Vulnerabilities > Canonical

DATE CVE VULNERABILITY TITLE RISK
2018-07-28 CVE-2018-14678 Improper Initialization vulnerability in multiple products
An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x.
local
low complexity
linux xen debian canonical CWE-665
7.8
7.8
2018-07-27 CVE-2017-15118 Out-of-bounds Write vulnerability in multiple products
A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process.
network
low complexity
qemu redhat canonical CWE-787
critical
 9.8
9.8
2018-07-27 CVE-2018-10882 A flaw was found in the Linux kernel's ext4 filesystem.
local
low complexity
linux debian canonical redhat
5.5
5.5
2018-07-27 CVE-2018-1056 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds heap buffer read flaw was found in the way advancecomp before 2.1-2018/02 handled processing of ZIP files.
local
low complexity
advancemame canonical debian CWE-125
7.8
7.8
2018-07-27 CVE-2017-15119 Resource Exhaustion vulnerability in multiple products
The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue.
network
low complexity
qemu canonical debian redhat CWE-400
8.6
8.6
2018-07-27 CVE-2018-14617 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in the Linux kernel through 4.17.10.
local
low complexity
linux debian canonical CWE-476
5.5
5.5
2018-07-27 CVE-2018-14609 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in the Linux kernel through 4.17.10.
local
low complexity
linux debian canonical CWE-476
5.5
5.5
2018-07-26 CVE-2017-18344 Out-of-bounds Read vulnerability in multiple products
The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read).
local
low complexity
linux canonical redhat CWE-125
5.5
5.5
2018-07-26 CVE-2015-9261 NULL Pointer Dereference vulnerability in multiple products
huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file.
local
low complexity
busybox debian canonical CWE-476
5.5
5.5
2018-07-26 CVE-2018-10881 A flaw was found in the Linux kernel's ext4 filesystem.
local
low complexity
debian canonical linux redhat
5.5
5.5