Vulnerabilities > Canonical

DATE CVE VULNERABILITY TITLE RISK
2018-03-09 CVE-2018-7995 Race Condition vulnerability in multiple products
Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck<cpu number> directory.
local
high complexity
linux canonical debian CWE-362
4.7
4.7
2018-03-09 CVE-2018-1071 zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function.
local
low complexity
zsh debian canonical redhat
5.5
5.5
2018-03-08 CVE-2018-7183 Out-of-bounds Write vulnerability in multiple products
Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.
network
low complexity
ntp freebsd canonical netapp CWE-787
critical
 9.8
9.8
2018-03-08 CVE-2018-7755 Information Exposure vulnerability in multiple products
An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7.
local
low complexity
linux canonical CWE-200
5.5
5.5
2018-03-07 CVE-2018-7752 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps function in media_tools/av_parsers.c, a different vulnerability than CVE-2018-1000100.
local
low complexity
gpac debian canonical CWE-119
7.8
7.8
2018-03-07 CVE-2018-7740 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call.
local
low complexity
linux redhat debian canonical CWE-119
5.5
5.5
2018-03-06 CVE-2018-7185 The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.
network
low complexity
ntp synology canonical netapp hpe oracle
7.5
7.5
2018-03-06 CVE-2018-7184 ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp.
network
low complexity
ntp synology slackware canonical netapp
7.5
7.5
2018-03-06 CVE-2018-7182 Out-of-bounds Read vulnerability in multiple products
The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.
network
low complexity
ntp canonical netapp CWE-125
7.5
7.5
2018-03-06 CVE-2018-7731 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in Exempi through 2.4.4.
local
low complexity
exempi-project canonical CWE-476
5.5
5.5