Vulnerabilities > Canonical > Ubuntu Linux > High

DATE CVE VULNERABILITY TITLE RISK
2018-08-28 CVE-2018-15911 Use of Uninitialized Resource vulnerability in multiple products
In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code.
7.8
2018-08-27 CVE-2018-15910 Incorrect Type Conversion or Cast vulnerability in multiple products
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code.
7.8
2018-08-27 CVE-2018-15909 Incorrect Type Conversion or Cast vulnerability in multiple products
In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code.
7.8
2018-08-27 CVE-2018-15908 In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files.
local
low complexity
artifex debian canonical redhat
7.8
2018-08-25 CVE-2018-15857 Use After Free vulnerability in multiple products
An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file.
local
low complexity
xkbcommon canonical CWE-416
7.8
2018-08-24 CVE-2018-14598 Improper Input Validation vulnerability in multiple products
An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5.
network
low complexity
x-org debian canonical fedoraproject CWE-20
7.5
2018-08-23 CVE-2018-15822 Reachable Assertion vulnerability in multiple products
The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure.
network
low complexity
ffmpeg debian canonical CWE-617
7.5
2018-08-22 CVE-2018-10858 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing.
network
low complexity
debian canonical samba redhat CWE-119
8.8
2018-08-22 CVE-2018-1139 Insufficiently Protected Credentials vulnerability in multiple products
A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled.
network
high complexity
samba redhat canonical CWE-522
8.1
2018-08-21 CVE-2018-10902 It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file.
local
low complexity
debian canonical linux redhat
7.8