Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Canonical)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-05-05 | CVE-2016-3714 | The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick." | Ubuntu_linux, Debian_linux, Imagemagick, Leap, Opensuse, Suse_linux_enterprise_server | 8.4 | ||
| 2017-03-23 | CVE-2016-9388 | The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. | Ubuntu_linux, Jasper | 5.5 | ||
| 2017-03-27 | CVE-2016-9243 | HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size. | Ubuntu_linux, Cryptography, Fedora | 7.5 | ||
| 2024-01-08 | CVE-2021-3600 | It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code. | Ubuntu_linux, Fedora, Linux_kernel, Enterprise_linux | 7.8 | ||
| 2018-06-01 | CVE-2016-1000338 | In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure. | Legion\-Of\-The\-Bouncy\-Castle\-Java\-Crytography\-Api, Ubuntu_linux, 7\-Mode_transition_tool, Satellite, Satellite_capsule | 7.5 | ||
| 2017-05-23 | CVE-2016-9842 | The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. | Iphone_os, Mac_os_x, Tvos, Watchos, Ubuntu_linux, Debian_linux, Node\.js, Leap, Opensuse, Database_server, Jdk, Jre, Mysql, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation, Satellite, Zlib | 8.8 | ||
| 2023-08-14 | CVE-2023-40283 | An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled. | Ubuntu_linux, Debian_linux, Linux_kernel | 7.8 | ||
| 2023-09-06 | CVE-2023-3777 | A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances. We recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8. | Ubuntu_linux, Debian_linux, Linux_kernel | 7.8 | ||
| 2024-01-08 | CVE-2022-2585 | It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free. | Ubuntu_linux, Linux_kernel | 7.8 | ||
| 2024-01-08 | CVE-2022-2588 | It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0. | Ubuntu_linux, Linux_kernel | 7.8 |