Ubuntu Linux
by Canonical
CVEs (1,886)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-15033 | Hig | 0.49 | 7.5 | 0.02 | Oct 5, 2017 | ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c. | ||
| CVE-2017-6362 | Hig | 0.49 | 7.5 | 0.05 | Sep 7, 2017 | Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors. | ||
| CVE-2015-1325 | Hig | 0.49 | 7.0 | 0.01 | Aug 25, 2017 | Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write… | ||
| CVE-2017-12836 | Hig | 0.49 | 7.5 | 0.06 | Aug 24, 2017 | CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar." | ||
| CVE-2011-5325 | Hig | 0.49 | 7.5 | 0.07 | Aug 7, 2017 | Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink. | ||
| CVE-2017-11591 | Hig | 0.49 | 7.5 | 0.03 | Jul 24, 2017 | There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. | ||
| CVE-2015-5300 | Hig | 0.49 | 7.5 | 0.09 | Jul 21, 2017 | The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up… | ||
| CVE-2017-1000050 | Hig | 0.49 | 7.5 | 0.03 | Jul 17, 2017 | JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service. | ||
| CVE-2015-5180 | Hig | 0.49 | 7.5 | 0.06 | Jun 27, 2017 | res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash). | ||
| CVE-2017-9022 | Hig | 0.49 | 7.5 | 0.02 | Jun 8, 2017 | The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate. | ||
| CVE-2017-7645 | Hig | 0.49 | 7.5 | 0.06 | Apr 18, 2017 | The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. | ||
| CVE-2016-6489 | Hig | 0.49 | 7.5 | 0.05 | Apr 14, 2017 | The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack. | ||
| CVE-2014-9851 | Hig | 0.49 | 7.5 | 0.04 | Mar 20, 2017 | ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash). | ||
| CVE-2014-9850 | Hig | 0.49 | 7.5 | 0.04 | Mar 20, 2017 | Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption). | ||
| CVE-2014-9849 | Hig | 0.49 | 7.5 | 0.04 | Mar 20, 2017 | The png coder in ImageMagick allows remote attackers to cause a denial of service (crash). | ||
| CVE-2014-9848 | Hig | 0.49 | 7.5 | 0.04 | Mar 20, 2017 | Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption). | ||
| CVE-2014-9842 | Hig | 0.49 | 7.5 | 0.04 | Mar 20, 2017 | Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. | ||
| CVE-2014-9854 | Hig | 0.49 | 7.5 | 0.04 | Mar 17, 2017 | coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image." | ||
| CVE-2017-6960 | Hig | 0.49 | 7.5 | 0.02 | Mar 17, 2017 | An issue was discovered in apng2gif 1.7. There is an integer overflow resulting in a heap-based buffer over-read, related to the load_apng function and the imagesize variable. | ||
| CVE-2016-10109 | Hig | 0.49 | 7.5 | 0.04 | Feb 23, 2017 | Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses "cardsList" after the handle has been released through the SCardReleaseContext function. |
- risk 0.49cvss 7.5epss 0.02
ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c.
- risk 0.49cvss 7.5epss 0.05
Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors.
- risk 0.49cvss 7.0epss 0.01
Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write…
- risk 0.49cvss 7.5epss 0.06
CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."
- risk 0.49cvss 7.5epss 0.07
Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.
- risk 0.49cvss 7.5epss 0.03
There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.
- risk 0.49cvss 7.5epss 0.09
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up…
- risk 0.49cvss 7.5epss 0.03
JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.
- risk 0.49cvss 7.5epss 0.06
res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).
- risk 0.49cvss 7.5epss 0.02
The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate.
- risk 0.49cvss 7.5epss 0.06
The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.
- risk 0.49cvss 7.5epss 0.05
The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.
- risk 0.49cvss 7.5epss 0.04
ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash).
- risk 0.49cvss 7.5epss 0.04
Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption).
- risk 0.49cvss 7.5epss 0.04
The png coder in ImageMagick allows remote attackers to cause a denial of service (crash).
- risk 0.49cvss 7.5epss 0.04
Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption).
- risk 0.49cvss 7.5epss 0.04
Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
- risk 0.49cvss 7.5epss 0.04
coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image."
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in apng2gif 1.7. There is an integer overflow resulting in a heap-based buffer over-read, related to the load_apng function and the imagesize variable.
- risk 0.49cvss 7.5epss 0.04
Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses "cardsList" after the handle has been released through the SCardReleaseContext function.
Page 16 of 95