Vulnerabilities > Canonical > Ubuntu Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-01-23 CVE-2018-5950 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.
network
low complexity
gnu debian canonical redhat CWE-79
6.1
2018-01-23 CVE-2017-15105 Improper Input Validation vulnerability in multiple products
A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records.
network
low complexity
nlnetlabs debian canonical CWE-20
5.0
2018-01-19 CVE-2018-5785 Integer Overflow or Wraparound vulnerability in multiple products
In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c).
4.3
2018-01-19 CVE-2018-5784 Resource Exhaustion vulnerability in multiple products
In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c.
4.3
2018-01-18 CVE-2018-2678 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). 4.3
2018-01-18 CVE-2018-2677 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). 4.3
2018-01-18 CVE-2018-2668 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer).
network
low complexity
oracle mariadb debian canonical netapp redhat
6.8
2018-01-18 CVE-2018-2665 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer).
network
low complexity
oracle mariadb debian canonical netapp redhat
6.8
2018-01-18 CVE-2018-2663 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). 4.3
2018-01-18 CVE-2018-2641 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). 6.1