Vulnerabilities > Canonical > Ubuntu Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-10-14 CVE-2017-15298 Resource Exhaustion vulnerability in multiple products
Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb.
local
low complexity
git-scm canonical CWE-400
5.5
2017-10-10 CVE-2017-15218 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c.
network
low complexity
imagemagick canonical CWE-772
6.5
2017-10-10 CVE-2017-15217 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c.
network
low complexity
imagemagick canonical CWE-772
6.5
2017-10-10 CVE-2014-9092 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.
network
low complexity
libjpeg-turbo fedoraproject canonical CWE-119
6.5
2017-10-03 CVE-2017-14494 Information Exposure vulnerability in multiple products
dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.
network
high complexity
redhat debian novell canonical thekelleys CWE-200
5.9
2017-09-29 CVE-2017-14864 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26.
local
low complexity
exiv2 canonical debian CWE-119
5.5
2017-09-29 CVE-2017-14862 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26.
local
low complexity
exiv2 canonical debian CWE-119
5.5
2017-09-29 CVE-2017-14859 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26.
local
low complexity
exiv2 canonical debian CWE-119
5.5
2017-09-21 CVE-2017-12153 NULL Pointer Dereference vulnerability in multiple products
A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3.
local
low complexity
linux debian canonical CWE-476
4.4
2017-09-21 CVE-2017-14633 Out-of-bounds Read vulnerability in multiple products
In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().
network
low complexity
xiph-org debian canonical CWE-125
6.5