Canonical Ubuntu Linux vulnerabilities

CVE-2018-7184 [HIGH] CVE-2018-7184: ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, whic ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix

CVE-2018-7185 [HIGH] CVE-2018-7185: The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of serv The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.

CVE-2018-7182 [HIGH] CWE-125 CVE-2018-7182: The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a den The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.

CVE-2018-1000100 [HIGH] CWE-119 CVE-2018-1000100: GPAC MP4Box version 0.7.1 and earlier contains a Buffer Overflow vulnerability in src/isomedia/avc_e GPAC MP4Box version 0.7.1 and earlier contains a Buffer Overflow vulnerability in src/isomedia/avc_ext.c lines 2417 to 2420 that can result in Heap chunks being modified, this could lead to RCE. This attack appear to be exploitable via an attacker supplied MP4 file that when run by the victim may result in RCE.

CVE-2018-7726 [MEDIUM] CWE-119 CVE-2018-7726: An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by the __zzip_parse_root_dir An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by the __zzip_parse_root_directory function of zip.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

CVE-2018-7725 [MEDIUM] CWE-119 CVE-2018-7725: An issue was discovered in ZZIPlib 0.13.68. An invalid memory address dereference was discovered in An issue was discovered in ZZIPlib 0.13.68. An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability causes an application crash, which leads to denial of service.

CVE-2018-7730 [MEDIUM] CWE-125 CVE-2018-7730: An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp, leading to a heap-based buffer over-read in the PSD_MetaHandler::CacheFileData() function.

CVE-2018-7729 [MEDIUM] CWE-125 CVE-2018-7729: An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the Post An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the PostScript_MetaHandler::ParsePSFile() function in XMPFiles/source/FileHandlers/PostScript_Handler.cpp.

CVE-2018-7728 [MEDIUM] CWE-125 CVE-2018-7728: An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FileHandlers/TIFF_Handler.cpp misha An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FileHandlers/TIFF_Handler.cpp mishandles a case of a zero length, leading to a heap-based buffer over-read in the MD5Update() function in third-party/zuid/interfaces/MD5.cpp.

CVE-2018-7731 [MEDIUM] CWE-476 CVE-2018-7731: An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FormatSupport/WEBP_Support.cpp does An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FormatSupport/WEBP_Support.cpp does not check whether a bitstream has a NULL value, leading to a NULL pointer dereference in the WEBP::VP8XChunk class.

CVE-2018-1000115 [HIGH] CWE-400 CVE-2018-1000115: Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplific Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via netwo

CVE-2018-1058 [HIGH] CWE-20 CVE-2018-1058: A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other us A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected.

CVE-2018-1066 [MEDIUM] CWE-476 CVE-2018-1066: The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencr The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery.

CVE-2017-15130 [MEDIUM] CWE-400 CVE-2017-15130: A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart.

CVE-2018-7584 [CRITICAL] CWE-119 CVE-2018-7584: In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string.

CVE-2017-18211 [CRITICAL] CWE-476 CVE-2017-18211: In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function saveBinaryC In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function saveBinaryCLProgram in magick/opencl.c because a program-lookup result is not checked, related to CacheOpenCLKernel.

CVE-2017-18209 [HIGH] CWE-476 CVE-2017-18209: In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ImageMagick 7.0.7, a NULL pointe In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ImageMagick 7.0.7, a NULL pointer dereference vulnerability occurs because a memory allocation result is not checked, related to GetOpenCLCacheDirectory.

CVE-2018-7550 [HIGH] CWE-125 CVE-2018-7550: The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest O The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.

CVE-2018-1304 [MEDIUM] CVE-2018-1304: The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly ha The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access

CVE-2018-7548 [CRITICAL] CWE-476 CVE-2018-7548: In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an emp In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result.