Vulnerabilities > Canonical > Ubuntu Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-11-06 CVE-2018-9415 Double Free vulnerability in multiple products
In driver_override_store and driver_override_show of bus.c, there is a possible double free due to improper locking.
local
low complexity
google canonical CWE-415
4.6
2018-11-02 CVE-2018-16847 Out-of-bounds Read vulnerability in multiple products
An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU.
local
low complexity
qemu canonical CWE-125
4.6
2018-11-02 CVE-2018-18897 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
An issue was discovered in Poppler 0.71.0.
network
low complexity
freedesktop debian canonical redhat CWE-772
6.5
2018-10-31 CVE-2018-16842 Out-of-bounds Read vulnerability in multiple products
Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.
network
low complexity
haxx canonical debian CWE-125
6.4
2018-10-31 CVE-2018-18873 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in JasPer 2.0.14.
4.3
2018-10-30 CVE-2018-18281 Incomplete Cleanup vulnerability in multiple products
Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks.
local
low complexity
linux canonical debian CWE-459
4.6
2018-10-30 CVE-2018-0734 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack.
network
high complexity
openssl canonical debian nodejs netapp oracle CWE-327
5.9
2018-10-29 CVE-2018-0735 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack.
network
high complexity
openssl canonical debian nodejs netapp oracle CWE-327
5.9
2018-10-26 CVE-2018-18690 Improper Check for Unusual or Exceptional Conditions vulnerability in Linux Kernel
In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form.
local
low complexity
linux canonical debian CWE-754
4.9
2018-10-26 CVE-2018-18661 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in LibTIFF 4.0.9.
4.3