Vulnerabilities > Canonical > Ubuntu Linux > 18.04

DATE CVE VULNERABILITY TITLE RISK
2018-11-28 CVE-2018-14629 Infinite Loop vulnerability in multiple products
A denial of service vulnerability was discovered in Samba's LDAP server before versions 4.7.12, 4.8.7, and 4.9.3.
network
low complexity
samba canonical debian CWE-835
4.0
2018-11-26 CVE-2018-19535 Out-of-bounds Read vulnerability in multiple products
In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file.
network
low complexity
exiv2 debian redhat canonical CWE-125
6.5
2018-11-25 CVE-2018-19518 Argument Injection or Modification vulnerability in multiple products
University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics.
network
high complexity
php debian uw-imap-project canonical CWE-88
7.5
2018-11-23 CVE-2018-19486 Untrusted Search Path vulnerability in Git-Scm GIT
Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.
network
low complexity
git-scm linux canonical CWE-426
7.5
2018-11-23 CVE-2018-19477 Incorrect Type Conversion or Cast vulnerability in multiple products
psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.
local
low complexity
artifex debian canonical redhat CWE-704
7.8
2018-11-23 CVE-2018-19476 Incorrect Type Conversion or Cast vulnerability in multiple products
psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.
local
low complexity
artifex debian canonical redhat CWE-704
7.8
2018-11-23 CVE-2018-19475 psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.
local
low complexity
artifex debian canonical redhat
7.8
2018-11-21 CVE-2018-19409 An issue was discovered in Artifex Ghostscript before 9.26.
network
low complexity
artifex debian canonical redhat
critical
9.8
2018-11-21 CVE-2018-19407 NULL Pointer Dereference vulnerability in Linux Kernel
The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized.
local
low complexity
linux canonical CWE-476
4.9
2018-11-16 CVE-2018-18955 Incorrect Authorization vulnerability in multiple products
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges.
4.4