Canonical: >> Ubuntu Linux >> 17.10 Security Vulnerabilities
Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-05-31
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-05-30
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.
CVSS Score
7.8
EPSS Score
0.397
Published
2018-05-30
Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp.
CVSS Score
9.8
EPSS Score
0.014
Published
2018-05-29
The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex.
CVSS Score
5.5
EPSS Score
0.015
Published
2018-05-28
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-05-25
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.
CVSS Score
5.5
EPSS Score
0.005
Published
2018-05-24
curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0.
CVSS Score
9.8
EPSS Score
0.008
Published
2018-05-24
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0.
CVSS Score
9.1
EPSS Score
0.026
Published
2018-05-24
An issue was discovered in Liblouis 3.5.0. A invalid free in the compileRule function in compileTranslationTable.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
CVSS Score
9.8
EPSS Score
0.008
Published
2018-05-24