Canonical Ubuntu Linux vulnerabilities

CVE-2018-8780 [CRITICAL] CWE-22 CVE-2018-8780: In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed.

CVE-2018-4118 [HIGH] CWE-119 CVE-2018-4118: An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 i An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (

CVE-2017-13885 [HIGH] CWE-119 CVE-2017-13885: An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of servi

CVE-2018-6914 [HIGH] CWE-22 CVE-2018-6914: Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2. Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument.

CVE-2018-4127 [HIGH] CWE-119 CVE-2018-4127: An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 i An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (

CVE-2017-13884 [HIGH] CWE-119 CVE-2017-13884: An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary

CVE-2018-4125 [HIGH] CWE-119 CVE-2018-4125: An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 i An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary cod

CVE-2018-8778 [HIGH] CWE-134 CVE-2018-8778: In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure.

CVE-2018-4122 [HIGH] CWE-119 CVE-2018-4122: An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 i An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary cod

CVE-2018-4088 [HIGH] CWE-119 CVE-2018-4088: An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13 An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "WebKit" component. It allows

CVE-2017-7161 [HIGH] CWE-77 CVE-2017-7161: An issue was discovered in certain Apple products. Safari before 11.0.2 is affected. The issue invol An issue was discovered in certain Apple products. Safari before 11.0.2 is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to execute arbitrary code via special characters that trigger command injection.

CVE-2018-4163 [HIGH] CWE-119 CVE-2018-4163: An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 i An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary cod

CVE-2018-4161 [HIGH] CWE-119 CVE-2018-4161: An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 i An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary cod

CVE-2018-8777 [HIGH] CWE-400 CVE-2018-8777: In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption).

CVE-2018-4129 [HIGH] CWE-119 CVE-2018-4129: An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 i An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary cod

CVE-2018-4165 [HIGH] CWE-119 CVE-2018-4165: An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 i An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (

CVE-2018-4162 [HIGH] CWE-119 CVE-2018-4162: An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 i An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary cod

CVE-2018-4120 [HIGH] CWE-119 CVE-2018-4120: An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 i An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (

CVE-2017-7165 [HIGH] CWE-119 CVE-2017-7165: An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary c

CVE-2018-9240 [HIGH] CWE-476 CVE-2018-9240: ncmpc through 0.29 is prone to a NULL pointer dereference flaw. If a user uses the chat screen and a ncmpc through 0.29 is prone to a NULL pointer dereference flaw. If a user uses the chat screen and another client sends a long chat message, a crash and denial of service could occur.