Vulnerabilities > Canonical > Ubuntu Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-04-17 CVE-2018-6798 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in Perl 5.22 through 5.26.
network
low complexity
debian perl canonical redhat CWE-125
5.0
2018-04-16 CVE-2018-10177 Infinite Loop vulnerability in multiple products
In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c file.
4.3
2018-04-16 CVE-2018-0737 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack.
network
high complexity
openssl canonical CWE-327
5.9
2018-04-10 CVE-2018-9918 Uncontrolled Recursion vulnerability in multiple products
libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and QPDF_Dictionary classes, because nesting in direct objects is not restricted.
6.8
2018-04-06 CVE-2018-1000156 Improper Input Validation vulnerability in multiple products
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution.
6.8
2018-04-04 CVE-2018-9234 Key Management Errors vulnerability in multiple products
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.
network
low complexity
gnupg canonical CWE-320
5.0
2018-04-03 CVE-2018-8779 Improper Input Validation vulnerability in multiple products
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters.
network
low complexity
ruby-lang canonical debian CWE-20
5.0
2018-04-03 CVE-2018-8778 Use of Externally-Controlled Format String vulnerability in multiple products
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure.
network
low complexity
ruby-lang canonical debian redhat CWE-134
5.0
2018-04-03 CVE-2018-8777 Resource Exhaustion vulnerability in multiple products
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption).
network
low complexity
ruby-lang debian canonical redhat CWE-400
5.0
2018-04-03 CVE-2018-6914 Path Traversal vulnerability in multiple products
Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a ..
network
low complexity
ruby-lang canonical debian redhat CWE-22
5.0