Vulnerabilities > Canonical > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-10-06 CVE-2018-17456 Argument Injection or Modification vulnerability in multiple products
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.
network
low complexity
git-scm redhat canonical debian CWE-88
critical
 9.8
9.8
2018-09-18 CVE-2018-1000802 Command Injection vulnerability in multiple products
Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive.
network
low complexity
python debian canonical opensuse CWE-77
critical
 9.8
9.8
2018-09-17 CVE-2018-11780 Code Injection vulnerability in multiple products
A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2.
network
low complexity
apache pdfinfo-project debian canonical CWE-94
critical
 9.8
9.8
2018-09-05 CVE-2018-14618 Integer Overflow or Wraparound vulnerability in multiple products
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code.
network
low complexity
haxx canonical debian redhat CWE-190
critical
 9.8
9.8
2018-09-05 CVE-2018-13259 Improper Input Validation vulnerability in multiple products
An issue was discovered in zsh before 5.6.
network
low complexity
canonical zsh CWE-20
critical
 9.8
9.8
2018-09-05 CVE-2018-0502 Improper Input Validation vulnerability in multiple products
An issue was discovered in zsh before 5.6.
network
low complexity
canonical zsh CWE-20
critical
 9.8
9.8
2018-09-04 CVE-2018-16428 NULL Pointer Dereference vulnerability in multiple products
In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference.
network
low complexity
gnome canonical CWE-476
critical
 9.8
9.8
2018-09-03 CVE-2018-16402 Double Free vulnerability in multiple products
libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.
network
low complexity
elfutils-project debian redhat opensuse canonical CWE-415
critical
 9.8
9.8
2018-08-26 CVE-2011-2767 Code Injection vulnerability in multiple products
mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.
network
low complexity
apache debian redhat canonical CWE-94
critical
 9.8
9.8
2018-08-24 CVE-2018-14600 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in libX11 through 1.6.5.
network
low complexity
x-org debian canonical CWE-787
critical
 9.8
9.8