Vulnerabilities > Canonical

DATE CVE VULNERABILITY TITLE RISK
2018-02-19 CVE-2018-5379 Double Free vulnerability in multiple products
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes.
network
low complexity
quagga debian canonical redhat siemens CWE-415
critical
 9.8
9.8
2018-02-19 CVE-2018-5378 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid.
network
high complexity
quagga debian canonical CWE-119
5.9
5.9
2018-02-16 CVE-2018-1049 Race Condition vulnerability in multiple products
In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang.
network
high complexity
systemd-project redhat canonical debian CWE-362
5.9
5.9
2018-02-16 CVE-2017-18190 Authentication Bypass by Spoofing vulnerability in multiple products
A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding.
network
low complexity
apple debian canonical CWE-290
7.5
7.5
2018-02-15 CVE-2018-7054 Use After Free vulnerability in multiple products
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1.
network
low complexity
irssi canonical debian CWE-416
critical
 9.8
9.8
2018-02-15 CVE-2018-7053 Use After Free vulnerability in multiple products
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1.
network
low complexity
irssi debian canonical CWE-416
critical
 9.8
9.8
2018-02-15 CVE-2018-7052 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1.
network
low complexity
irssi canonical debian CWE-476
7.5
7.5
2018-02-15 CVE-2018-7051 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1.
network
low complexity
irssi debian canonical CWE-125
7.5
7.5
2018-02-15 CVE-2018-7050 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1.
network
low complexity
irssi debian canonical CWE-476
7.5
7.5
2018-02-13 CVE-2018-6954 Link Following vulnerability in multiple products
systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink.
local
low complexity
systemd-project canonical opensuse CWE-59
7.8
7.8