Vulnerabilities > Canonical > Ubuntu Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-09-23 CVE-2018-17407 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21.
6.8
2018-09-22 CVE-2018-17336 Use of Externally-Controlled Format String vulnerability in multiple products
UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n substrings.
local
low complexity
freedesktop canonical CWE-134
4.6
2018-09-21 CVE-2018-17294 Out-of-bounds Read vulnerability in multiple products
The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries.
4.3
2018-09-19 CVE-2018-17206 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6.
network
low complexity
openvswitch redhat canonical debian CWE-125
4.0
2018-09-19 CVE-2018-17205 Reachable Assertion vulnerability in multiple products
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c.
network
low complexity
openvswitch redhat canonical CWE-617
5.0
2018-09-19 CVE-2018-17204 Reachable Assertion vulnerability in multiple products
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c.
network
low complexity
openvswitch redhat canonical debian CWE-617
4.0
2018-09-17 CVE-2017-15705 Improper Input Validation vulnerability in multiple products
A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2.
network
low complexity
apache redhat debian canonical CWE-20
5.3
2018-09-16 CVE-2018-17101 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in LibTIFF 4.0.9.
6.8
2018-09-16 CVE-2018-17100 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in LibTIFF 4.0.9.
6.8
2018-09-16 CVE-2018-17095 Out-of-bounds Write vulnerability in multiple products
An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0.
6.8