Vulnerabilities > Canonical > Ubuntu Linux > 18.04

DATE CVE VULNERABILITY TITLE RISK
2019-03-27 CVE-2019-3814 Improper Certificate Validation vulnerability in multiple products
It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates.
network
high complexity
dovecot canonical opensuse CWE-295
6.8
2019-03-26 CVE-2019-3878 Improper Authentication vulnerability in multiple products
A vulnerability was found in mod_auth_mellon before v0.14.2.
8.1
2019-03-25 CVE-2019-3874 Resource Exhaustion vulnerability in multiple products
The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem.
6.5
2019-03-25 CVE-2019-10018 Divide By Zero vulnerability in multiple products
An issue was discovered in Xpdf 4.01.01.
local
low complexity
xpdfreader debian canonical CWE-369
5.5
2019-03-23 CVE-2019-9948 Path Traversal vulnerability in multiple products
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.
network
low complexity
python opensuse debian fedoraproject canonical redhat CWE-22
critical
9.1
2019-03-21 CVE-2019-9903 Out-of-bounds Write vulnerability in multiple products
PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.
6.5
2019-03-21 CVE-2019-7222 The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. 5.5
2019-03-21 CVE-2019-7221 Use After Free vulnerability in multiple products
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
7.8
2019-03-21 CVE-2019-6778 Out-of-bounds Write vulnerability in multiple products
In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.
7.8
2019-03-21 CVE-2019-6690 Improper Input Validation vulnerability in multiple products
python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended.
network
low complexity
python debian opensuse suse canonical CWE-20
7.5