Vulnerabilities > Canonical > Ubuntu Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-02-13 CVE-2018-6942 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in FreeType 2 through 2.9.
4.3
2018-02-12 CVE-2018-6927 Integer Overflow or Wraparound vulnerability in Linux Kernel
The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value.
local
low complexity
linux canonical debian redhat CWE-190
4.6
2018-02-09 CVE-2018-1000027 NULL Pointer Dereference vulnerability in multiple products
The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy.
network
low complexity
squid-cache debian canonical CWE-476
5.0
2018-02-09 CVE-2018-1000024 The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy..
network
low complexity
squid-cache debian canonical
5.0
2018-02-09 CVE-2018-6871 LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.
network
low complexity
libreoffice debian canonical redhat
5.0
2018-02-09 CVE-2018-6869 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function of zzip/zip.c.
4.3
2018-02-06 CVE-2018-6767 Out-of-bounds Read vulnerability in multiple products
A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file.
6.8
2018-02-05 CVE-2018-6188 Information Exposure vulnerability in multiple products
django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.
network
low complexity
djangoproject canonical CWE-200
5.0
2018-02-04 CVE-2018-6616 Resource Exhaustion vulnerability in multiple products
In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c.
4.3
2018-02-03 CVE-2018-6594 Inadequate Encryption Strength vulnerability in multiple products
lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack).
network
low complexity
dlitz debian canonical CWE-326
5.0