18.04

DATE	CVE	VULNERABILITY TITLE	RISK
2019-01-31	CVE-2019-6109	Improper Encoding or Escaping of Output vulnerability in multiple products An issue was discovered in OpenSSH 7.9. network high complexity openbsd winscp canonical debian netapp fedoraproject redhat siemens fujitsu CWE-116	6.8
2019-01-30	CVE-2018-17199	Session Fixation vulnerability in multiple products In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. network low complexity apache debian netapp canonical oracle CWE-384	7.5
2019-01-30	CVE-2018-17189	Resource Exhaustion vulnerability in multiple products In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. network low complexity apache netapp fedoraproject debian oracle canonical redhat CWE-400	5.3
2019-01-30	CVE-2018-20750	Out-of-bounds Write vulnerability in multiple products LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. network low complexity libvnc-project canonical debian siemens CWE-787	7.5
2019-01-30	CVE-2018-20749	Out-of-bounds Write vulnerability in multiple products LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. network low complexity libvnc-project canonical debian siemens CWE-787	7.5
2019-01-30	CVE-2018-20748	Out-of-bounds Write vulnerability in multiple products LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. network low complexity libvnc-project debian canonical siemens CWE-787	7.5
2019-01-29	CVE-2018-16880	Out-of-bounds Write vulnerability in multiple products A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. local high complexity linux canonical CWE-787	7.0
2019-01-29	CVE-2019-7150	Out-of-bounds Read vulnerability in multiple products An issue was discovered in elfutils 0.175. network elfutils-project debian canonical opensuse redhat CWE-125	4.3
2019-01-28	CVE-2019-3462	Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine. network high complexity debian canonical netapp	8.1
2019-01-28	CVE-2018-10910	Incorrect Authorization vulnerability in multiple products A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. local low complexity bluez canonical CWE-863	3.3