Vulnerabilities > Canonical > Ubuntu Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-05-31 CVE-2018-11577 Classic Buffer Overflow vulnerability in multiple products
Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c.
6.8
2018-05-30 CVE-2018-10196 NULL Pointer Dereference vulnerability in multiple products
NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file.
local
low complexity
graphviz fedoraproject canonical CWE-476
5.5
2018-05-30 CVE-2018-11235 Path Traversal vulnerability in multiple products
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur.
6.8
2018-05-30 CVE-2018-11233 Out-of-bounds Read vulnerability in multiple products
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.
network
low complexity
canonical git-scm CWE-125
5.0
2018-05-25 CVE-2018-11469 Information Exposure vulnerability in multiple products
Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function.
network
high complexity
haproxy canonical CWE-200
5.9
2018-05-25 CVE-2018-11440 Out-of-bounds Write vulnerability in multiple products
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c.
6.8
2018-05-24 CVE-2018-11412 Use After Free vulnerability in multiple products
In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode.
4.3
2018-05-24 CVE-2018-1000301 Out-of-bounds Read vulnerability in multiple products
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content..
network
low complexity
debian canonical haxx redhat oracle CWE-125
6.4
2018-05-24 CVE-2018-1000199 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption.
local
low complexity
debian linux canonical redhat CWE-119
4.9
2018-05-23 CVE-2018-1125 Out-of-bounds Write vulnerability in multiple products
procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep.
5.0