Vulnerabilities > Canonical > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-15 | CVE-2018-7050 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. | 7.5 |
| 2018-02-13 | CVE-2018-6954 | Link Following vulnerability in multiple products systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. | 7.8 |
| 2018-02-13 | CVE-2018-6951 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in GNU patch through 2.7.6. | 7.5 |
| 2018-02-12 | CVE-2018-6927 | Integer Overflow or Wraparound vulnerability in multiple products The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value. | 7.8 |
| 2018-02-09 | CVE-2018-1000027 | NULL Pointer Dereference vulnerability in multiple products The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. | 7.5 |
| 2018-02-09 | CVE-2018-1000026 | Improper Input Validation vulnerability in multiple products Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. | 7.7 |
| 2018-02-09 | CVE-2018-1000024 | The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. | 7.5 |
| 2018-02-09 | CVE-2018-1053 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. | 7.0 |
| 2018-02-09 | CVE-2016-10712 | Improper Input Validation vulnerability in multiple products In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). | 7.5 |
| 2018-02-06 | CVE-2018-6767 | Out-of-bounds Read vulnerability in multiple products A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file. | 7.8 |