Vulnerabilities > Canonical > Ubuntu Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-02-02 CVE-2018-6541 In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_trailer (zzip/zip.c). 4.3
2018-02-02 CVE-2018-6540 In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. 4.3
2018-02-01 CVE-2018-6484 In ZZIPlib 0.13.67, there is a memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c. 4.3
2018-01-31 CVE-2017-18043 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash).
local
low complexity
qemu debian canonical CWE-190
5.5
2018-01-30 CVE-2018-6405 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer.
4.3
2018-01-29 CVE-2018-6381 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In ZZIPlib 0.13.67, 0.13.66, 0.13.65, 0.13.64, 0.13.63, 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57 and 0.13.56 there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function (zzip/mmapped.c) because the size variable is not validated against the amount of file->stored data.
4.3
2018-01-25 CVE-2017-15132 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0.
network
low complexity
dovecot debian canonical CWE-772
5.0
2018-01-25 CVE-2018-6198 Link Following vulnerability in multiple products
w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files.
local
high complexity
tats canonical CWE-59
4.7
2018-01-24 CVE-2018-1000007 libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties.
network
low complexity
haxx debian canonical redhat fujitsu
5.0
2018-01-24 CVE-2018-1000005 Out-of-bounds Read vulnerability in multiple products
libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers.
network
low complexity
haxx debian canonical CWE-125
6.4