Vulnerabilities > Canonical > Ubuntu Linux > 18.04

DATE CVE VULNERABILITY TITLE RISK
2019-04-10 CVE-2019-11068 libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code.
network
low complexity
xmlsoft canonical debian fedoraproject oracle netapp opensuse
critical
9.8
2019-04-09 CVE-2019-3887 Incorrect Authorization vulnerability in multiple products
A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled.
local
high complexity
linux fedoraproject canonical redhat CWE-863
5.6
2019-04-09 CVE-2019-10903 Out-of-bounds Read vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash.
7.5
2019-04-09 CVE-2019-10901 NULL Pointer Dereference vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash.
7.5
2019-04-09 CVE-2019-10899 Out-of-bounds Read vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash.
7.5
2019-04-09 CVE-2019-10896 Out-of-bounds Write vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash.
7.5
2019-04-09 CVE-2019-10895 Out-of-bounds Read vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash.
7.5
2019-04-09 CVE-2019-10894 Reachable Assertion vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash.
7.5
2019-04-09 CVE-2019-0816 Use of Incorrectly-Resolved Name or Reference vulnerability in Canonical Ubuntu Linux 18.04
A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init, aka 'Azure SSH Keypairs Security Feature Bypass Vulnerability'.
1.9
2019-04-08 CVE-2019-0211 Use After Free vulnerability in multiple products
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard.
7.8