Vulnerabilities > Canonical > Ubuntu Linux
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-29 | CVE-2019-11596 | NULL Pointer Dereference vulnerability in multiple products In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. | 7.5 |
| 2019-04-26 | CVE-2019-3844 | It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. | 7.8 |
| 2019-04-26 | CVE-2019-3843 | Improper Privilege Management vulnerability in multiple products It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. | 7.8 |
| 2019-04-25 | CVE-2019-3900 | An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). | 7.7 |
| 2019-04-24 | CVE-2019-11506 | Out-of-bounds Write vulnerability in multiple products In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. | 8.8 |
| 2019-04-24 | CVE-2019-11505 | Out-of-bounds Write vulnerability in multiple products In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. | 8.8 |
| 2019-04-24 | CVE-2019-3882 | A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. | 5.5 |
| 2019-04-24 | CVE-2019-9928 | Out-of-bounds Write vulnerability in multiple products GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution. | 8.8 |
| 2019-04-24 | CVE-2019-11498 | Access of Uninitialized Pointer vulnerability in multiple products WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data. | 6.5 |
| 2019-04-23 | CVE-2019-11487 | Use After Free vulnerability in multiple products The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. | 7.8 |