Ubuntu_linux - Vulncode-DB

Date	Id	Summary	Products	Score
2019-01-11	CVE-2018-16864	An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.	Ubuntu_linux, Debian_linux, Systemd, Communications_session_border_controller, Enterprise_communications_broker, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Virtualization	7.8
2018-09-10	CVE-2018-14625	A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.	Ubuntu_linux, Linux_kernel	7.0
2018-08-24	CVE-2018-14599	An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact.	Ubuntu_linux, Debian_linux, Fedora, Libx11	9.8
2018-08-24	CVE-2018-14598	An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault).	Ubuntu_linux, Debian_linux, Fedora, Libx11	7.5
2018-07-05	CVE-2018-12910	The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.	Ubuntu_linux, Debian_linux, Libsoup, Ansible_tower, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Openshift_container_platform	9.8
2018-06-08	CVE-2018-12020	mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.	Ubuntu, Ubuntu_linux, Debian_linux, Gnupg, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation	7.5
2018-09-25	CVE-2018-11763	In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.	Http_server, Ubuntu_linux, Storage_automation_store, Enterprise_manager_ops_center, Hospitality_guest_access, Instantis_enterprisetrack, Retail_xstore_point_of_service, Secure_global_desktop, Enterprise_linux	5.9
2018-06-11	CVE-2018-10360	The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.	Ubuntu_linux, File, Leap	6.5
2018-07-16	CVE-2018-0360	ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c.	Ubuntu_linux, Clamav, Debian_linux	5.5
2018-01-02	CVE-2017-1000422	Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution	Ubuntu_linux, Debian_linux, Gdk\-Pixbuf	8.8

Product: Ubuntu_linux (Canonical)

Product:
Ubuntu_linux
(Canonical)