Vulnerabilities > Canonical > Ubuntu Linux > High

DATE CVE VULNERABILITY TITLE RISK
2018-02-03 CVE-2018-6594 Inadequate Encryption Strength vulnerability in multiple products
lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack).
network
low complexity
dlitz debian canonical CWE-326
7.5
2018-02-02 CVE-2017-14180 Resource Exhaustion vulnerability in multiple products
Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179.
local
low complexity
apport-project canonical CWE-400
7.8
2018-02-02 CVE-2017-14179 Resource Exhaustion vulnerability in multiple products
Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers.
local
low complexity
apport-project canonical CWE-400
7.8
2018-02-02 CVE-2017-14177 Resource Exhaustion vulnerability in multiple products
Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges.
local
low complexity
apport-project canonical CWE-400
7.8
2018-01-31 CVE-2018-1000001 Out-of-bounds Write vulnerability in multiple products
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
local
low complexity
gnu canonical redhat CWE-787
7.8
2018-01-29 CVE-2017-18079 NULL Pointer Dereference vulnerability in multiple products
drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated.
local
low complexity
linux canonical CWE-476
7.8
2018-01-25 CVE-2017-15132 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0.
network
low complexity
dovecot debian canonical CWE-772
7.5
2018-01-25 CVE-2018-6197 NULL Pointer Dereference vulnerability in multiple products
w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c.
network
low complexity
tats canonical CWE-476
7.5
2018-01-25 CVE-2018-6196 Infinite Loop vulnerability in multiple products
w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feed_table_block_tag function in table.c does not prevent a negative indent value.
network
low complexity
tats canonical CWE-835
7.5
2018-01-24 CVE-2017-18075 Release of Invalid Pointer or Reference vulnerability in multiple products
crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of system calls.
local
low complexity
linux canonical CWE-763
7.8