Vulnerabilities > Canonical > Ubuntu Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-08-22 CVE-2018-10844 Covert Timing Channel vulnerability in multiple products
It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack.
network
high complexity
gnu redhat canonical fedoraproject debian CWE-385
5.9
2018-08-21 CVE-2018-0501 Improper Verification of Cryptographic Signature vulnerability in multiple products
The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail.
network
high complexity
canonical debian CWE-347
5.9
2018-08-17 CVE-2018-15473 Race Condition vulnerability in multiple products
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
5.3
2018-08-17 CVE-2018-10873 Improper Input Validation vulnerability in multiple products
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks.
network
low complexity
spice-project debian canonical redhat CWE-20
6.5
2018-08-16 CVE-2018-14567 Infinite Loop vulnerability in multiple products
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.
4.3
2018-08-10 CVE-2018-6553 The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links.
local
low complexity
cups canonical debian
4.6
2018-08-09 CVE-2018-10915 SQL Injection vulnerability in multiple products
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections.
6.0
2018-08-05 CVE-2018-14938 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha.
network
low complexity
digitalcorpora canonical CWE-125
6.4
2018-08-03 CVE-2018-14574 Open Redirect vulnerability in multiple products
django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.
5.8
2018-08-03 CVE-2018-14883 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8.
network
low complexity
php canonical debian netapp CWE-125
5.0