18.04

DATE	CVE	VULNERABILITY TITLE	RISK
2019-04-08	CVE-2019-0217	Race Condition vulnerability in multiple products In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. network high complexity apache debian fedoraproject canonical redhat opensuse netapp oracle CWE-362	7.5
2019-04-08	CVE-2019-11008	Out-of-bounds Write vulnerability in multiple products In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. network low complexity graphicsmagick opensuse debian canonical CWE-787	8.8
2019-04-08	CVE-2019-11007	Out-of-bounds Read vulnerability in multiple products In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap. network low complexity graphicsmagick opensuse debian canonical CWE-125	8.1
2019-04-07	CVE-2019-10906	In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. network low complexity palletsprojects fedoraproject canonical redhat opensuse	8.6
2019-04-01	CVE-2018-3979	Resource Exhaustion vulnerability in multiple products A remote denial-of-service vulnerability exists in the way the Nouveau Display Driver (the default Ubuntu Nvidia display driver) handles GPU shader execution. network low complexity canonical nvidia CWE-400	6.5
2019-04-01	CVE-2019-8956	Use After Free vulnerability in multiple products In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory. local low complexity linux canonical CWE-416	7.8
2019-03-30	CVE-2019-10649	Memory Leak vulnerability in multiple products In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file. local low complexity imagemagick debian canonical CWE-401	5.5
2019-03-29	CVE-2019-10269	Out-of-bounds Write vulnerability in multiple products BWA (aka Burrow-Wheeler Aligner) before 2019-01-23 has a stack-based buffer overflow in the bns_restore function in bntseq.c via a long sequence name in a .alt file. network low complexity burrow-wheeler-aligner-project canonical CWE-787 critical	9.8
2019-03-28	CVE-2019-7524	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. local low complexity dovecot debian canonical opensuse CWE-119	7.8
2019-03-27	CVE-2019-3877	Open Redirect vulnerability in multiple products A vulnerability was found in mod_auth_mellon before v0.14.2. network low complexity mod-auth-mellon-project fedoraproject redhat canonical CWE-601	6.1