Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Canonical)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-12-20 | CVE-2017-17786 | In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c (related to bgr2rgb.part.1) via an unexpected bits-per-pixel value for an RGBA image. | Ubuntu_linux, Debian_linux, Gimp | 7.8 | ||
| 2017-12-20 | CVE-2017-17787 | In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-psp.c. | Ubuntu_linux, Debian_linux, Gimp | 7.8 | ||
| 2017-12-20 | CVE-2017-17788 | In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\0' character after the version string. | Ubuntu_linux, Debian_linux, Gimp | 5.5 | ||
| 2017-12-20 | CVE-2017-17789 | In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c. | Ubuntu_linux, Debian_linux, Gimp | 7.8 | ||
| 2007-03-30 | CVE-2007-1349 | PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI. | Mod_perl, Ubuntu_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation, Satellite | N/A | ||
| 2008-05-29 | CVE-2008-1672 | OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference. | Ubuntu_linux, Openssl | N/A | ||
| 2017-01-30 | CVE-2015-7977 | ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command. | Ubuntu_linux, Debian_linux, Fedora, Freebsd, Clustered_data_ontap, Oncommand_balance, Ntp, Linux, Tim_4r\-Ie_dnp3_firmware, Tim_4r\-Ie_firmware | 5.9 | ||
| 2013-10-03 | CVE-2013-4327 | systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. | Ubuntu_linux, Debian_linux, Systemd | N/A | ||
| 2016-02-08 | CVE-2015-8539 | The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c. | Ubuntu_linux, Linux_kernel, Linux_enterprise_real_time_extension | 7.8 | ||
| 2016-04-27 | CVE-2016-2383 | The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information from kernel memory by creating a packet filter and then loading crafted BPF instructions. | Ubuntu_linux, Linux_kernel, Leap | 5.5 |