Vulnerabilities > Canonical > Ubuntu Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-07-26 CVE-2015-9261 NULL Pointer Dereference vulnerability in multiple products
huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file.
local
low complexity
busybox debian canonical CWE-476
5.5
2018-07-26 CVE-2018-10881 Out-of-bounds Write vulnerability in multiple products
A flaw was found in the Linux kernel's ext4 filesystem.
local
low complexity
debian canonical linux redhat CWE-787
5.5
2018-07-26 CVE-2018-10876 Use After Free vulnerability in multiple products
A flaw was found in Linux kernel in the ext4 filesystem code.
local
low complexity
linux canonical debian CWE-416
5.5
2018-07-26 CVE-2017-7526 Cryptographic Issues vulnerability in multiple products
libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion.
network
high complexity
gnupg canonical debian CWE-310
6.8
2018-07-25 CVE-2018-13988 Out-of-bounds Read vulnerability in multiple products
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite.
4.3
2018-07-25 CVE-2018-10880 Out-of-bounds Write vulnerability in multiple products
Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data().
local
low complexity
debian linux redhat canonical CWE-787
5.5
2018-07-20 CVE-2016-10727 Information Exposure vulnerability in multiple products
camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
network
low complexity
canonical gnome CWE-200
5.0
2018-07-20 CVE-2018-14437 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c.
4.3
2018-07-20 CVE-2018-14436 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c.
4.3
2018-07-20 CVE-2018-14435 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c.
4.3