Vulnerabilities > Canonical > Ubuntu Linux

DATE CVE VULNERABILITY TITLE RISK
2019-02-06 CVE-2018-20761 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
GPAC version 0.7.1 and earlier has a Buffer Overflow vulnerability in the gf_sm_load_init function in scene_manager.c in libgpac_static.a.
local
low complexity
gpac-project debian canonical CWE-119
7.8
2019-02-06 CVE-2018-20760 Out-of-bounds Write vulnerability in multiple products
In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because a certain -1 return value is mishandled.
local
low complexity
gpac debian canonical CWE-787
7.8
2019-02-06 CVE-2019-3825 Improper Authentication vulnerability in multiple products
A vulnerability was discovered in gdm before 3.31.4.
high complexity
gnome canonical redhat CWE-287
6.4
2019-02-06 CVE-2019-3823 libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP.
network
low complexity
haxx canonical debian netapp oracle
7.5
2019-02-06 CVE-2019-3822 Out-of-bounds Write vulnerability in multiple products
libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow.
network
low complexity
haxx canonical debian netapp siemens oracle redhat CWE-787
critical
9.8
2019-02-06 CVE-2019-3820 Improper Authentication vulnerability in multiple products
It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions.
low complexity
gnome opensuse canonical CWE-287
4.3
2019-02-06 CVE-2018-16890 Integer Overflow or Wraparound vulnerability in multiple products
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read.
7.5
2019-02-06 CVE-2019-3464 Improper Initialization vulnerability in multiple products
Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
network
low complexity
pizzashack debian fedoraproject canonical CWE-665
critical
9.8
2019-02-06 CVE-2019-3463 Argument Injection or Modification vulnerability in multiple products
Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
network
low complexity
pizzashack debian fedoraproject canonical CWE-88
critical
9.8
2019-02-05 CVE-2018-18506 When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server.
network
high complexity
mozilla canonical debian redhat opensuse
5.9