Vulnerabilities > Canonical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-02 | CVE-2018-0499 | Cross-site Scripting vulnerability in multiple products A cross-site scripting vulnerability in queryparser/termgenerator_internal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet(). | 6.1 |
| 2018-07-01 | CVE-2018-13043 | Code Injection vulnerability in multiple products scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing. | 9.8 |
| 2018-06-29 | CVE-2018-10860 | Path Traversal vulnerability in multiple products perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. | 7.5 |
| 2018-06-29 | CVE-2018-13006 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in MP4Box in GPAC 0.7.1. | 9.8 |
| 2018-06-29 | CVE-2018-13005 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in MP4Box in GPAC 0.7.1. | 9.8 |
| 2018-06-28 | CVE-2018-12931 | Out-of-bounds Write vulnerability in multiple products ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem. | 7.8 |
| 2018-06-28 | CVE-2018-12930 | Out-of-bounds Write vulnerability in multiple products ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem. | 7.8 |
| 2018-06-28 | CVE-2018-12929 | Use After Free vulnerability in multiple products ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service (kernel oops or panic) via a crafted ntfs filesystem. | 5.5 |
| 2018-06-28 | CVE-2018-12928 | NULL Pointer Dereference vulnerability in multiple products In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. | 5.5 |
| 2018-06-27 | CVE-2018-12904 | In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL. | 4.9 |