Vulnerabilities > Canonical > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-03-01 CVE-2018-7584 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c.
network
low complexity
php canonical debian CWE-119
critical
 9.8
9.8
2018-02-27 CVE-2018-7548 NULL Pointer Dereference vulnerability in multiple products
In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result.
network
low complexity
zsh canonical CWE-476
critical
 9.8
9.8
2018-02-27 CVE-2017-18206 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In utils.c in zsh before 5.4, symlink expansion had a buffer overflow.
network
low complexity
zsh canonical CWE-119
critical
 9.8
9.8
2018-02-27 CVE-2016-10714 Numeric Errors vulnerability in multiple products
In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters.
network
low complexity
zsh canonical CWE-189
critical
 9.8
9.8
2018-02-27 CVE-2014-10071 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the ">& fd" syntax.
network
low complexity
zsh canonical CWE-119
critical
 9.8
9.8
2018-02-19 CVE-2018-7225 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in LibVNCServer through 0.9.11.
network
low complexity
libvncserver-project debian canonical redhat CWE-190
critical
 9.8
9.8
2018-02-19 CVE-2018-5379 Double Free vulnerability in multiple products
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes.
network
low complexity
quagga debian canonical redhat siemens CWE-415
critical
 9.8
9.8
2018-02-15 CVE-2018-7054 Use After Free vulnerability in multiple products
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1.
network
low complexity
irssi canonical debian CWE-416
critical
 9.8
9.8
2018-02-15 CVE-2018-7053 Use After Free vulnerability in multiple products
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1.
network
low complexity
irssi debian canonical CWE-416
critical
 9.8
9.8
2018-02-09 CVE-2018-6871 LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.
network
low complexity
libreoffice debian canonical redhat
critical
 9.8
9.8