Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Canonical)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-10-14 | CVE-2019-17539 | In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer. | Ubuntu_linux, Debian_linux, Ffmpeg | 9.8 | ||
| 2018-06-21 | CVE-2018-3665 | System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. | Ubuntu_linux, Xenserver, Debian_linux, Freebsd, Core_i3, Core_i5, Core_i7, Core_m, Core_m3, Core_m5, Core_m7, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_workstation | 5.6 | ||
| 2018-02-08 | CVE-2018-6789 | An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely. | Ubuntu_linux, Debian_linux, Exim | 9.8 | ||
| 2019-02-18 | CVE-2019-8912 | In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr. | Ubuntu_linux, Linux_kernel, Leap, Enterprise_linux | 7.8 | ||
| 2019-02-22 | CVE-2018-20784 | In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load. | Ubuntu_linux, Linux_kernel, Enterprise_linux, Enterprise_linux_for_real_time | 9.8 | ||
| 2019-02-22 | CVE-2019-9003 | In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop. | Ubuntu_linux, Linux_kernel, Cn1610_firmware, Hci_management_node, Snapprotect, Solidfire, Leap | 7.5 | ||
| 2017-05-08 | CVE-2017-8831 | The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.11.5 allows local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a "double fetch" vulnerability. | Ubuntu_linux, Debian_linux, Linux_kernel | 6.4 | ||
| 2018-09-04 | CVE-2018-16435 | Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile. | Ubuntu_linux, Debian_linux, Little_cms_color_engine, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 5.5 | ||
| 2019-11-14 | CVE-2019-18978 | An issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format. | Ubuntu_linux, Debian_linux, Rack\-Cors | 5.3 | ||
| 2021-04-17 | CVE-2021-3492 | Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562. | Ubuntu_linux | 7.8 |