Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Canonical)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-01-16 | CVE-2018-5711 | gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx. | Ubuntu_linux, Debian_linux, Php | 5.5 | ||
| 2018-01-17 | CVE-2018-5764 | The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism. | Ubuntu_linux, Debian_linux, Rsync | 7.5 | ||
| 2018-01-21 | CVE-2016-10708 | sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. | Ubuntu_linux, Debian_linux, Cloud_backup, Clustered_data_ontap, Data_ontap, Data_ontap_edge, Oncommand_unified_manager, Service_processor, Storagegrid, Storagegrid_webscale, Vasa_provider, Openssh | 7.5 | ||
| 2018-01-23 | CVE-2018-5950 | Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL. | Ubuntu_linux, Debian_linux, Mailman, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 6.1 | ||
| 2018-05-31 | CVE-2018-5388 | In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket. | Ubuntu_linux, Debian_linux, Strongswan | 6.5 | ||
| 2018-01-31 | CVE-2017-18043 | Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash). | Ubuntu_linux, Debian_linux, Qemu | 5.5 | ||
| 2018-02-09 | CVE-2016-10712 | In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a "$uri = stream_get_meta_data(fopen($file, "r"))['uri']" call mishandles the case where $file is data:text/plain;uri=eviluri, -- in other words, metadata can be set by an attacker. | Ubuntu_linux, Php | 7.5 | ||
| 2018-02-13 | CVE-2018-6954 | systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on. | Ubuntu_linux, Leap, Systemd | 7.8 | ||
| 2018-03-06 | CVE-2018-7728 | An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FileHandlers/TIFF_Handler.cpp mishandles a case of a zero length, leading to a heap-based buffer over-read in the MD5Update() function in third-party/zuid/interfaces/MD5.cpp. | Ubuntu_linux, Debian_linux, Exempi | 5.5 | ||
| 2018-03-06 | CVE-2018-7729 | An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the PostScript_MetaHandler::ParsePSFile() function in XMPFiles/source/FileHandlers/PostScript_Handler.cpp. | Ubuntu_linux, Exempi | 5.5 |