8 | ||
2018-02-19 | CVE-2018-5378 | The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash. | Ubuntu_linux, Debian_linux, Quagga | 5.9 |