Total
4161 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16151 | 3 Canonical, Debian, Strongswan | 3 Ubuntu Linux, Debian Linux, Strongswan | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in the same version of strongSwan regarding digestAlgorithm.parameters, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. | |||||
| CVE-2018-16140 | 2 Canonical, Fig2dev Project | 2 Ubuntu Linux, Fig2dev | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7a allows an attacker to write prior to the beginning of the buffer via a crafted .fig file. | |||||
| CVE-2018-16062 | 5 Canonical, Debian, Elfutils Project and 2 more | 7 Ubuntu Linux, Debian Linux, Elfutils and 4 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. | |||||
| CVE-2018-15911 | 5 Artifex, Canonical, Debian and 2 more | 11 Ghostscript, Gpl Ghostscript, Ubuntu Linux and 8 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code. | |||||
| CVE-2018-15910 | 5 Artifex, Canonical, Debian and 2 more | 9 Ghostscript, Gpl Ghostscript, Ubuntu Linux and 6 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code. | |||||
| CVE-2018-15909 | 5 Artifex, Canonical, Debian and 2 more | 11 Ghostscript, Gpl Ghostscript, Ubuntu Linux and 8 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code. | |||||
| CVE-2018-15908 | 4 Artifex, Canonical, Debian and 1 more | 8 Ghostscript, Ubuntu Linux, Debian Linux and 5 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files. | |||||
| CVE-2018-15864 | 2 Canonical, Xkbcommon | 3 Ubuntu Linux, Libxkbcommon, Xkbcommon | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created. | |||||
| CVE-2018-15863 | 2 Canonical, Xkbcommon | 3 Ubuntu Linux, Libxkbcommon, Xkbcommon | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression. | |||||
| CVE-2018-15862 | 2 Canonical, Xkbcommon | 3 Ubuntu Linux, Libxkbcommon, Xkbcommon | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers. | |||||
| CVE-2018-15861 | 2 Canonical, Xkbcommon | 3 Ubuntu Linux, Libxkbcommon, Xkbcommon | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure. | |||||
| CVE-2018-15859 | 2 Canonical, Xkbcommon | 3 Ubuntu Linux, Libxkbcommon, Xkbcommon | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled. | |||||
| CVE-2018-15858 | 2 Canonical, Xkbcommon | 3 Ubuntu Linux, Libxkbcommon, Xkbcommon | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file. | |||||
| CVE-2018-15857 | 2 Canonical, Xkbcommon | 3 Ubuntu Linux, Libxkbcommon, Xkbcommon | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file. | |||||
| CVE-2018-15856 | 2 Canonical, Xkbcommon | 2 Ubuntu Linux, Xkbcommon | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An infinite loop when reaching EOL unexpectedly in compose/parser.c (aka the keymap parser) in xkbcommon before 0.8.1 could be used by local attackers to cause a denial of service during parsing of crafted keymap files. | |||||
| CVE-2018-15855 | 2 Canonical, Xkbcommon Project | 2 Ubuntu Linux, Xkbcommon | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled. | |||||
| CVE-2018-15854 | 2 Canonical, Xkbcommon Project | 2 Ubuntu Linux, Xkbcommon | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly. | |||||
| CVE-2018-15853 | 2 Canonical, Xkbcommon | 3 Ubuntu Linux, Libxkbcommon, Xkbcommon | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation. | |||||
| CVE-2018-15822 | 3 Canonical, Debian, Ffmpeg | 3 Ubuntu Linux, Debian Linux, Ffmpeg | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure. | |||||
| CVE-2018-15688 | 4 Canonical, Debian, Redhat and 1 more | 9 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 6 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239. | |||||