Vulnerabilities > Canonical

DATE CVE VULNERABILITY TITLE RISK
2018-02-13 CVE-2018-6951 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in GNU patch through 2.7.6.
network
low complexity
gnu canonical CWE-476
7.5
2018-02-13 CVE-2018-6942 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in FreeType 2 through 2.9.
network
low complexity
freetype canonical CWE-476
6.5
2018-02-12 CVE-2018-6927 Integer Overflow or Wraparound vulnerability in multiple products
The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value.
local
low complexity
linux canonical debian redhat CWE-190
7.8
2018-02-09 CVE-2018-1000027 NULL Pointer Dereference vulnerability in multiple products
The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy.
network
low complexity
squid-cache debian canonical CWE-476
7.5
2018-02-09 CVE-2018-1000026 Improper Input Validation vulnerability in multiple products
Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line.
network
low complexity
linux canonical redhat debian CWE-20
7.7
2018-02-09 CVE-2018-1000024 The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy..
network
low complexity
squid-cache debian canonical
7.5
2018-02-09 CVE-2017-10689 Improper Privilege Management vulnerability in multiple products
In previous versions of Puppet Agent it was possible to install a module with world writable permissions.
local
low complexity
puppet canonical redhat CWE-269
5.5
2018-02-09 CVE-2018-1053 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files.
local
high complexity
postgresql debian canonical redhat CWE-732
7.0
2018-02-09 CVE-2018-6871 LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.
network
low complexity
libreoffice debian canonical redhat
critical
9.8
2018-02-09 CVE-2018-6869 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function of zzip/zip.c.
network
low complexity
zziplib-project debian canonical CWE-770
6.5