Vulnerabilities > Canonical > Ubuntu Linux > High

DATE CVE VULNERABILITY TITLE RISK
2018-03-01 CVE-2018-7550 Out-of-bounds Write vulnerability in multiple products
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.
local
low complexity
qemu debian canonical redhat CWE-787
8.8
2018-02-27 CVE-2018-7549 Improper Input Validation vulnerability in multiple products
In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p.
network
low complexity
zsh redhat canonical CWE-20
7.5
2018-02-25 CVE-2018-7480 Double Free vulnerability in multiple products
The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure.
local
low complexity
linux canonical debian CWE-415
7.8
2018-02-23 CVE-2018-6764 Origin Validation Error vulnerability in multiple products
util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.
local
low complexity
redhat debian canonical CWE-346
7.8
2018-02-19 CVE-2018-7253 Out-of-bounds Read vulnerability in multiple products
The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file.
local
low complexity
wavpack debian canonical CWE-125
7.8
2018-02-19 CVE-2018-5381 Infinite Loop vulnerability in multiple products
The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function.
network
low complexity
quagga canonical debian siemens CWE-835
7.5
2018-02-16 CVE-2017-18190 Authentication Bypass by Spoofing vulnerability in multiple products
A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding.
network
low complexity
apple debian canonical CWE-290
7.5
2018-02-15 CVE-2018-7052 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1.
network
low complexity
irssi canonical debian CWE-476
7.5
2018-02-15 CVE-2018-7051 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1.
network
low complexity
irssi debian canonical CWE-125
7.5
2018-02-15 CVE-2018-7050 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1.
network
low complexity
irssi debian canonical CWE-476
7.5