Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Canonical)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-05-08 | CVE-2018-8897 | A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs),... | Mac_os_x, Ubuntu_linux, Xenserver, Debian_linux, Freebsd, Enterprise_linux_server, Enterprise_linux_workstation, Enterprise_virtualization_manager, Diskstation_manager, Skynas, Xen | 7.8 | ||
| 2018-03-28 | CVE-2018-8885 | screenresolution-mechanism in screen-resolution-extra 0.17.2 does not properly use the PolicyKit D-Bus API, which allows local users to bypass intended access restrictions by leveraging a race condition via a setuid or pkexec process that is mishandled in a PolicyKitService._check_permission call. | Screen\-Resolution\-Extra, Ubuntu_linux | 7.0 | ||
| 2018-03-10 | CVE-2018-8043 | The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference). | Ubuntu_linux, Linux_kernel | 5.5 | ||
| 2018-03-08 | CVE-2018-7755 | An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR. | Ubuntu_linux, Linux_kernel | 5.5 | ||
| 2018-03-07 | CVE-2018-7752 | GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps function in media_tools/av_parsers.c, a different vulnerability than CVE-2018-1000100. | Ubuntu_linux, Debian_linux, Gpac | 7.8 | ||
| 2018-03-07 | CVE-2018-7740 | The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call. | Ubuntu_linux, Debian_linux, Linux_kernel, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Virtualization_host | 5.5 | ||
| 2018-02-27 | CVE-2018-7549 | In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. | Ubuntu_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Zsh | 7.5 | ||
| 2018-02-27 | CVE-2018-7548 | In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result. | Ubuntu_linux, Zsh | 9.8 | ||
| 2018-03-09 | CVE-2018-7537 | An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable. | Ubuntu_linux, Debian_linux, Django | 5.3 | ||
| 2018-02-26 | CVE-2018-7492 | A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST. | Ubuntu_linux, Debian_linux, Linux_kernel | 5.5 |