14.04

DATE	CVE	VULNERABILITY TITLE	RISK
2018-10-26	CVE-2018-18690	Improper Check for Unusual or Exceptional Conditions vulnerability in Linux Kernel In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form. local low complexity linux canonical debian CWE-754	4.9
2018-10-26	CVE-2018-18661	NULL Pointer Dereference vulnerability in multiple products An issue was discovered in LibTIFF 4.0.9. network libtiff canonical CWE-476	4.3
2018-10-23	CVE-2018-18585	NULL Pointer Dereference vulnerability in multiple products chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name). network low complexity kyzer debian redhat canonical suse starwindsoftware CWE-476	4.3
2018-10-23	CVE-2018-18584	Out-of-bounds Write vulnerability in multiple products In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write. network low complexity libmspack-project cabextract-project debian redhat canonical suse starwindsoftware CWE-787	6.5
2018-10-22	CVE-2018-18557	Out-of-bounds Write vulnerability in multiple products LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write. network libtiff debian canonical CWE-787	6.8
2018-10-19	CVE-2018-18284	Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. local low complexity artifex debian canonical redhat pulsesecure	8.6
2018-10-18	CVE-2018-5188	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. network low complexity debian canonical mozilla redhat CWE-119 critical	9.8
2018-10-18	CVE-2018-5187	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs present in Firefox 60 and Firefox ESR 60. network low complexity debian canonical mozilla CWE-119	7.5
2018-10-18	CVE-2018-5186	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs present in Firefox 60. network low complexity mozilla canonical CWE-119	7.5
2018-10-18	CVE-2018-5156	Improper Input Validation vulnerability in multiple products A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. network low complexity redhat debian canonical mozilla CWE-20 critical	9.8