Vulnerabilities > Canonical > Ubuntu Linux > 14.04
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-25 | CVE-2018-6196 | Infinite Loop vulnerability in multiple products w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feed_table_block_tag function in table.c does not prevent a negative indent value. | 7.5 |
| 2018-01-24 | CVE-2018-1000007 | libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. | 5.0 |
| 2018-01-24 | CVE-2018-1000005 | Out-of-bounds Read vulnerability in multiple products libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. | 6.4 |
| 2018-01-24 | CVE-2017-18075 | Release of Invalid Pointer or Reference vulnerability in multiple products crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of system calls. | 7.8 |
| 2018-01-23 | CVE-2018-5683 | Out-of-bounds Read vulnerability in multiple products The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation. | 2.1 |
| 2018-01-23 | CVE-2018-5950 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL. | 6.1 |
| 2018-01-23 | CVE-2017-15105 | Improper Input Validation vulnerability in multiple products A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. | 5.0 |
| 2018-01-21 | CVE-2016-10708 | NULL Pointer Dereference vulnerability in multiple products sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. | 7.5 |
| 2018-01-19 | CVE-2018-5784 | Resource Exhaustion vulnerability in multiple products In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. | 4.3 |
| 2018-01-18 | CVE-2018-2678 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). | 4.3 |