Vulnerabilities > Canonical > Ubuntu Linux > High

DATE CVE VULNERABILITY TITLE RISK
2018-03-13 CVE-2018-1057 Incorrect Authorization vulnerability in multiple products
On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers).
network
low complexity
debian canonical samba CWE-863
8.8
2018-03-13 CVE-2018-1000097 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code.
local
low complexity
debian canonical gnu CWE-119
7.8
2018-03-07 CVE-2018-7752 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps function in media_tools/av_parsers.c, a different vulnerability than CVE-2018-1000100.
local
low complexity
gpac debian canonical CWE-119
7.8
2018-03-06 CVE-2018-7185 The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.
network
low complexity
ntp synology canonical netapp hpe oracle
7.5
2018-03-06 CVE-2018-7184 ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp.
network
low complexity
ntp synology slackware canonical netapp
7.5
2018-03-06 CVE-2018-7182 Out-of-bounds Read vulnerability in multiple products
The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.
network
low complexity
ntp canonical netapp CWE-125
7.5
2018-03-06 CVE-2018-1000100 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
GPAC MP4Box version 0.7.1 and earlier contains a Buffer Overflow vulnerability in src/isomedia/avc_ext.c lines 2417 to 2420 that can result in Heap chunks being modified, this could lead to RCE.
local
low complexity
gpac-project canonical CWE-119
7.8
2018-03-05 CVE-2018-1000115 Resource Exhaustion vulnerability in multiple products
Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources).
network
low complexity
memcached canonical debian redhat CWE-400
7.5
2018-03-02 CVE-2018-1058 A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users.
network
low complexity
postgresql canonical redhat
8.8
2018-03-01 CVE-2017-18209 NULL Pointer Dereference vulnerability in multiple products
In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ImageMagick 7.0.7, a NULL pointer dereference vulnerability occurs because a memory allocation result is not checked, related to GetOpenCLCacheDirectory.
network
low complexity
imagemagick canonical CWE-476
8.8