Vulnerabilities > Canonical > Ubuntu Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-01-16 CVE-2018-5712 Cross-site Scripting vulnerability in PHP
An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1.
4.3
2018-01-16 CVE-2018-5711 Infinite Loop vulnerability in multiple products
gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function.
local
low complexity
php debian canonical CWE-835
5.5
2018-01-12 CVE-2017-18029 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.
4.3
2018-01-12 CVE-2017-18027 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.
4.3
2018-01-12 CVE-2018-5358 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes function in coders/json.c, as demonstrated by the ReadPSDLayersInternal function in coders/psd.c.
4.3
2018-01-12 CVE-2018-5357 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function in coders/dcm.c.
4.3
2018-01-12 CVE-2018-5344 Use After Free vulnerability in multiple products
In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact.
local
low complexity
linux canonical redhat CWE-416
4.6
2018-01-12 CVE-2018-5345 Out-of-bounds Write vulnerability in multiple products
A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file.
6.8
2018-01-11 CVE-2018-5333 NULL Pointer Dereference vulnerability in Linux Kernel
In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference.
local
low complexity
linux debian canonical CWE-476
4.9
2018-01-09 CVE-2017-15129 Race Condition vulnerability in multiple products
A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11.
local
high complexity
linux fedoraproject canonical redhat CWE-362
4.7