Vulnerabilities > Canonical

DATE CVE VULNERABILITY TITLE RISK
2018-07-27 CVE-2017-15118 Out-of-bounds Write vulnerability in multiple products
A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process.
network
low complexity
qemu redhat canonical CWE-787
critical
 9.8
9.8
2018-07-27 CVE-2018-10882 A flaw was found in the Linux kernel's ext4 filesystem.
local
low complexity
linux debian canonical redhat
5.5
5.5
2018-07-27 CVE-2018-1056 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds heap buffer read flaw was found in the way advancecomp before 2.1-2018/02 handled processing of ZIP files.
local
low complexity
advancemame canonical debian CWE-125
7.8
7.8
2018-07-27 CVE-2017-15119 Resource Exhaustion vulnerability in multiple products
The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue.
network
low complexity
qemu canonical debian redhat CWE-400
8.6
8.6
2018-07-27 CVE-2018-14617 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in the Linux kernel through 4.17.10.
local
low complexity
linux debian canonical CWE-476
5.5
5.5
2018-07-27 CVE-2018-14609 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in the Linux kernel through 4.17.10.
local
low complexity
linux debian canonical CWE-476
5.5
5.5
2018-07-26 CVE-2017-18344 Out-of-bounds Read vulnerability in multiple products
The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read).
local
low complexity
linux canonical redhat CWE-125
5.5
5.5
2018-07-26 CVE-2015-9261 NULL Pointer Dereference vulnerability in multiple products
huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file.
local
low complexity
busybox debian canonical CWE-476
5.5
5.5
2018-07-26 CVE-2018-10881 A flaw was found in the Linux kernel's ext4 filesystem.
local
low complexity
debian canonical linux redhat
5.5
5.5
2018-07-26 CVE-2018-10879 A flaw was found in the Linux kernel's ext4 filesystem.
local
low complexity
canonical linux debian redhat
7.8
7.8