National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~
There are 1,638 matching records.
Displaying matches 161 through 180.
Vuln ID Summary CVSS Severity
CVE-2018-9568

In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel.

Published: December 06, 2018; 09:29:01 AM -05:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2018-18312

Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

Published: December 05, 2018; 05:29:00 PM -05:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2018-19854

An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker does not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option).

Published: December 04, 2018; 11:29:00 AM -05:00
V3.0: 4.7 MEDIUM
    V2: 1.9 LOW
CVE-2018-19841

The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack.

Published: December 04, 2018; 04:29:00 AM -05:00
V3.0: 5.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2018-19840

The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.

Published: December 04, 2018; 04:29:00 AM -05:00
V3.0: 5.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2018-19824

In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.

Published: December 03, 2018; 12:29:00 PM -05:00
V3.0: 7.8 HIGH
    V2: 4.6 MEDIUM
CVE-2018-19788

A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.

Published: December 03, 2018; 01:29:00 AM -05:00
V3.0: 8.8 HIGH
    V2: 9.0 HIGH
CVE-2018-19787

An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-3146.

Published: December 02, 2018; 05:29:00 AM -05:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2018-8789

FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault).

Published: November 29, 2018; 01:29:01 PM -05:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2018-8788

FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution.

Published: November 29, 2018; 01:29:00 PM -05:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2018-8787

FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution.

Published: November 29, 2018; 01:29:00 PM -05:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2018-8786

FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.

Published: November 29, 2018; 01:29:00 PM -05:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2018-16851

Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of 256MB. When this size is reached, the Samba process providing the LDAP service will follow the NULL pointer, terminating the process. There is no further vulnerability associated with this issue, merely a denial of service.

Published: November 28, 2018; 09:29:00 AM -05:00
V3.0: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2018-16841

Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(), terminating the KDC process.

Published: November 28, 2018; 09:29:00 AM -05:00
V3.0: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2018-14629

A denial of service vulnerability was discovered in Samba's LDAP server before versions 4.7.12, 4.8.7, and 4.9.3. A CNAME loop could lead to infinite recursion in the server. An unprivileged local attacker could create such an entry, leading to denial of service.

Published: November 28, 2018; 09:29:00 AM -05:00
V3.0: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2018-16862

A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one.

Published: November 26, 2018; 02:29:00 PM -05:00
V3.0: 5.5 MEDIUM
    V2: 2.1 LOW
CVE-2018-19543

An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c.

Published: November 25, 2018; 10:29:00 PM -05:00
V3.0: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2018-19541

An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jas_image_depalettize in libjasper/base/jas_image.c.

Published: November 25, 2018; 10:29:00 PM -05:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2018-19477

psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.

Published: November 23, 2018; 12:29:03 AM -05:00
V3.0: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2018-19476

psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.

Published: November 23, 2018; 12:29:03 AM -05:00
V3.0: 7.8 HIGH
    V2: 6.8 MEDIUM