Ubuntu_linux - Vulncode-DB

Date	Id	Summary	Products	Score
2018-07-26	CVE-2018-10881	A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.	Ubuntu_linux, Debian_linux, Linux_kernel, Enterprise_linux_desktop, Enterprise_linux_for_real_time, Enterprise_linux_for_real_time_for_nfv, Enterprise_linux_server, Enterprise_linux_workstation	5.5
2018-07-27	CVE-2018-10882	A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image.	Ubuntu_linux, Debian_linux, Linux_kernel, Enterprise_linux	5.5
2018-07-30	CVE-2016-9597	It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.	Ubuntu_linux, Debian_linux, Icewall_federation_agent, Icewall_file_manager, Leap, Libxml2	7.5
2018-07-30	CVE-2018-10883	A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.	Ubuntu_linux, Debian_linux, Linux_kernel, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation	5.5
2018-08-22	CVE-2018-10844	It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets.	Ubuntu_linux, Debian_linux, Fedora, Gnutls, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation	5.9
2018-08-21	CVE-2018-10902	It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.	Ubuntu_linux, Debian_linux, Linux_kernel, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation	7.8
2018-08-22	CVE-2018-10845	It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.	Ubuntu_linux, Debian_linux, Fedora, Gnutls, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation	5.9
2018-08-22	CVE-2018-10846	A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.	Ubuntu_linux, Debian_linux, Fedora, Gnutls, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation	5.6
2018-09-10	CVE-2018-14625	A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.	Ubuntu_linux, Debian_linux, Linux_kernel	7.0
2018-09-10	CVE-2016-7056	A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.	Ubuntu_linux, Debian_linux, Openssl, Enterprise_linux	5.5

Product: Ubuntu_linux (Canonical)

Product:
Ubuntu_linux
(Canonical)