Vulnerabilities > Canonical > Low

DATE CVE VULNERABILITY TITLE RISK
2018-10-26 CVE-2018-6559 Information Exposure vulnerability in multiple products
The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace.
local
low complexity
linux canonical CWE-200
2.1
2.1
2018-10-18 CVE-2018-12383 Insufficiently Protected Credentials vulnerability in multiple products
If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible.
local
low complexity
redhat debian canonical mozilla CWE-522
2.1
2.1
2018-10-17 CVE-2018-18386 Incorrect Type Conversion or Cast vulnerability in Linux Kernel
drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ.
local
low complexity
linux canonical CWE-704
2.1
2.1
2018-10-17 CVE-2018-3136 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security).
network
high complexity
oracle redhat debian canonical hp
2.6
2.6
2018-10-17 CVE-2018-3139 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking).
network
high complexity
oracle redhat debian canonical hp
2.6
2.6
2018-10-17 CVE-2018-3283 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Logging). 3.5
3.5
2018-10-07 CVE-2018-18021 Improper Input Validation vulnerability in Linux Kernel
arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVM_SET_ON_REG ioctl.
local
low complexity
linux debian canonical CWE-20
3.6
3.6
2018-09-07 CVE-2018-16658 Information Exposure vulnerability in Linux Kernel
An issue was discovered in the Linux kernel before 4.18.6.
local
low complexity
linux canonical debian CWE-200
3.6
3.6
2018-08-25 CVE-2018-15853 Resource Exhaustion vulnerability in multiple products
Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation.
local
low complexity
xkbcommon canonical CWE-400
2.1
2.1
2018-08-25 CVE-2018-15854 NULL Pointer Dereference vulnerability in multiple products
Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly.
local
low complexity
xkbcommon-project canonical CWE-476
2.1
2.1