Vulnerabilities > Canonical > Ubuntu Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-10-03 CVE-2017-14494 Information Exposure vulnerability in multiple products
dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.
network
high complexity
redhat debian novell canonical thekelleys CWE-200
5.9
2017-09-29 CVE-2017-14864 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26.
local
low complexity
exiv2 canonical debian CWE-119
5.5
2017-09-29 CVE-2017-14862 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26.
local
low complexity
exiv2 canonical debian CWE-119
5.5
2017-09-29 CVE-2017-14859 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26.
local
low complexity
exiv2 canonical debian CWE-119
5.5
2017-09-28 CVE-2015-3643 Permissions, Privileges, and Access Controls vulnerability in Usb-Creator Project Usb-Creator
usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before 0.2.56.3ubuntu0.1 on Ubuntu 14.04 LTS, before 0.2.62ubuntu0.3 on Ubuntu 14.10, and before 0.2.67ubuntu0.1 on Ubuntu 15.04 allows local users to gain privileges by leveraging a missing call check_polkit for the KVMTest method.
local
low complexity
usb-creator-project canonical CWE-264
4.6
2017-09-21 CVE-2017-12153 NULL Pointer Dereference vulnerability in Linux Kernel
A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3.
local
low complexity
linux debian canonical CWE-476
4.9
2017-09-21 CVE-2017-14633 Out-of-bounds Read vulnerability in multiple products
In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().
4.3
2017-09-20 CVE-2017-14607 Out-of-bounds Read vulnerability in multiple products
In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c.
5.8
2017-09-18 CVE-2017-14533 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c.
4.3
2017-09-12 CVE-2017-14343 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file.
4.3