Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Canonical)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-09-27 | CVE-2019-16928 | Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command. | Ubuntu_linux, Debian_linux, Exim, Fedora | 9.8 | ||
| 2016-03-29 | CVE-2016-1646 | The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code. | Ubuntu_linux, Debian_linux, Chrome, Leap, Opensuse, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation, Package_hub | 8.8 | ||
| 2025-02-28 | CVE-2025-26466 | A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack. | Ubuntu_linux, Debian_linux, Openssh | N/A | ||
| 2019-07-09 | CVE-2019-13454 | ImageMagick 7.0.1-0 to 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c. | Ubuntu_linux, Debian_linux, Imagemagick, Leap | 6.5 | ||
| 2020-08-13 | CVE-2020-16297 | A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | Ghostscript, Ubuntu_linux, Debian_linux | 5.5 | ||
| 2020-08-13 | CVE-2020-16304 | A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to escalate privileges via a crafted eps file. This is fixed in v9.51. | Ghostscript, Ubuntu_linux, Debian_linux | 5.5 | ||
| 2020-08-13 | CVE-2020-16291 | A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | Ghostscript, Ubuntu_linux, Debian_linux | 5.5 | ||
| 2010-12-06 | CVE-2010-3904 | The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls. | Ubuntu_linux, Linux_kernel, Opensuse, Enterprise_linux, Linux_enterprise_desktop, Linux_enterprise_real_time_extension, Linux_enterprise_server, Esxi | 7.8 | ||
| 2021-04-17 | CVE-2021-3493 | The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges. | Ubuntu_linux | 7.8 | ||
| 2024-01-08 | CVE-2022-2586 | It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted. | Ubuntu_linux, Linux_kernel | 7.8 |