12.04

DATE	CVE	VULNERABILITY TITLE	RISK
2018-09-04	CVE-2018-16429	Out-of-bounds Read vulnerability in multiple products GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str(). network low complexity gnome canonical CWE-125	7.5
2018-09-04	CVE-2018-16428	NULL Pointer Dereference vulnerability in multiple products In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference. network low complexity gnome canonical CWE-476 critical	9.8
2018-08-31	CVE-2018-16276	Out-of-bounds Write vulnerability in multiple products An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. local low complexity linux debian canonical CWE-787	7.8
2018-08-26	CVE-2011-2767	Code Injection vulnerability in multiple products mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes. network low complexity apache debian redhat canonical CWE-94 critical	9.8
2018-08-24	CVE-2018-14600	Out-of-bounds Write vulnerability in multiple products An issue was discovered in libX11 through 1.6.5. network low complexity x-org debian canonical CWE-787 critical	9.8
2018-08-24	CVE-2018-14599	Off-by-one Error vulnerability in multiple products An issue was discovered in libX11 through 1.6.5. network low complexity x-org debian canonical fedoraproject redhat CWE-193 critical	9.8
2018-08-24	CVE-2018-14598	Improper Input Validation vulnerability in multiple products An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. network low complexity x-org debian canonical fedoraproject CWE-20	7.5
2018-08-21	CVE-2018-10902	It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. local low complexity debian canonical linux redhat	7.8
2018-08-20	CVE-2018-15594	Information Exposure vulnerability in multiple products arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests. local low complexity debian canonical linux CWE-200	5.5
2018-08-20	CVE-2018-15572	The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks. local low complexity debian canonical linux	6.5