Vulnerabilities > Canonical

DATE CVE VULNERABILITY TITLE RISK
2018-11-15 CVE-2018-5407 Information Exposure Through Discrepancy vulnerability in multiple products
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. 		4.7
4.7
2018-11-15 CVE-2018-18954 Out-of-bounds Write vulnerability in multiple products
The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory.
local
low complexity
qemu canonical opensuse CWE-787
5.5
5.5
2018-11-14 CVE-2018-17466 Out-of-bounds Read vulnerability in multiple products
Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
network
low complexity
google redhat debian canonical CWE-125
8.8
8.8
2018-11-13 CVE-2018-16850 SQL Injection vulnerability in multiple products
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ...
network
low complexity
postgresql redhat canonical CWE-89
critical
 9.8
9.8
2018-11-12 CVE-2018-19210 NULL Pointer Dereference vulnerability in multiple products
In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset.
network
low complexity
libtiff debian canonical CWE-476
6.5
6.5
2018-11-10 CVE-2018-19149 NULL Pointer Dereference vulnerability in multiple products
Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.
network
low complexity
freedesktop canonical CWE-476
6.5
6.5
2018-11-08 CVE-2018-19108 Infinite Loop vulnerability in multiple products
In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file.
network
low complexity
exiv2 debian redhat canonical CWE-835
6.5
6.5
2018-11-08 CVE-2018-19107 Integer Overflow or Wraparound vulnerability in multiple products
In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file.
network
low complexity
exiv2 debian redhat canonical CWE-190
6.5
6.5
2018-11-07 CVE-2018-19060 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in Poppler 0.71.0.
network
low complexity
freedesktop canonical CWE-476
6.5
6.5
2018-11-07 CVE-2018-19059 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in Poppler 0.71.0.
network
low complexity
freedesktop canonical CWE-125
6.5
6.5