Canonical: Security Vulnerabilities
Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.
CVSS Score
5.5
EPSS Score
0.009
Published
2018-07-25
The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory corruption.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-07-23
camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. The server code was intended to report an error and not proceed, but the code was written incorrectly.
CVSS Score
9.8
EPSS Score
0.011
Published
2018-07-20
ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-07-20
ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-07-20
ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-07-20
ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-07-20
Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated.
CVSS Score
5.3
EPSS Score
0.02
Published
2018-07-19
WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the get_simple_globs functions in ThirdParty/xdgmime/src/xdgmimecache.c and ThirdParty/xdgmime/src/xdgmimeglob.c.
CVSS Score
9.8
EPSS Score
0.005
Published
2018-07-19
A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.
CVSS Score
7.5
EPSS Score
0.2
Published
2018-07-19