Ubuntu_linux - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Ubuntu_linux
(Canonical)

Repositories

• https://github.com/torvalds/linux
• https://github.com/ImageMagick/ImageMagick
• https://github.com/LibRaw/LibRaw
• https://github.com/neomutt/neomutt
• https://github.com/xkbcommon/libxkbcommon

• https://github.com/file/file
• https://github.com/FreeRDP/FreeRDP
• https://github.com/kyz/libmspack
• https://github.com/gpac/gpac
• https://github.com/curl/curl
• https://github.com/krb5/krb5
• https://github.com/apache/httpd
• https://github.com/madler/zlib
• https://github.com/dbry/WavPack
• https://github.com/audreyt/module-signature
• https://github.com/tats/w3m
• https://github.com/libarchive/libarchive
• https://github.com/Perl/perl5
• https://github.com/libgd/libgd
• https://github.com/ntp-project/ntp
• https://github.com/LibVNC/libvncserver
• https://github.com/openvswitch/ovs
• https://github.com/newsoft/libvncserver
• https://github.com/rubygems/rubygems
• https://github.com/mm2/Little-CMS
• https://github.com/memcached/memcached
• https://github.com/erikd/libsndfile
• https://github.com/dosfstools/dosfstools
• https://github.com/php/php-src
• https://github.com/WebKit/webkit
• https://github.com/lxc/lxcfs
• https://github.com/bagder/curl
• https://github.com/vrtadmin/clamav-devel
• https://github.com/bcgit/bc-java
• git://git.openssl.org/openssl.git
• https://github.com/mdadams/jasper
• https://github.com/pyca/cryptography
• https://github.com/opencontainers/runc
• https://git.kernel.org/pub/scm/git/git.git
• https://github.com/openbsd/src
• https://github.com/openssh/openssh-portable
• https://github.com/openstack/glance
• https://github.com/mongodb/mongo-python-driver
• https://github.com/jpirko/libndp
• https://github.com/FFmpeg/FFmpeg
• https://github.com/requests/requests
• https://github.com/glennrp/libpng
• https://github.com/vim/vim
• https://github.com/rdoc/rdoc
• https://github.com/ansible/ansible
• https://github.com/hexchat/hexchat
• https://github.com/GNOME/pango
• https://github.com/stoth68000/media-tree
• https://github.com/ImageMagick/ImageMagick6
• https://github.com/kennethreitz/requests
• https://github.com/lxml/lxml
• https://github.com/beanshell/beanshell
• https://github.com/git/git
• https://github.com/libjpeg-turbo/libjpeg-turbo
• https://github.com/mysql/mysql-server
• https://github.com/dovecot/core
• https://github.com/openstack/nova-lxd
• https://github.com/apple/cups
• https://github.com/derickr/timelib
• https://git.savannah.gnu.org/git/patch.git
• https://github.com/puppetlabs/puppet
• https://github.com/lxc/lxc
• https://github.com/flori/json
• https://github.com/qpdf/qpdf
• https://github.com/TeX-Live/texlive-source
• https://github.com/liblouis/liblouis
• https://github.com/lavv17/lftp
• https://github.com/Cisco-Talos/clamav-devel
• https://github.com/moinwiki/moin-1.9
• https://github.com/libimobiledevice/libimobiledevice
• https://github.com/wikimedia/mediawiki
• https://github.com/kohler/t1utils
• https://github.com/khaledhosny/ots
• https://github.com/jmacd/xdelta-devel
• https://github.com/quassel/quassel
• https://github.com/openstack/nova

#Vulnerabilities

4109

Date	Id	Summary	Products	Score	Patch	Annotated
2018-07-30	CVE-2018-10883	A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.	Ubuntu_linux, Debian_linux, Linux_kernel, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation	5.5
2018-08-22	CVE-2018-10844	It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets.	Ubuntu_linux, Debian_linux, Fedora, Gnutls, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation	5.9
2018-08-21	CVE-2018-10902	It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.	Ubuntu_linux, Debian_linux, Linux_kernel, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation	7.8
2018-08-22	CVE-2018-10845	It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.	Ubuntu_linux, Debian_linux, Fedora, Gnutls, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation	5.9
2018-08-22	CVE-2018-10846	A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.	Ubuntu_linux, Debian_linux, Fedora, Gnutls, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation	5.6
2018-09-10	CVE-2018-14625	A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.	Ubuntu_linux, Debian_linux, Linux_kernel	7.0
2018-09-10	CVE-2016-7056	A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.	Ubuntu_linux, Debian_linux, Openssl, Enterprise_linux	5.5
2018-09-25	CVE-2018-14634	An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.	Ubuntu_linux, Linux_kernel, Active_iq_performance_analytics_services, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation	7.8
2018-10-16	CVE-2018-10839	Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.	Ubuntu_linux, Debian_linux, Qemu	6.5
2018-10-31	CVE-2016-6328	A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications' private data).	Ubuntu_linux, Debian_linux, Libexif	8.1