Vulnerabilities > Canonical > Ubuntu Linux > 18.04

DATE CVE VULNERABILITY TITLE RISK
2019-05-20 CVE-2019-12221 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4.
6.5
2019-05-20 CVE-2019-12216 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4.
network
low complexity
libsdl fedoraproject debian canonical CWE-787
6.5
2019-05-20 CVE-2019-12213 Uncontrolled Recursion vulnerability in multiple products
When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion.
6.5
2019-05-20 CVE-2019-12211 Out-of-bounds Write vulnerability in multiple products
When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow.
network
low complexity
freeimage-project canonical CWE-787
7.5
2019-05-16 CVE-2019-3839 It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. 7.8
2019-05-15 CVE-2019-11833 Use of Uninitialized Resource vulnerability in multiple products
fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.
5.5
2019-05-10 CVE-2019-11884 The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character. 3.3
2019-05-10 CVE-2019-5018 Use After Free vulnerability in multiple products
An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0.
6.8
2019-05-08 CVE-2019-11815 Race Condition vulnerability in multiple products
An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8.
9.3
2019-05-07 CVE-2019-11810 Use After Free vulnerability in multiple products
An issue was discovered in the Linux kernel before 5.0.7.
network
low complexity
linux canonical debian CWE-416
7.5