Vulnerabilities > Canonical > Ubuntu Linux > 17.10
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-05 | CVE-2018-13153 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c. | 6.5 |
| 2018-07-02 | CVE-2018-0499 | Cross-site Scripting vulnerability in multiple products A cross-site scripting vulnerability in queryparser/termgenerator_internal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet(). | 6.1 |
| 2018-07-01 | CVE-2018-13043 | Code Injection vulnerability in multiple products scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing. | 9.8 |
| 2018-06-29 | CVE-2018-10860 | Path Traversal vulnerability in multiple products perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. | 7.5 |
| 2018-06-20 | CVE-2018-12600 | Out-of-bounds Write vulnerability in multiple products In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file. | 8.8 |
| 2018-06-20 | CVE-2018-12599 | Out-of-bounds Write vulnerability in multiple products In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file. | 8.8 |
| 2018-06-19 | CVE-2018-12293 | Integer Overflow or Wraparound vulnerability in multiple products The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer overflow, which could be abused by crafted HTML content. | 8.8 |
| 2018-06-18 | CVE-2018-1152 | Divide By Zero vulnerability in multiple products libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image. | 6.5 |
| 2018-06-13 | CVE-2018-0495 | Information Exposure Through Discrepancy vulnerability in multiple products Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. | 4.7 |
| 2018-06-13 | CVE-2018-12265 | Integer Overflow or Wraparound vulnerability in multiple products Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp. | 8.8 |