Vulnerabilities > Canonical

DATE CVE VULNERABILITY TITLE RISK
2018-08-25 CVE-2018-15854 NULL Pointer Dereference vulnerability in multiple products
Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly.
local
low complexity
xkbcommon-project canonical CWE-476
5.5
5.5
2018-08-25 CVE-2018-15853 Resource Exhaustion vulnerability in multiple products
Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation.
local
low complexity
xkbcommon canonical CWE-400
5.5
5.5
2018-08-24 CVE-2018-15120 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.
network
low complexity
gnome canonical CWE-119
6.5
6.5
2018-08-24 CVE-2018-14600 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in libX11 through 1.6.5.
network
low complexity
x-org debian canonical CWE-787
critical
 9.8
9.8
2018-08-24 CVE-2018-14599 Off-by-one Error vulnerability in multiple products
An issue was discovered in libX11 through 1.6.5.
network
low complexity
x-org debian canonical fedoraproject redhat CWE-193
critical
 9.8
9.8
2018-08-24 CVE-2018-14598 Improper Input Validation vulnerability in multiple products
An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5.
network
low complexity
x-org debian canonical fedoraproject CWE-20
7.5
7.5
2018-08-23 CVE-2018-15822 Reachable Assertion vulnerability in multiple products
The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure.
network
low complexity
ffmpeg debian canonical CWE-617
7.5
7.5
2018-08-22 CVE-2018-10919 Information Exposure vulnerability in multiple products
The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks.
network
low complexity
canonical debian samba CWE-200
6.5
6.5
2018-08-22 CVE-2018-10918 NULL Pointer Dereference vulnerability in multiple products
A null pointer dereference flaw was found in the way samba checked database outputs from the LDB database layer.
network
low complexity
canonical samba CWE-476
6.5
6.5
2018-08-22 CVE-2018-10858 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing.
network
low complexity
debian canonical samba redhat CWE-119
8.8
8.8