Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Canonical)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-12-28 | CVE-2018-20545 | There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 4bpp data. | Ubuntu_linux, Fedora, Libcaca, Leap | 8.8 | ||
| 2018-12-28 | CVE-2018-20546 | There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case. | Ubuntu_linux, Debian_linux, Fedora, Libcaca, Leap | 8.1 | ||
| 2018-12-28 | CVE-2018-20547 | There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for 24bpp data. | Ubuntu_linux, Debian_linux, Fedora, Libcaca, Leap | 8.1 | ||
| 2018-12-28 | CVE-2018-20548 | There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 1bpp data. | Ubuntu_linux, Fedora, Libcaca, Leap | 8.8 | ||
| 2018-12-28 | CVE-2018-20549 | There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca 0.99.beta19. | Ubuntu_linux, Debian_linux, Fedora, Libcaca, Leap | 8.8 | ||
| 2019-01-02 | CVE-2019-3500 | aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file. | Aria2, Ubuntu_linux, Debian_linux, Fedora | 7.8 | ||
| 2019-01-03 | CVE-2018-20662 | In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing. | Ubuntu_linux, Debian_linux, Fedora, Poppler, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 6.5 | ||
| 2019-01-09 | CVE-2019-3498 | In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content. | Ubuntu_linux, Debian_linux, Django, Fedora | 6.5 | ||
| 2019-01-11 | CVE-2018-4207 | In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. | Icloud, Iphone_os, Itunes, Safari, Tvos, Watchos, Ubuntu_linux, Webkitgtk\+ | 8.8 | ||
| 2019-01-11 | CVE-2018-4208 | In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. | Icloud, Iphone_os, Itunes, Safari, Tvos, Watchos, Ubuntu_linux, Webkitgtk\+ | 8.8 |