Ubuntu_linux - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Ubuntu_linux
(Canonical)

Repositories

• https://github.com/torvalds/linux
• https://github.com/ImageMagick/ImageMagick
• https://github.com/LibRaw/LibRaw
• https://github.com/neomutt/neomutt
• https://github.com/xkbcommon/libxkbcommon

• https://github.com/file/file
• https://github.com/FreeRDP/FreeRDP
• https://github.com/kyz/libmspack
• https://github.com/gpac/gpac
• https://github.com/curl/curl
• https://github.com/krb5/krb5
• https://github.com/apache/httpd
• https://github.com/madler/zlib
• https://github.com/dbry/WavPack
• https://github.com/audreyt/module-signature
• https://github.com/tats/w3m
• https://github.com/libarchive/libarchive
• https://github.com/Perl/perl5
• https://github.com/libgd/libgd
• https://github.com/ntp-project/ntp
• https://github.com/LibVNC/libvncserver
• https://github.com/openvswitch/ovs
• https://github.com/newsoft/libvncserver
• https://github.com/rubygems/rubygems
• https://github.com/mm2/Little-CMS
• https://github.com/memcached/memcached
• https://github.com/erikd/libsndfile
• https://github.com/dosfstools/dosfstools
• https://github.com/php/php-src
• https://github.com/WebKit/webkit
• https://github.com/lxc/lxcfs
• https://github.com/bagder/curl
• https://github.com/vrtadmin/clamav-devel
• https://github.com/bcgit/bc-java
• git://git.openssl.org/openssl.git
• https://github.com/mdadams/jasper
• https://github.com/pyca/cryptography
• https://github.com/opencontainers/runc
• https://git.kernel.org/pub/scm/git/git.git
• https://github.com/openbsd/src
• https://github.com/openssh/openssh-portable
• https://github.com/openstack/glance
• https://github.com/mongodb/mongo-python-driver
• https://github.com/jpirko/libndp
• https://github.com/FFmpeg/FFmpeg
• https://github.com/requests/requests
• https://github.com/glennrp/libpng
• https://github.com/vim/vim
• https://github.com/rdoc/rdoc
• https://github.com/ansible/ansible
• https://github.com/hexchat/hexchat
• https://github.com/GNOME/pango
• https://github.com/stoth68000/media-tree
• https://github.com/ImageMagick/ImageMagick6
• https://github.com/kennethreitz/requests
• https://github.com/lxml/lxml
• https://github.com/beanshell/beanshell
• https://github.com/git/git
• https://github.com/libjpeg-turbo/libjpeg-turbo
• https://github.com/mysql/mysql-server
• https://github.com/dovecot/core
• https://github.com/openstack/nova-lxd
• https://github.com/apple/cups
• https://github.com/derickr/timelib
• https://git.savannah.gnu.org/git/patch.git
• https://github.com/puppetlabs/puppet
• https://github.com/lxc/lxc
• https://github.com/flori/json
• https://github.com/qpdf/qpdf
• https://github.com/TeX-Live/texlive-source
• https://github.com/liblouis/liblouis
• https://github.com/lavv17/lftp
• https://github.com/Cisco-Talos/clamav-devel
• https://github.com/moinwiki/moin-1.9
• https://github.com/libimobiledevice/libimobiledevice
• https://github.com/wikimedia/mediawiki
• https://github.com/kohler/t1utils
• https://github.com/khaledhosny/ots
• https://github.com/jmacd/xdelta-devel
• https://github.com/quassel/quassel
• https://github.com/openstack/nova

#Vulnerabilities

4109

Date	Id	Summary	Products	Score	Patch	Annotated
2018-10-29	CVE-2018-18710	An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658.	Ubuntu_linux, Debian_linux, Linux_kernel	5.5
2018-10-26	CVE-2018-18690	In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form.	Ubuntu_linux, Debian_linux, Linux_kernel	5.5
2018-10-25	CVE-2018-18653	The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows privileged local users to bypass intended Secure Boot restrictions and execute untrusted code by loading arbitrary kernel modules. This occurs because a modified kernel/module.c, in conjunction with certain configuration options, leads to mishandling of the result of signature verification.	Ubuntu_linux	7.8
2019-02-05	CVE-2018-18504	A crash and out-of-bounds read can occur when the buffer of a texture client is freed while it is still in use during graphic operations. This results is a potentially exploitable crash and the possibility of reading from the memory of the freed buffers. This vulnerability affects Firefox < 65.	Ubuntu_linux, Firefox	9.8
2019-02-05	CVE-2018-18503	When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatch in some situations. This vulnerability affects Firefox < 65.	Ubuntu_linux, Firefox	8.8
2019-02-05	CVE-2018-18502	Mozilla developers and community members reported memory safety bugs present in Firefox 64. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 65.	Ubuntu_linux, Firefox	9.8
2019-02-05	CVE-2018-18501	Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.	Ubuntu_linux, Debian_linux, Firefox, Firefox_esr, Thunderbird, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_workstation	9.8
2019-02-05	CVE-2018-18500	A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.	Ubuntu_linux, Debian_linux, Firefox, Firefox_esr, Thunderbird, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation	9.8
2019-02-28	CVE-2018-18494	A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.	Ubuntu_linux, Debian_linux, Firefox, Firefox_esr, Thunderbird, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation	6.5
2019-02-28	CVE-2018-18493	A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.	Ubuntu_linux, Debian_linux, Firefox, Firefox_esr, Thunderbird, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation	9.8