Ubuntu Linux

DATE	CVE	VULNERABILITY TITLE	RISK
2018-12-07	CVE-2018-18311	Integer Overflow or Wraparound vulnerability in multiple products Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. network low complexity perl canonical debian netapp redhat apple fedoraproject mcafee CWE-190 critical	9.8
2018-12-07	CVE-2018-19931	Out-of-bounds Write vulnerability in multiple products An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. local low complexity gnu netapp canonical CWE-787	7.8
2018-12-06	CVE-2018-9568	Incorrect Type Conversion or Cast vulnerability in multiple products In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. local low complexity google canonical redhat linux CWE-704	7.8
2018-12-05	CVE-2018-18312	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. network low complexity perl canonical debian redhat netapp CWE-119 critical	9.8
2018-12-04	CVE-2018-19854	Information Exposure vulnerability in multiple products An issue was discovered in the Linux kernel before 4.19.3. local high complexity linux canonical CWE-200	4.7
2018-12-04	CVE-2018-19841	Out-of-bounds Read vulnerability in multiple products The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack. local low complexity wavpack canonical fedoraproject opensuse debian CWE-125	5.5
2018-12-04	CVE-2018-19840	Infinite Loop vulnerability in multiple products The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero. local low complexity wavpack canonical fedoraproject opensuse CWE-835	5.5
2018-12-03	CVE-2018-19824	Use After Free vulnerability in multiple products In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c. local low complexity linux canonical debian CWE-416	7.8
2018-12-03	CVE-2018-19788	Improper Input Validation vulnerability in multiple products A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command. network low complexity polkit-project debian canonical CWE-20	8.8
2018-12-02	CVE-2018-19787	Cross-site Scripting vulnerability in multiple products An issue was discovered in lxml before 4.2.5. network low complexity lxml debian canonical CWE-79	6.1