Vulnerabilities > Canonical > Ubuntu Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-03-27 CVE-2018-0202 Out-of-bounds Read vulnerability in multiple products
clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
4.3
2018-03-27 CVE-2017-18254 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
An issue was discovered in ImageMagick 7.0.7.
4.3
2018-03-27 CVE-2017-18252 Reachable Assertion vulnerability in multiple products
An issue was discovered in ImageMagick 7.0.7.
4.3
2018-03-27 CVE-2017-18251 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
An issue was discovered in ImageMagick 7.0.7.
4.3
2018-03-26 CVE-2018-1302 NULL Pointer Dereference vulnerability in multiple products
When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory.
network
high complexity
apache canonical netapp CWE-476
5.9
2018-03-26 CVE-2018-1301 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header.
network
high complexity
apache debian canonical netapp redhat CWE-119
5.9
2018-03-26 CVE-2018-1283 In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header.
network
high complexity
apache debian canonical netapp redhat
5.3
2018-03-23 CVE-2018-8960 Out-of-bounds Read vulnerability in multiple products
The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation, leading to a heap-based buffer over-read.
6.8
2018-03-21 CVE-2017-18241 NULL Pointer Dereference vulnerability in Linux Kernel
fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure.
local
low complexity
linux debian canonical CWE-476
4.9
2018-03-20 CVE-2018-8881 Out-of-bounds Read vulnerability in multiple products
Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c, related to an unterminated string.
6.8