Vulnerabilities > Canonical > Ubuntu Linux > 17.10
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-17 | CVE-2017-16845 | Improper Input Validation vulnerability in multiple products hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access. | 10.0 |
| 2017-11-15 | CVE-2017-15115 | Use After Free vulnerability in multiple products The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls. | 7.8 |
| 2017-11-06 | CVE-2017-16548 | Out-of-bounds Read vulnerability in multiple products The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon. | 9.8 |
| 2017-11-05 | CVE-2017-16546 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file. | 8.8 |
| 2017-11-04 | CVE-2017-16532 | NULL Pointer Dereference vulnerability in multiple products The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. | 6.6 |
| 2017-10-12 | CVE-2017-15281 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s)." | 8.8 |
| 2017-10-11 | CVE-2017-0903 | Deserialization of Untrusted Data vulnerability in multiple products RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. | 9.8 |
| 2017-10-10 | CVE-2017-15218 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c. | 6.5 |
| 2017-10-10 | CVE-2017-15217 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c. | 6.5 |
| 2017-10-05 | CVE-2017-15033 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c. | 7.5 |