U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:canonical:ubuntu_linux:16.04.4:*:*:*:lts:*:*:*
There are 8 matching records.
Displaying matches 1 through 8.
Vuln ID Summary CVSS Severity
CVE-2021-3493

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.

Published: April 17, 2021; 1:15:14 AM -0400 		V3.1: 7.8 HIGH
 V2.0: 7.2 HIGH
CVE-2021-3492

Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562.

Published: April 17, 2021; 1:15:13 AM -0400 		V3.1: 7.8 HIGH
 V2.0: 7.2 HIGH
CVE-2019-7582

The readBytes function in util/read.c in libming through 0.4.8 allows remote attackers to have unspecified impact via a crafted swf file that triggers a memory allocation failure.

Published: February 07, 2019; 1:29:00 PM -0500 		V3.0: 8.8 HIGH
 V2.0: 6.8 MEDIUM
CVE-2019-7581

The parseSWF_ACTIONRECORD function in util/parser.c in libming through 0.4.8 allows remote attackers to have unspecified impact via a crafted swf file that triggers a memory allocation failure, a different vulnerability than CVE-2018-7876.

Published: February 07, 2019; 1:29:00 PM -0500 		V3.0: 8.8 HIGH
 V2.0: 6.8 MEDIUM
CVE-2018-12931

ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.

Published: June 28, 2018; 10:29:00 AM -0400 		V3.0: 7.8 HIGH
 V2.0: 7.2 HIGH
CVE-2018-12930

ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.

Published: June 28, 2018; 10:29:00 AM -0400 		V3.0: 7.8 HIGH
 V2.0: 7.2 HIGH
CVE-2018-12929

ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service (kernel oops or panic) via a crafted ntfs filesystem.

Published: June 28, 2018; 10:29:00 AM -0400 		V3.0: 5.5 MEDIUM
 V2.0: 4.9 MEDIUM
CVE-2018-12928

In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. This can occur during a mount of a crafted hfs filesystem.

Published: June 28, 2018; 10:29:00 AM -0400 		V3.0: 5.5 MEDIUM
 V2.0: 4.9 MEDIUM