Canonical: >> Ubuntu Linux >> 16.04 Security Vulnerabilities
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.
CVSS Score
4.2
EPSS Score
0.0
Published
2018-07-26
libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.
CVSS Score
6.1
EPSS Score
0.027
Published
2018-07-26
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.
CVSS Score
6.5
EPSS Score
0.008
Published
2018-07-25
Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.
CVSS Score
5.5
EPSS Score
0.009
Published
2018-07-25
camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. The server code was intended to report an error and not proceed, but the code was written incorrectly.
CVSS Score
9.8
EPSS Score
0.011
Published
2018-07-20
ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-07-20
ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-07-20
ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-07-20
ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-07-20
Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated.
CVSS Score
5.3
EPSS Score
0.02
Published
2018-07-19