Vulnerabilities > Canonical > Ubuntu Linux

DATE CVE VULNERABILITY TITLE RISK
2018-07-20 CVE-2016-10727 Information Exposure vulnerability in multiple products
camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
network
low complexity
canonical gnome CWE-200
critical
 9.8
9.8
2018-07-20 CVE-2018-14437 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c.
network
low complexity
imagemagick canonical CWE-772
6.5
6.5
2018-07-20 CVE-2018-14436 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c.
network
low complexity
imagemagick canonical CWE-772
6.5
6.5
2018-07-20 CVE-2018-14435 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c.
network
low complexity
imagemagick canonical CWE-772
6.5
6.5
2018-07-20 CVE-2018-14434 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c.
network
low complexity
imagemagick canonical CWE-772
6.5
6.5
2018-07-19 CVE-2018-14404 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case.
network
low complexity
canonical debian xmlsoft CWE-476
7.5
7.5
2018-07-19 CVE-2018-12911 Out-of-bounds Write vulnerability in multiple products
WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the get_simple_globs functions in ThirdParty/xdgmime/src/xdgmimecache.c and ThirdParty/xdgmime/src/xdgmimeglob.c.
network
low complexity
webkitgtk canonical CWE-787
critical
 9.8
9.8
2018-07-19 CVE-2017-7481 Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe.
network
low complexity
redhat canonical debian
critical
 9.8
9.8
2018-07-18 CVE-2018-10877 Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image.
local
low complexity
canonical linux debian redhat
6.5
6.5
2018-07-18 CVE-2018-3081 Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs).
network
high complexity
oracle netapp canonical debian mariadb redhat
5.0
5.0