Vulnerabilities > Canonical > Ubuntu Linux > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-14 | CVE-2018-1000120 | Out-of-bounds Write vulnerability in multiple products A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse. | 7.5 |
| 2018-03-08 | CVE-2018-7183 | Out-of-bounds Write vulnerability in multiple products Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array. | 7.5 |
| 2018-03-02 | CVE-2018-1058 | A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. | 8.8 |
| 2018-03-02 | CVE-2018-1066 | NULL Pointer Dereference vulnerability in Linux Kernel The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery. | 7.1 |
| 2018-03-01 | CVE-2017-18211 | NULL Pointer Dereference vulnerability in multiple products In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function saveBinaryCLProgram in magick/opencl.c because a program-lookup result is not checked, related to CacheOpenCLKernel. | 7.5 |
| 2018-03-01 | CVE-2018-7584 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PHP In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. | 7.5 |
| 2018-03-01 | CVE-2018-7550 | Out-of-bounds Write vulnerability in multiple products The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access. | 8.8 |
| 2018-02-27 | CVE-2018-7548 | NULL Pointer Dereference vulnerability in multiple products In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result. | 7.5 |
| 2018-02-27 | CVE-2017-18206 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In utils.c in zsh before 5.4, symlink expansion had a buffer overflow. | 7.5 |
| 2018-02-27 | CVE-2016-10714 | Numeric Errors vulnerability in multiple products In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters. | 7.5 |