Product:

Ubuntu_linux

(Canonical)
Repositories https://github.com/torvalds/linux
https://github.com/LibRaw/LibRaw
https://github.com/neomutt/neomutt
https://github.com/ImageMagick/ImageMagick
https://github.com/xkbcommon/libxkbcommon
https://github.com/FreeRDP/FreeRDP
https://github.com/kyz/libmspack
https://github.com/gpac/gpac
https://github.com/curl/curl
https://github.com/file/file
https://github.com/dbry/WavPack
https://github.com/audreyt/module-signature
https://github.com/LibVNC/libvncserver
https://github.com/rubygems/rubygems
https://github.com/Perl/perl5
https://github.com/libarchive/libarchive
https://github.com/tats/w3m
https://github.com/openvswitch/ovs
https://github.com/ntp-project/ntp
https://github.com/apache/httpd
https://github.com/newsoft/libvncserver
https://github.com/memcached/memcached
https://github.com/WebKit/webkit
https://github.com/libgd/libgd
https://github.com/dosfstools/dosfstools
https://github.com/lxc/lxcfs
https://github.com/bagder/curl
https://github.com/vrtadmin/clamav-devel
https://github.com/openssh/openssh-portable
https://github.com/dovecot/core
https://git.kernel.org/pub/scm/git/git.git
https://github.com/openstack/nova-lxd
https://github.com/apple/cups
https://github.com/beanshell/beanshell
https://github.com/php/php-src
https://github.com/derickr/timelib
https://github.com/glennrp/libpng
https://github.com/openbsd/src
https://git.savannah.gnu.org/git/patch.git
https://github.com/requests/requests
https://github.com/puppetlabs/puppet
https://github.com/lxc/lxc
https://github.com/flori/json
https://github.com/libjpeg-turbo/libjpeg-turbo
https://github.com/simsong/tcpflow
https://github.com/qpdf/qpdf
https://github.com/lxml/lxml
https://github.com/git/git
https://github.com/TeX-Live/texlive-source
https://github.com/liblouis/liblouis
https://github.com/ImageMagick/ImageMagick6
https://github.com/mm2/Little-CMS
https://github.com/GNOME/pango
https://github.com/lavv17/lftp
https://github.com/Cisco-Talos/clamav-devel
https://github.com/moinwiki/moin-1.9
https://github.com/pyca/cryptography
https://github.com/libimobiledevice/libimobiledevice
https://github.com/jpirko/libndp
https://github.com/mysql/mysql-server
https://github.com/wikimedia/mediawiki
https://github.com/kohler/t1utils
https://github.com/kennethreitz/requests
https://github.com/khaledhosny/ots
https://github.com/jmacd/xdelta-devel
https://github.com/quassel/quassel
https://github.com/hexchat/hexchat
https://github.com/mongodb/mongo-python-driver
https://github.com/openstack/glance
https://github.com/openstack/nova
#Vulnerabilities 2218
Date ID Summary Products Score Patch
2018-10-19 CVE-2018-18284 Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. Ghostscript, Gpl_ghostscript, Ubuntu_linux, Debian_linux, Pulse_connect_secure, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation 8.6
2018-09-05 CVE-2018-16513 In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact. Ghostscript, Gpl_ghostscript, Ubuntu_linux, Debian_linux, Pulse_connect_secure 7.8
2018-08-28 CVE-2018-15911 In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code. Ghostscript, Gpl_ghostscript, Ubuntu_linux, Debian_linux, Pulse_connect_secure, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation 7.8
2018-08-27 CVE-2018-15910 In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code. Ghostscript, Gpl_ghostscript, Ubuntu_linux, Debian_linux, Pulse_connect_secure, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_eus, Enterprise_linux_workstation 7.8
2018-12-20 CVE-2018-1000878 libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive. Ubuntu_linux, Debian_linux, Fedora, Libarchive, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation N/A
2018-12-20 CVE-2018-1000877 libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted RAR archive. Ubuntu_linux, Debian_linux, Fedora, Libarchive, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation N/A
2019-11-04 CVE-2017-5331 Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. Ubuntu_linux, Debian_linux, Icoutils, Leap, Opensuse N/A
2019-01-11 CVE-2019-6128 The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb. Ubuntu_linux, Libtiff, Leap 8.8
2019-10-31 CVE-2019-13508 FreeTDS through 1.1.11 has a Buffer Overflow. Ubuntu_linux, Freetds N/A
2019-08-09 CVE-2019-11042 When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. Mac_os_x, Ubuntu_linux, Debian_linux, Leap, Php N/A