Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Canonical)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-09-21 | CVE-2017-14633 | In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis(). | Ubuntu_linux, Debian_linux, Libvorbis | 6.5 | ||
| 2017-09-21 | CVE-2017-14632 | Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184. | Ubuntu_linux, Debian_linux, Libvorbis | 9.8 | ||
| 2018-09-05 | CVE-2018-13259 | An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one. | Ubuntu_linux, Zsh | 9.8 | ||
| 2018-09-05 | CVE-2018-0502 | An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line. | Ubuntu_linux, Zsh | 9.8 | ||
| 2018-02-27 | CVE-2017-18206 | In utils.c in zsh before 5.4, symlink expansion had a buffer overflow. | Ubuntu_linux, Zsh | 9.8 | ||
| 2018-08-05 | CVE-2018-14938 | An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handle_prism during caplen processing. If the caplen is less than 144, one can cause an integer overflow in the function handle_80211, which will result in an out-of-bounds read and may allow access to sensitive memory (or a denial of service). | Ubuntu_linux, Tcpflow | 9.1 | ||
| 2018-12-02 | CVE-2018-19787 | An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-3146. | Ubuntu_linux, Debian_linux, Lxml | 6.1 | ||
| 2018-12-07 | CVE-2018-5800 | An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash. | Ubuntu_linux, Debian_linux, Libraw, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 6.5 | ||
| 2015-11-19 | CVE-2014-9756 | The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable. | Ubuntu_linux, Libsndfile, Leap, Opensuse | N/A | ||
| 2015-01-16 | CVE-2014-9496 | The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read. | Ubuntu_linux, Debian_linux, Libsndfile, Opensuse, Solaris | N/A |