Search CVE reports

41841 – 41850 of 69503 results

Detailed view

Sort by:

CVE-2018-11761

Low priority

Needs evaluation

In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.

1 affected package

tika

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tika	Needs evaluation	Not affected	Not affected	Not affected	Needs evaluation

CVE-2018-17206

Medium priority

Fixed

An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding.

1 affected package

openvswitch

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openvswitch	—	—	—	—	Fixed

CVE-2018-17205

Medium priority

Fixed

An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be...

1 affected package

openvswitch

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openvswitch	—	—	—	—	Fixed

CVE-2018-17204

Medium priority

Fixed

An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has...

1 affected package

openvswitch

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openvswitch	—	—	—	—	Fixed

CVE-2018-17183

Medium priority

Fixed

Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code.

1 affected package

ghostscript

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ghostscript	—	—	—	—	Fixed

CVE-2018-17182

High priority

Some fixes available 20 of 22

An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain...

77 affected packages

linux, linux-aws, linux-aws-5.15, linux-aws-5.4, linux-aws-6.8...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
linux	—	Not affected	Not affected	Not affected	Fixed
linux-aws	—	Not affected	Not affected	Not affected	Fixed
linux-aws-5.15	—	Not in release	Not in release	Not affected	Not in release
linux-aws-5.4	—	Not in release	Not in release	Not in release	Not affected
linux-aws-6.8	—	Not in release	Not affected	Not in release	Not in release
linux-aws-fips	—	Not in release	Not affected	Not affected	Not affected
linux-aws-hwe	—	Not in release	Not in release	Not in release	Not in release
linux-azure	—	Not affected	Not affected	Not affected	Fixed
linux-azure-4.15	—	Not in release	Not in release	Not in release	Not affected
linux-azure-5.15	—	Not in release	Not in release	Not affected	Not in release
linux-azure-5.4	—	Not in release	Not in release	Not in release	Not affected
linux-azure-6.8	—	Not in release	Not affected	Not in release	Not in release
linux-azure-edge	—	Not in release	Not in release	Not in release	Not affected
linux-azure-fde	—	Not affected	Not affected	Ignored	Not in release
linux-azure-fde-5.15	—	Not in release	Not in release	Not affected	Not in release
linux-azure-fips	—	Not in release	Not affected	Not affected	Not affected
linux-bluefield	—	Not in release	Not in release	Not affected	Not in release
linux-euclid	—	—	—	—	Not in release
linux-fips	—	Not in release	Not affected	Not affected	Not affected
linux-flo	—	—	—	—	Not in release
linux-gcp	—	Not affected	Not affected	Not affected	Fixed
linux-gcp-4.15	—	Not in release	Not in release	Not in release	Not affected
linux-gcp-5.15	—	Not in release	Not in release	Not affected	Not in release
linux-gcp-5.4	—	Not in release	Not in release	Not in release	Not affected
linux-gcp-6.8	—	Not in release	Not affected	Not in release	Not in release
linux-gcp-fips	—	Not in release	Not affected	Not affected	Not affected
linux-gke	—	Not affected	Not affected	Ignored	Not in release
linux-gkeop	—	Not affected	Not affected	Not affected	Not in release
linux-gkeop-5.15	—	Not in release	Not in release	Not affected	Not in release
linux-goldfish	—	—	—	—	Not in release
linux-grouper	—	—	—	—	Not in release
linux-hwe	—	Not in release	Not in release	Not in release	Not affected
linux-hwe-5.15	—	Not in release	Not in release	Not affected	Not in release
linux-hwe-5.4	—	Not in release	Not in release	Not in release	Not affected
linux-hwe-6.8	—	Not in release	Not affected	Not in release	Not in release
linux-hwe-edge	—	Not in release	Not in release	Not in release	Not affected
linux-ibm	—	Not affected	Not affected	Not affected	Not in release
linux-ibm-5.15	—	Not in release	Not in release	Not affected	Not in release
linux-ibm-5.4	—	Not in release	Not in release	Not in release	Not affected
linux-intel	—	Not affected	Not in release	Not in release	Not in release
linux-intel-iot-realtime	—	Not in release	Not affected	Not in release	Not in release
linux-intel-iotg	—	Not in release	Not affected	Not in release	Not in release
linux-intel-iotg-5.15	—	Not in release	Not in release	Not affected	Not in release
linux-iot	—	Not in release	Not in release	Not affected	Not in release
linux-kvm	—	Not in release	Not affected	Not affected	Fixed
linux-lowlatency	—	Not affected	Not affected	Not in release	Not in release
linux-lowlatency-hwe-5.15	—	Not in release	Not in release	Not affected	Not in release
linux-lowlatency-hwe-6.8	—	Not in release	Not affected	Not in release	Not in release
linux-lts-trusty	—	—	—	—	Not in release
linux-lts-utopic	—	—	—	—	Not in release
linux-lts-vivid	—	—	—	—	Not in release
linux-lts-wily	—	—	—	—	Not in release
linux-lts-xenial	—	Not in release	Not in release	Not in release	Not in release
linux-maguro	—	—	—	—	Not in release
linux-mako	—	—	—	—	Not in release
linux-manta	—	—	—	—	Not in release
linux-nvidia	—	Not affected	Not affected	Not in release	Not in release
linux-nvidia-6.5	—	Not in release	Not affected	Not in release	Not in release
linux-nvidia-6.8	—	Not in release	Not affected	Not in release	Not in release
linux-nvidia-lowlatency	—	Not affected	Not in release	Not in release	Not in release
linux-oem	—	Not in release	Not in release	Not in release	Fixed
linux-oem-6.11	—	Not affected	Not in release	Not in release	Not in release
linux-oem-6.8	—	Not affected	Not in release	Not in release	Not in release
linux-oracle	—	Not affected	Not affected	Not affected	Not affected
linux-oracle-5.15	—	Not in release	Not in release	Not affected	Not in release
linux-oracle-5.4	—	Not in release	Not in release	Not in release	Not affected
linux-oracle-6.8	—	Not in release	Not affected	Not in release	Not in release
linux-raspi	—	Not affected	Not affected	Not affected	Not in release
linux-raspi-5.4	—	Not in release	Not in release	Not in release	Not affected
linux-raspi-realtime	—	Not affected	Not in release	Not in release	Not in release
linux-raspi2	—	Not in release	Not in release	Ignored	Fixed
linux-realtime	—	Not affected	Not affected	Not in release	Not in release
linux-riscv	—	Not affected	Ignored	Ignored	Not in release
linux-riscv-5.15	—	Not in release	Not in release	Not affected	Not in release
linux-riscv-6.8	—	Not in release	Not affected	Not in release	Not in release
linux-snapdragon	—	Not in release	Not in release	Not in release	Not affected
linux-xilinx-zynqmp	—	Not in release	Not affected	Not affected	Not in release

CVE-2018-16515

Medium priority

Some fixes available 1 of 2

Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.

1 affected package

matrix-synapse

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
matrix-synapse	—	—	Not affected	Not affected	Fixed

CVE-2018-13982

Medium priority

Some fixes available 1 of 2

Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the...

1 affected package

smarty3

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
smarty3	—	—	Not affected	Not affected	Fixed

CVE-2018-11832

Low priority

Not affected

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of input size validation before copying to buffer in PMIC function can lead to heap overflow.

24 affected packages

linux, linux-aws, linux-azure, linux-azure-edge, linux-euclid...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
linux	—	—	—	—	Not affected
linux-aws	—	—	—	—	Not affected
linux-azure	—	—	—	—	Not affected
linux-azure-edge	—	—	—	—	Not affected
linux-euclid	—	—	—	—	Not in release
linux-flo	—	—	—	—	Not in release
linux-gcp	—	—	—	—	Not affected
linux-gke	—	—	—	—	Not in release
linux-goldfish	—	—	—	—	Not in release
linux-grouper	—	—	—	—	Not in release
linux-hwe	—	—	—	—	Not affected
linux-hwe-edge	—	—	—	—	Not affected
linux-kvm	—	—	—	—	Not affected
linux-lts-trusty	—	—	—	—	Not in release
linux-lts-utopic	—	—	—	—	Not in release
linux-lts-vivid	—	—	—	—	Not in release
linux-lts-wily	—	—	—	—	Not in release
linux-lts-xenial	—	—	—	—	Not in release
linux-maguro	—	—	—	—	Not in release
linux-mako	—	—	—	—	Not in release
linux-manta	—	—	—	—	Not in release
linux-oem	—	—	—	—	Not affected
linux-raspi2	—	—	—	—	Not affected
linux-snapdragon	—	—	—	—	Not affected

CVE-2018-17175

Low priority

Some fixes available 1 of 2

In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose...

1 affected package

python-marshmallow

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python-marshmallow	Not affected	Not affected	Not affected	Not affected	Fixed

Export to JSON

Results by page: