Canonical Ubuntu Linux vulnerabilities

CVE-2018-1000122 [CRITICAL] CWE-125 CVE-2018-1000122: A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage

CVE-2018-1000120 [CRITICAL] CWE-787 CVE-2018-1000120: A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that al A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.

CVE-2018-1000121 [HIGH] CWE-476 CVE-2018-1000121: A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service

CVE-2018-1000127 [HIGH] CWE-190 CVE-2018-1000127: memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to the memcached service. This vulnerability appears to have been fixed in

CVE-2018-1057 [HIGH] CWE-863 CVE-2018-1057: On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers).

CVE-2018-1000097 [HIGH] CWE-119 CVE-2018-1000097: Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affe Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Failure to perform checking of the buffer containing input line. that can result in Could lead to code execution. This attack appear to be exploitable via Victim have to run

CVE-2018-1050 [MEDIUM] CWE-476 CVE-2018-1050: All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC s All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.

CVE-2018-8087 [MEDIUM] CWE-772 CVE-2018-8087: Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case.

CVE-2018-1000085 [MEDIUM] CWE-125 CVE-2018-1000085: ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR file. This vulnerability appears to have been fixed in after commi

CVE-2016-9600 [MEDIUM] CWE-476 CVE-2016-9600: JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded cr JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.

CVE-2018-7858 [MEDIUM] CWE-125 CVE-2018-7858: Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local g Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display.

CVE-2018-8043 [MEDIUM] CWE-476 CVE-2018-8043: The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15 The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference).

CVE-2018-1071 [MEDIUM] CWE-121 CVE-2018-1071: zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() fun zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service.

CVE-2018-7536 [MEDIUM] CWE-185 CVE-2018-7536: An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the u

CVE-2018-7995 [MEDIUM] CWE-362 CVE-2018-7995: Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the L Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck directory. NOTE: a third party has indicated that this re

CVE-2018-7537 [MEDIUM] CWE-185 CVE-2018-7537: An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If d An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods ar

CVE-2018-7183 [CRITICAL] CWE-787 CVE-2018-7183: Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote atta Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.

CVE-2018-7755 [MEDIUM] CWE-200 CVE-2018-7755: An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kerne An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kern

CVE-2018-7752 [HIGH] CVE-2018-7752: GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps function in media_tools/av_par GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps function in media_tools/av_parsers.c, a different vulnerability than CVE-2018-1000100.

CVE-2018-7740 [MEDIUM] CWE-119 CVE-2018-7740: The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call.