Vulnerabilities > Canonical > Ubuntu Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-08-29 CVE-2018-16062 Out-of-bounds Read vulnerability in multiple products
dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.
5.5
2018-08-28 CVE-2017-15422 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
network
low complexity
google icu-project debian canonical redhat CWE-190
6.5
2018-08-25 CVE-2018-15857 Use After Free vulnerability in multiple products
An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file.
local
low complexity
xkbcommon canonical CWE-416
4.6
2018-08-24 CVE-2018-15120 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.
4.3
2018-08-22 CVE-2018-10919 Information Exposure vulnerability in multiple products
The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks.
network
low complexity
canonical debian samba CWE-200
4.0
2018-08-22 CVE-2018-10918 NULL Pointer Dereference vulnerability in multiple products
A null pointer dereference flaw was found in the way samba checked database outputs from the LDB database layer.
network
low complexity
canonical samba CWE-476
4.0
2018-08-22 CVE-2018-10858 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing.
network
low complexity
debian canonical samba redhat CWE-119
6.5
2018-08-22 CVE-2018-1139 Insufficiently Protected Credentials vulnerability in multiple products
A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled.
4.3
2018-08-22 CVE-2018-10846 Covert Timing Channel vulnerability in multiple products
A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found.
5.6
2018-08-22 CVE-2018-10845 Covert Timing Channel vulnerability in multiple products
It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack.
network
high complexity
gnu redhat canonical fedoraproject debian CWE-385
5.9