Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Canonical)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-12-07 | CVE-2018-19931 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted. | Ubuntu_linux, Binutils, Vasa_provider | 7.8 | ||
| 2018-12-07 | CVE-2018-18311 | Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. | Mac_os_x, Ubuntu_linux, Debian_linux, Fedora, Web_gateway, E\-Series_santricity_os_controller, Snap_creator_framework, Snapcenter, Snapdriver, Perl, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openshift_container_platform | 9.8 | ||
| 2018-12-07 | CVE-2018-18313 | Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory. | Mac_os_x, Ubuntu_linux, Debian_linux, E\-Series_santricity_os_controller, Snap_creator_framework, Snapcenter, Snapdrive, Perl, Enterprise_linux | 9.1 | ||
| 2018-12-07 | CVE-2018-18314 | Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations. | Ubuntu_linux, Debian_linux, E\-Series_santricity_os_controller, Snap_creator_framework, Snapcenter, Snapdrive, Perl, Enterprise_linux | 9.8 | ||
| 2018-12-11 | CVE-2018-18356 | An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Ubuntu_linux, Debian_linux, Chrome, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 8.8 | ||
| 2018-12-12 | CVE-2018-16867 | A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lead do DoS scenario OR possibly lead to code execution on the host. | Ubuntu_linux, Fedora, Qemu | 7.8 | ||
| 2018-12-12 | CVE-2018-20102 | An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-initialized part of the buffer, possibly accessing anything that was left on the stack, or even past the end of the 8193-byte buffer, depending on the value of accepted_payload_size. | Ubuntu_linux, Haproxy, Openshift_container_platform | 7.5 | ||
| 2018-12-12 | CVE-2018-20103 | An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaustion. | Ubuntu_linux, Haproxy, Openshift_container_platform | 7.5 | ||
| 2018-12-13 | CVE-2018-19364 | hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome. | Ubuntu_linux, Debian_linux, Fedora, Leap, Qemu | 5.5 | ||
| 2018-12-13 | CVE-2018-19489 | v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming. | Ubuntu_linux, Debian_linux, Fedora, Leap, Qemu | 4.7 |