Canonical Ubuntu Linux vulnerabilities

CVE-2018-14851 [MEDIUM] CWE-125 CVE-2018-14851: exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x be exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.

CVE-2015-9262 [CRITICAL] CWE-119 CVE-2015-9262: _XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause deni _XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow.

CVE-2018-8034 [HIGH] CWE-295 CVE-2018-8034: The host name verification when using TLS with the WebSocket client was missing. It is now enabled b The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.

CVE-2018-10916 [MEDIUM] CWE-20 CVE-2018-10916: It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled FTP server, resulting in the removal of all files in the current worki

CVE-2017-7518 [HIGH] CWE-250 CVE-2017-7518: A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the tra A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux

CVE-2018-10903 [HIGH] CWE-20 CVE-2018-10903: A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passi

CVE-2016-9597 [HIGH] CVE-2016-9597: It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actua It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.

CVE-2018-10883 [MEDIUM] CWE-787 CVE-2018-10883: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds writ A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.

CVE-2018-14734 [HIGH] CWE-416 CVE-2018-14734: drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to ac drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free).

CVE-2018-14682 [HIGH] CWE-193 CVE-2018-14682: An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.

CVE-2018-14678 [HIGH] CWE-665 CVE-2018-14678: An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_ An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which allows local users to cause a denial of service (uninitialized memory usage and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can trigger a

CVE-2018-14681 [HIGH] CWE-787 CVE-2018-14681: An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KW An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.

CVE-2018-14679 [MEDIUM] CWE-193 CVE-2018-14679: An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).

CVE-2018-14680 [MEDIUM] CWE-20 CVE-2018-14680: An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.

CVE-2017-15118 [CRITICAL] CWE-121 CVE-2017-15118: A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2. A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overf

CVE-2017-15119 [HIGH] CWE-400 CVE-2017-15119: The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS.

CVE-2018-1056 [HIGH] CWE-122 CVE-2018-1056: An out-of-bounds heap buffer read flaw was found in the way advancecomp before 2.1-2018/02 handled p An out-of-bounds heap buffer read flaw was found in the way advancecomp before 2.1-2018/02 handled processing of ZIP files. An attacker could potentially use this flaw to crash the advzip utility by tricking it into processing crafted ZIP files.

CVE-2018-14609 [MEDIUM] CWE-476 CVE-2018-14609: An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in __del_reloc_root() in fs/btrfs/relocation.c when mounting a crafted btrfs image, related to removing reloc rb_trees when reloc control has not been initialized.

CVE-2018-14617 [MEDIUM] CWE-476 CVE-2018-14617: An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory.

CVE-2018-10882 [MEDIUM] CWE-787 CVE-2018-10882: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image.