18.04

DATE	CVE	VULNERABILITY TITLE	RISK
2018-11-16	CVE-2018-16396	An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. network ruby-lang canonical debian redhat	6.8
2018-11-16	CVE-2018-16395	An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. network low complexity ruby-lang canonical debian redhat	7.5
2018-11-15	CVE-2018-5407	Information Exposure Through Discrepancy vulnerability in multiple products Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. local high complexity canonical debian nodejs openssl tenable oracle redhat CWE-203	4.7
2018-11-15	CVE-2018-18954	Out-of-bounds Read vulnerability in multiple products The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory. local low complexity qemu canonical opensuse CWE-125	2.1
2018-11-14	CVE-2018-17466	Out-of-bounds Read vulnerability in multiple products Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. network low complexity google redhat debian canonical CWE-125	8.8
2018-11-13	CVE-2018-16850	SQL Injection vulnerability in multiple products postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... network low complexity postgresql redhat canonical CWE-89 critical	9.8
2018-11-12	CVE-2018-19210	NULL Pointer Dereference vulnerability in multiple products In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset. network low complexity libtiff debian canonical CWE-476	6.5
2018-11-10	CVE-2018-19149	NULL Pointer Dereference vulnerability in multiple products Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment. network freedesktop canonical CWE-476	4.3
2018-11-08	CVE-2018-19108	Infinite Loop vulnerability in multiple products In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file. network low complexity exiv2 debian redhat canonical CWE-835	6.5
2018-11-08	CVE-2018-19107	Integer Overflow or Wraparound vulnerability in multiple products In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file. network low complexity exiv2 debian redhat canonical CWE-190	6.5