Filtered by vendor Canonical Subscriptions
Total 4218 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-20481 4 Canonical, Debian, Freedesktop and 1 more 4 Ubuntu Linux, Debian Linux, Poppler and 1 more 2024-11-21 N/A
XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.
CVE-2018-20467 5 Canonical, Debian, Imagemagick and 2 more 5 Ubuntu Linux, Debian Linux, Imagemagick and 2 more 2024-11-21 6.5 Medium
In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.
CVE-2018-20216 2 Canonical, Qemu 2 Ubuntu Linux, Qemu 2024-11-21 7.5 High
QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not checked (and -1 is mishandled).
CVE-2018-20191 3 Canonical, Fedoraproject, Qemu 3 Ubuntu Linux, Fedora, Qemu 2024-11-21 7.5 High
hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference).
CVE-2018-20185 3 Canonical, Debian, Graphicsmagick 3 Ubuntu Linux, Debian Linux, Graphicsmagick 2024-11-21 5.3 Medium
In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits.
CVE-2018-20169 4 Canonical, Debian, Linux and 1 more 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more 2024-11-21 6.8 Medium
An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.
CVE-2018-20126 3 Canonical, Opensuse, Qemu 3 Ubuntu Linux, Leap, Qemu 2024-11-21 5.5 Medium
hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled.
CVE-2018-20125 2 Canonical, Qemu 2 Ubuntu Linux, Qemu 2024-11-21 7.5 High
hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of service (NULL pointer dereference or excessive memory allocation) in create_cq_ring or create_qp_rings.
CVE-2018-20124 2 Canonical, Qemu 2 Ubuntu Linux, Qemu 2024-11-21 5.5 Medium
hw/rdma/rdma_backend.c in QEMU allows guest OS users to trigger out-of-bounds access via a PvrdmaSqWqe ring element with a large num_sge value.
CVE-2018-20123 3 Canonical, Fedoraproject, Qemu 3 Ubuntu Linux, Fedora, Qemu 2024-11-21 5.5 Medium
pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak after an initialisation error.
CVE-2018-20103 3 Canonical, Haproxy, Redhat 5 Ubuntu Linux, Haproxy, Openshift and 2 more 2024-11-21 N/A
An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaustion.
CVE-2018-20102 3 Canonical, Haproxy, Redhat 5 Ubuntu Linux, Haproxy, Openshift and 2 more 2024-11-21 N/A
An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-initialized part of the buffer, possibly accessing anything that was left on the stack, or even past the end of the 8193-byte buffer, depending on the value of accepted_payload_size.
CVE-2018-20024 3 Canonical, Debian, Libvnc Project 3 Ubuntu Linux, Debian Linux, Libvncserver 2024-11-21 N/A
LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains null pointer dereference in VNC client code that can result DoS.
CVE-2018-20023 3 Canonical, Debian, Libvnc Project 3 Ubuntu Linux, Debian Linux, Libvncserver 2024-11-21 N/A
LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR
CVE-2018-20022 3 Canonical, Debian, Libvnc Project 3 Ubuntu Linux, Debian Linux, Libvncserver 2024-11-21 N/A
LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR
CVE-2018-20021 3 Canonical, Debian, Libvnc Project 3 Ubuntu Linux, Debian Linux, Libvncserver 2024-11-21 N/A
LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835: Infinite loop vulnerability in VNC client code. Vulnerability allows attacker to consume excessive amount of resources like CPU and RAM
CVE-2018-20020 3 Canonical, Debian, Libvnc Project 3 Ubuntu Linux, Debian Linux, Libvncserver 2024-11-21 N/A
LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside structure in VNC client code that can result remote code execution
CVE-2018-20019 4 Canonical, Debian, Libvnc Project and 1 more 15 Ubuntu Linux, Debian Linux, Libvncserver and 12 more 2024-11-21 9.8 Critical
LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result remote code execution
CVE-2018-1336 4 Apache, Canonical, Debian and 1 more 12 Tomcat, Ubuntu Linux, Debian Linux and 9 more 2024-11-21 7.5 High
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.
CVE-2018-1333 4 Apache, Canonical, Netapp and 1 more 7 Http Server, Ubuntu Linux, Cloud Backup and 4 more 2024-11-21 N/A
By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33).