Vulnerabilities > Canonical > Ubuntu Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-07-09 CVE-2018-13785 Integer Overflow or Wraparound vulnerability in multiple products
In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.
4.3
2018-07-08 CVE-2018-13440 NULL Pointer Dereference vulnerability in multiple products
The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert.
4.3
2018-07-05 CVE-2018-13153 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c.
4.3
2018-07-03 CVE-2018-13099 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.4.
local
low complexity
linux debian opensuse canonical CWE-125
5.5
2018-07-03 CVE-2018-13096 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.14.
local
low complexity
linux debian canonical opensuse CWE-787
5.5
2018-07-03 CVE-2018-13094 NULL Pointer Dereference vulnerability in Linux Kernel
An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3.
4.3
2018-07-03 CVE-2018-10855 Information Exposure Through Log Files vulnerability in multiple products
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks.
4.3
2018-07-02 CVE-2018-0499 Cross-site Scripting vulnerability in multiple products
A cross-site scripting vulnerability in queryparser/termgenerator_internal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet().
4.3
2018-06-29 CVE-2018-10860 Path Traversal vulnerability in multiple products
perl-archive-zip is vulnerable to a directory traversal in Archive::Zip.
6.4
2018-06-28 CVE-2018-12929 Use After Free vulnerability in multiple products
ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service (kernel oops or panic) via a crafted ntfs filesystem.
local
low complexity
linux canonical CWE-416
4.9