Vulnerabilities > Canonical > Ubuntu Linux > 18.10
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-17 | CVE-2018-21247 | Missing Initialization of Resource vulnerability in multiple products An issue was discovered in LibVNCServer before 0.9.13. | 7.5 |
| 2020-04-23 | CVE-2019-20788 | Integer Overflow or Wraparound vulnerability in multiple products libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. | 9.8 |
| 2020-04-17 | CVE-2019-7306 | Files or Directories Accessible to External Parties vulnerability in multiple products Byobu Apport hook may disclose sensitive information since it automatically uploads the local user's .screenrc which may contain private hostnames, usernames and passwords. | 7.5 |
| 2019-10-29 | CVE-2019-15681 | Improper Initialization vulnerability in multiple products LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. | 7.5 |
| 2019-08-29 | CVE-2019-11476 | Integer Overflow or Wraparound vulnerability in Canonical Ubuntu Linux An integer overflow in whoopsie before versions 0.2.52.5ubuntu0.1, 0.2.62ubuntu0.1, 0.2.64ubuntu0.1, 0.2.66, results in an out-of-bounds write to a heap allocated buffer when processing large crash dumps. | 7.8 |
| 2019-07-10 | CVE-2019-13132 | Out-of-bounds Write vulnerability in multiple products In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due to a buffer overflow in the library. | 9.8 |
| 2019-07-04 | CVE-2019-13241 | Path Traversal vulnerability in multiple products FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction. | 7.8 |
| 2019-07-01 | CVE-2019-12781 | Cleartext Transmission of Sensitive Information vulnerability in multiple products An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. | 5.3 |
| 2019-06-30 | CVE-2019-13114 | NULL Pointer Dereference vulnerability in multiple products http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character. | 6.5 |
| 2019-06-30 | CVE-2019-13113 | Reachable Assertion vulnerability in multiple products Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image file. | 6.5 |