Vulnerabilities > Canonical > Ubuntu Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-03-05 CVE-2018-1000115 Resource Exhaustion vulnerability in multiple products
Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources).
network
low complexity
memcached canonical debian redhat CWE-400
5.0
2018-03-02 CVE-2017-15130 A denial of service flaw was found in dovecot before 2.2.34. 4.3
2018-03-01 CVE-2017-18209 NULL Pointer Dereference vulnerability in multiple products
In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ImageMagick 7.0.7, a NULL pointer dereference vulnerability occurs because a memory allocation result is not checked, related to GetOpenCLCacheDirectory.
6.8
2018-02-28 CVE-2018-1304 The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition.
network
high complexity
apache redhat debian canonical oracle
5.9
2018-02-27 CVE-2018-7549 Improper Input Validation vulnerability in multiple products
In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p.
network
low complexity
zsh redhat canonical CWE-20
5.0
2018-02-26 CVE-2018-7492 NULL Pointer Dereference vulnerability in Linux Kernel
A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST.
local
low complexity
linux debian canonical CWE-476
4.9
2018-02-24 CVE-2018-7456 NULL Pointer Dereference vulnerability in multiple products
A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013.
4.3
2018-02-23 CVE-2018-1305 Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded.
network
low complexity
apache debian canonical oracle
6.5
2018-02-23 CVE-2018-7443 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c).
4.3
2018-02-23 CVE-2018-6764 Origin Validation Error vulnerability in multiple products
util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.
local
low complexity
redhat debian canonical CWE-346
4.6