Ubuntu Linux

DATE	CVE	VULNERABILITY TITLE	RISK
2019-02-06	CVE-2018-20760	Out-of-bounds Write vulnerability in multiple products In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because a certain -1 return value is mishandled. local low complexity gpac debian canonical CWE-787	7.8
2019-02-06	CVE-2019-3825	Improper Authentication vulnerability in multiple products A vulnerability was discovered in gdm before 3.31.4. high complexity gnome canonical redhat CWE-287	6.4
2019-02-06	CVE-2019-3823	libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. network low complexity haxx canonical debian netapp oracle	7.5
2019-02-06	CVE-2019-3822	Out-of-bounds Write vulnerability in multiple products libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. network low complexity haxx canonical debian netapp siemens oracle redhat CWE-787 critical	9.8
2019-02-06	CVE-2019-3820	Improper Authentication vulnerability in multiple products It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. low complexity gnome opensuse canonical CWE-287	4.3
2019-02-06	CVE-2018-16890	Integer Overflow or Wraparound vulnerability in multiple products libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. network low complexity haxx canonical debian netapp siemens oracle redhat f5 CWE-190	7.5
2019-02-06	CVE-2019-3464	Improper Initialization vulnerability in multiple products Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands. network low complexity pizzashack debian fedoraproject canonical CWE-665 critical	9.8
2019-02-06	CVE-2019-3463	Argument Injection or Modification vulnerability in multiple products Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands. network low complexity pizzashack debian fedoraproject canonical CWE-88 critical	9.8
2019-02-05	CVE-2018-18506	When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. network high complexity mozilla canonical debian redhat opensuse	5.9
2019-02-05	CVE-2018-18505	Improper Authentication vulnerability in multiple products An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. network low complexity mozilla canonical debian redhat CWE-287 critical	10.0