Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Canonical)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-10-18 | CVE-2018-12367 | In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could be used as a precision timer. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61. | Ubuntu_linux, Debian_linux, Firefox, Firefox_esr, Thunderbird | 4.3 | ||
| 2018-10-18 | CVE-2018-12361 | An integer overflow can occur in the SwizzleData code while calculating buffer sizes. The overflowed value is used for subsequent graphics computations when their inputs are not sanitized which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61. | Ubuntu_linux, Debian_linux, Firefox, Firefox_esr, Thunderbird | 8.8 | ||
| 2018-10-18 | CVE-2018-12359 | A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. | Ubuntu_linux, Debian_linux, Firefox, Firefox_esr, Thunderbird, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 8.8 | ||
| 2018-10-18 | CVE-2018-12358 | Service workers can use redirection to avoid the tainting of cross-origin resources in some instances, allowing a malicious site to read responses which are supposed to be opaque. This vulnerability affects Firefox < 61. | Ubuntu_linux, Firefox | 4.3 | ||
| 2018-06-01 | CVE-2018-11656 | In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file. | Ubuntu_linux, Imagemagick | 6.5 | ||
| 2018-06-01 | CVE-2018-11655 | In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function GetImagePixelCache in MagickCore/cache.c, which allows attackers to cause a denial of service via a crafted CALS image file. | Ubuntu_linux, Imagemagick | 6.5 | ||
| 2018-05-31 | CVE-2018-11625 | In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file allows attackers to cause a heap-based buffer over-read via a crafted file. | Ubuntu_linux, Imagemagick | 8.8 | ||
| 2018-05-30 | CVE-2018-11577 | Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c. | Ubuntu_linux, Liblouis, Leap | 8.8 | ||
| 2018-05-28 | CVE-2018-11508 | The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex. | Ubuntu_linux, Linux_kernel | 5.5 | ||
| 2018-05-24 | CVE-2018-11412 | In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode. | Ubuntu_linux, Linux_kernel | 5.9 |