18.04

DATE	CVE	VULNERABILITY TITLE	RISK
2018-09-23	CVE-2018-17407	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. network tug canonical debian CWE-119	6.8
2018-09-22	CVE-2018-17336	Use of Externally-Controlled Format String vulnerability in multiple products UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n substrings. local low complexity freedesktop canonical CWE-134	4.6
2018-09-21	CVE-2018-14645	Out-of-bounds Read vulnerability in multiple products A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. network low complexity haproxy canonical redhat CWE-125	7.5
2018-09-21	CVE-2018-17294	Out-of-bounds Read vulnerability in multiple products The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries. network liblouis canonical opensuse CWE-125	4.3
2018-09-19	CVE-2018-17206	Out-of-bounds Read vulnerability in multiple products An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. network low complexity openvswitch redhat canonical debian CWE-125	4.0
2018-09-19	CVE-2018-17205	Reachable Assertion vulnerability in multiple products An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. network low complexity openvswitch redhat canonical CWE-617	5.0
2018-09-19	CVE-2018-17204	Reachable Assertion vulnerability in multiple products An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. network low complexity openvswitch redhat canonical debian CWE-617	4.0
2018-09-19	CVE-2018-17183	Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code. local low complexity debian canonical artifex redhat	7.8
2018-09-19	CVE-2018-17182	Use After Free vulnerability in multiple products An issue was discovered in the Linux kernel through 4.18.8. local low complexity linux canonical debian netapp CWE-416	7.8
2018-09-18	CVE-2018-1000802	Command Injection vulnerability in multiple products Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. network low complexity python debian canonical opensuse CWE-77 critical	9.8