National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~
There are 1,666 matching records.
Displaying matches 161 through 180.
Vuln ID Summary CVSS Severity
CVE-2018-5815

An integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file.

Published: December 07, 2018; 05:29:01 PM -05:00
V3.0: 6.5 MEDIUM
    V2: 7.1 HIGH
CVE-2018-5813

An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file.

Published: December 07, 2018; 05:29:01 PM -05:00
V3.0: 6.5 MEDIUM
    V2: 7.1 HIGH
CVE-2018-5812

An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to trigger a NULL pointer dereference.

Published: December 07, 2018; 05:29:01 PM -05:00
V3.0: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2018-5811

An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.

Published: December 07, 2018; 05:29:01 PM -05:00
V3.0: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2018-5810

An error within the "rollei_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.

Published: December 07, 2018; 05:29:01 PM -05:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2018-5807

An error within the "samsung_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.

Published: December 07, 2018; 05:29:00 PM -05:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2018-5802

An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.

Published: December 07, 2018; 05:29:00 PM -05:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2018-5801

An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.

Published: December 07, 2018; 05:29:00 PM -05:00
V3.0: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2018-5800

An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.

Published: December 07, 2018; 05:29:00 PM -05:00
V3.0: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-16910

An error within the "LibRaw::xtrans_interpolate()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of Service condition.

Published: December 07, 2018; 05:29:00 PM -05:00
V3.0: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-16909

An error related to the "LibRaw::panasonic_load_raw()" function (dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image.

Published: December 07, 2018; 05:29:00 PM -05:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2018-18314

Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

Published: December 07, 2018; 04:29:00 PM -05:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2018-18313

Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.

Published: December 07, 2018; 04:29:00 PM -05:00
V3.0: 9.1 CRITICAL
    V2: 6.4 MEDIUM
CVE-2018-18311

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

Published: December 07, 2018; 04:29:00 PM -05:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2018-9568

In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel.

Published: December 06, 2018; 09:29:01 AM -05:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2018-18312

Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

Published: December 05, 2018; 05:29:00 PM -05:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2018-19854

An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker does not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option).

Published: December 04, 2018; 11:29:00 AM -05:00
V3.0: 4.7 MEDIUM
    V2: 1.9 LOW
CVE-2018-19841

The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack.

Published: December 04, 2018; 04:29:00 AM -05:00
V3.0: 5.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2018-19840

The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.

Published: December 04, 2018; 04:29:00 AM -05:00
V3.0: 5.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2018-19824

In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.

Published: December 03, 2018; 12:29:00 PM -05:00
V3.0: 7.8 HIGH
    V2: 4.6 MEDIUM