Vulnerabilities > Canonical > Ubuntu Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-04-03 CVE-2017-7165 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
An issue was discovered in certain Apple products.
6.8
2018-04-03 CVE-2017-7161 Command Injection vulnerability in multiple products
An issue was discovered in certain Apple products.
6.8
2018-04-03 CVE-2017-7153 Open Redirect vulnerability in Apple products
An issue was discovered in certain Apple products.
5.8
2018-04-03 CVE-2017-13885 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
An issue was discovered in certain Apple products.
6.8
2018-04-03 CVE-2017-13884 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
An issue was discovered in certain Apple products.
6.8
2018-04-02 CVE-2018-1094 NULL Pointer Dereference vulnerability in multiple products
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image.
local
low complexity
linux redhat canonical CWE-476
5.5
2018-03-30 CVE-2018-7566 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.
local
low complexity
linux suse canonical debian redhat oracle CWE-119
4.6
2018-03-30 CVE-2018-9133 Excessive Iteration vulnerability in multiple products
ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file.
4.3
2018-03-28 CVE-2018-8885 Race Condition vulnerability in Canonical Screen-Resolution-Extra and Ubuntu Linux
screenresolution-mechanism in screen-resolution-extra 0.17.2 does not properly use the PolicyKit D-Bus API, which allows local users to bypass intended access restrictions by leveraging a race condition via a setuid or pkexec process that is mishandled in a PolicyKitService._check_permission call.
4.4
2018-03-27 CVE-2018-0739 Uncontrolled Recursion vulnerability in multiple products
Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion.
network
low complexity
openssl debian canonical CWE-674
6.5