Ubuntu Linux

DATE	CVE	VULNERABILITY TITLE	RISK
2019-02-06	CVE-2018-20761	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products GPAC version 0.7.1 and earlier has a Buffer Overflow vulnerability in the gf_sm_load_init function in scene_manager.c in libgpac_static.a. local low complexity gpac-project debian canonical CWE-119	7.8
2019-02-06	CVE-2018-20760	Out-of-bounds Write vulnerability in multiple products In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because a certain -1 return value is mishandled. local low complexity gpac debian canonical CWE-787	7.8
2019-02-06	CVE-2019-3825	Improper Authentication vulnerability in multiple products A vulnerability was discovered in gdm before 3.31.4. high complexity gnome canonical redhat CWE-287	6.4
2019-02-06	CVE-2019-3823	libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. network low complexity haxx canonical debian netapp oracle	7.5
2019-02-06	CVE-2019-3822	Out-of-bounds Write vulnerability in multiple products libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. network low complexity haxx canonical debian netapp siemens oracle redhat CWE-787 critical	9.8
2019-02-06	CVE-2019-3820	Improper Authentication vulnerability in multiple products It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. low complexity gnome opensuse canonical CWE-287	4.3
2019-02-06	CVE-2018-16890	Integer Overflow or Wraparound vulnerability in multiple products libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. network low complexity haxx canonical debian netapp siemens oracle redhat f5 CWE-190	7.5
2019-02-06	CVE-2019-3464	Improper Initialization vulnerability in multiple products Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands. network low complexity pizzashack debian fedoraproject canonical CWE-665 critical	9.8
2019-02-06	CVE-2019-3463	Argument Injection or Modification vulnerability in multiple products Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands. network low complexity pizzashack debian fedoraproject canonical CWE-88 critical	9.8
2019-02-05	CVE-2018-18506	When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. network high complexity mozilla canonical debian redhat opensuse	5.9