Canonical: >> Ubuntu Linux >> 16.04 Security Vulnerabilities
An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigger this vulnerability.
CVSS Score
5.9
EPSS Score
0.083
Published
2020-02-19
Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension.
CVSS Score
8.8
EPSS Score
0.165
Published
2020-02-17
ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-02-14
gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).
CVSS Score
7.5
EPSS Score
0.008
Published
2020-02-11
HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application.
CVSS Score
8.1
EPSS Score
0.021
Published
2020-02-11
Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories.
CVSS Score
4.2
EPSS Score
0.001
Published
2020-02-08
Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user.
CVSS Score
7.0
EPSS Score
0.001
Published
2020-02-08
Kevin Backhouse discovered an integer overflow in bson_ensure_space, as used in whoopsie.
CVSS Score
6.3
EPSS Score
0.001
Published
2020-02-08
Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling.
CVSS Score
3.3
EPSS Score
0.001
Published
2020-02-08
Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences.
CVSS Score
3.8
EPSS Score
0.001
Published
2020-02-08