Canonical Ubuntu Linux vulnerabilities

4,102 known vulnerabilities affecting canonical/ubuntu_linux.

Total CVEs

4,102

CISA KEV

actively exploited

Public exploits

271

Exploited in wild

Severity breakdown

CRITICAL545HIGH1396MEDIUM1945LOW216

Vulnerabilities

Page 111 of 206

CVE-2018-2612MEDIUMCVSS 6.5v14.04v16.04+1 more2018-01-18

CVE-2018-2612 [MEDIUM] CVE-2018-2612: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versio Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauth

nvd

CVE-2018-2634MEDIUMCVSS 6.8v14.04v16.04+1 more2018-01-18

CVE-2018-2634 [MEDIUM] CVE-2018-2634: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JGSS). Sup Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vuln

nvd

CVE-2018-2665MEDIUMCVSS 6.5v12.04v14.04+2 more2018-01-18

CVE-2018-2665 [MEDIUM] CVE-2018-2665: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Suppo Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulner

nvd

CVE-2018-2629MEDIUMCVSS 5.3v14.04v16.04+1 more2018-01-18

CVE-2018-2629 [MEDIUM] CVE-2018-2629: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: J Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java S

nvd

CVE-2018-2582MEDIUMCVSS 6.5v16.04v17.102018-01-18

CVE-2018-2582 [MEDIUM] CVE-2018-2582: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks re

nvd

CVE-2018-2640MEDIUMCVSS 6.5v12.04v14.04+2 more2018-01-18

CVE-2018-2640 [MEDIUM] CVE-2018-2640: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Suppo Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulner

nvd

CVE-2018-2579LOWCVSS 3.7v14.04v16.04+1 more2018-01-18

CVE-2018-2579 [LOW] CVE-2018-2579: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: L Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java

nvd

CVE-2018-5764HIGHCVSS 7.5v14.04v16.04+1 more2018-01-17

CVE-2018-5764 [HIGH] CVE-2018-5764: The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.

nvd

CVE-2018-5711MEDIUMCVSS 5.5v14.04v16.04+1 more2018-01-16

CVE-2018-5711 [MEDIUM] CWE-681 CVE-2018-5711: gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.2 gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_

nvd

CVE-2018-5712MEDIUMCVSS 6.1v12.04v14.04+2 more2018-01-16

CVE-2018-5712 [MEDIUM] CWE-79 CVE-2018-5712: An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x be An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.

nvd

CVE-2018-5345HIGHCVSS 7.8v16.04v17.102018-01-12

CVE-2018-5345 [HIGH] CWE-787 CVE-2018-5345: A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attacker A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file.

nvd

CVE-2018-5344HIGHCVSS 7.8v12.04v14.04+2 more2018-01-12

CVE-2018-5344 [HIGH] CWE-362 CVE-2018-5344: In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact.

nvd

CVE-2017-18029MEDIUMCVSS 6.5v14.04v16.04+2 more2018-01-12

CVE-2017-18029 [MEDIUM] CWE-772 CVE-2017-18029: In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the function ReadMATImage in c In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.

nvd

CVE-2018-5358MEDIUMCVSS 6.5v14.04v16.04+2 more2018-01-12

CVE-2018-5358 [MEDIUM] CWE-772 CVE-2018-5358: ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes function in coders/json.c, as ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes function in coders/json.c, as demonstrated by the ReadPSDLayersInternal function in coders/psd.c.

nvd

CVE-2017-18028MEDIUMCVSS 6.5v14.04v16.04+2 more2018-01-12

CVE-2017-18028 [MEDIUM] CWE-770 CVE-2017-18028: In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was found in the function ReadTIFFImag In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allow remote attackers to cause a denial of service via a crafted file.

nvd

CVE-2017-18027MEDIUMCVSS 6.5v14.04v16.04+2 more2018-01-12

CVE-2017-18027 [MEDIUM] CWE-772 CVE-2017-18027: In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in co In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.

nvd

CVE-2018-5357MEDIUMCVSS 6.5v14.04v16.04+2 more2018-01-12

CVE-2018-5357 [MEDIUM] CWE-772 CVE-2018-5357: ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function in coders/dcm.c. ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function in coders/dcm.c.

nvd

CVE-2018-5332HIGHCVSS 7.8v12.04v14.04+2 more2018-01-11

CVE-2018-5332 [HIGH] CWE-787 CVE-2018-5332: In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c).

nvd

CVE-2018-5333MEDIUMCVSS 5.5PoCv12.04v14.04+2 more2018-01-11

CVE-2018-5333 [MEDIUM] CWE-476 CVE-2018-5333: In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference.

nvd

CVE-2017-15129MEDIUMCVSS 4.7v14.04v16.04+1 more2018-01-09

CVE-2017-15129 [MEDIUM] CWE-362 CVE-2017-15129: A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel befor A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an

nvd

← Previous111 / 206Next →