Vulnerabilities > Canonical > Ubuntu Linux > 18.04

DATE CVE VULNERABILITY TITLE RISK
2018-06-26 CVE-2018-1000204 Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp.
network
high complexity
linux debian canonical
5.3
2018-06-26 CVE-2018-12882 Use After Free vulnerability in multiple products
exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing.
network
low complexity
php canonical netapp CWE-416
7.5
2018-06-21 CVE-2018-12617 Integer Overflow or Wraparound vulnerability in multiple products
qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk.
network
low complexity
qemu canonical debian CWE-190
5.0
2018-06-20 CVE-2018-12600 Out-of-bounds Write vulnerability in multiple products
In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file.
6.8
2018-06-20 CVE-2018-12599 Out-of-bounds Write vulnerability in multiple products
In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file.
6.8
2018-06-20 CVE-2018-1120 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel
A flaw was found affecting the Linux kernel before version 4.17.
3.5
2018-06-19 CVE-2018-12293 Integer Overflow or Wraparound vulnerability in multiple products
The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer overflow, which could be abused by crafted HTML content.
6.8
2018-06-19 CVE-2018-10811 Missing Initialization of Resource vulnerability in multiple products
strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable.
7.5
2018-06-19 CVE-2018-1061 python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method.
network
low complexity
python debian redhat canonical fedoraproject
7.5
2018-06-18 CVE-2018-1333 Resource Exhaustion vulnerability in multiple products
By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service.
network
low complexity
apache redhat canonical netapp CWE-400
7.5