Vulnerabilities > Canonical > Ubuntu Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-20 | CVE-2018-1000135 | Information Exposure vulnerability in multiple products GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure (CWE-200) vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, while on VPN. | 5.0 |
| 2018-03-20 | CVE-2018-8804 | Double Free vulnerability in multiple products WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact via a crafted file. | 6.8 |
| 2018-03-16 | CVE-2018-1068 | Out-of-bounds Write vulnerability in multiple products A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. | 6.7 |
| 2018-03-15 | CVE-2017-18236 | Infinite Loop vulnerability in multiple products An issue was discovered in Exempi before 2.4.4. | 4.3 |
| 2018-03-15 | CVE-2017-18234 | Use After Free vulnerability in multiple products An issue was discovered in Exempi before 2.4.3. | 6.8 |
| 2018-03-15 | CVE-2017-18233 | Infinite Loop vulnerability in multiple products An issue was discovered in Exempi before 2.4.4. | 4.3 |
| 2018-03-14 | CVE-2018-1000122 | Out-of-bounds Read vulnerability in multiple products A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage | 6.4 |
| 2018-03-14 | CVE-2018-1000121 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service | 5.0 |
| 2018-03-13 | CVE-2018-1000127 | Improper Locking vulnerability in multiple products memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. | 5.0 |
| 2018-03-13 | CVE-2018-1057 | Incorrect Authorization vulnerability in multiple products On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers). | 6.5 |