Canonical: Security Vulnerabilities
The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory corruption.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-07-23
camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. The server code was intended to report an error and not proceed, but the code was written incorrectly.
CVSS Score
9.8
EPSS Score
0.009
Published
2018-07-20
ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-07-20
ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-07-20
ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-07-20
ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-07-20
Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated.
CVSS Score
5.3
EPSS Score
0.037
Published
2018-07-19
WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the get_simple_globs functions in ThirdParty/xdgmime/src/xdgmimecache.c and ThirdParty/xdgmime/src/xdgmimeglob.c.
CVSS Score
9.8
EPSS Score
0.005
Published
2018-07-19
A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.
CVSS Score
7.5
EPSS Score
0.236
Published
2018-07-19
Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image.
CVSS Score
7.3
EPSS Score
0.003
Published
2018-07-18