Vulnerabilities > Canonical

DATE CVE VULNERABILITY TITLE RISK
2018-01-25 CVE-2018-6198 Link Following vulnerability in multiple products
w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files.
local
high complexity
tats canonical CWE-59
4.7
2018-01-25 CVE-2018-6197 NULL Pointer Dereference vulnerability in multiple products
w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c.
network
low complexity
tats canonical CWE-476
7.5
2018-01-25 CVE-2018-6196 Infinite Loop vulnerability in multiple products
w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feed_table_block_tag function in table.c does not prevent a negative indent value.
network
low complexity
tats canonical CWE-835
7.5
2018-01-24 CVE-2018-1000007 libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties.
network
low complexity
haxx debian canonical redhat fujitsu
critical
9.8
2018-01-24 CVE-2018-1000005 Out-of-bounds Read vulnerability in multiple products
libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers.
network
low complexity
haxx debian canonical CWE-125
critical
9.1
2018-01-24 CVE-2017-18075 Release of Invalid Pointer or Reference vulnerability in multiple products
crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of system calls.
local
low complexity
linux canonical CWE-763
7.8
2018-01-23 CVE-2018-5683 Out-of-bounds Read vulnerability in multiple products
The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.
local
low complexity
qemu debian redhat canonical CWE-125
6.0
2018-01-23 CVE-2018-5950 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.
network
low complexity
gnu debian canonical redhat CWE-79
6.1
2018-01-23 CVE-2017-15105 Improper Input Validation vulnerability in multiple products
A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records.
network
low complexity
nlnetlabs debian canonical CWE-20
5.3
2018-01-21 CVE-2016-10708 NULL Pointer Dereference vulnerability in multiple products
sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.
network
low complexity
openbsd debian canonical netapp CWE-476
7.5