Ubuntu Linux

DATE	CVE	VULNERABILITY TITLE	RISK
2018-11-23	CVE-2018-19475	psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. local low complexity artifex debian canonical redhat	7.8
2018-11-21	CVE-2018-19409	An issue was discovered in Artifex Ghostscript before 9.26. network low complexity artifex debian canonical redhat critical	9.8
2018-11-21	CVE-2018-19407	NULL Pointer Dereference vulnerability in multiple products The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized. local low complexity linux canonical CWE-476	5.5
2018-11-16	CVE-2018-18955	Incorrect Authorization vulnerability in multiple products In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. local high complexity linux canonical CWE-863	7.0
2018-11-16	CVE-2018-16396	An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. network high complexity ruby-lang canonical debian redhat	8.1
2018-11-16	CVE-2018-16395	An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. network low complexity ruby-lang canonical debian redhat critical	9.8
2018-11-15	CVE-2018-5407	Information Exposure Through Discrepancy vulnerability in multiple products Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. local high complexity canonical debian nodejs openssl tenable oracle redhat CWE-203	4.7
2018-11-15	CVE-2018-18954	Out-of-bounds Write vulnerability in multiple products The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory. local low complexity qemu canonical opensuse CWE-787	5.5
2018-11-14	CVE-2018-17466	Out-of-bounds Read vulnerability in multiple products Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. network low complexity google redhat debian canonical CWE-125	8.8
2018-11-13	CVE-2018-16850	SQL Injection vulnerability in multiple products postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... network low complexity postgresql redhat canonical CWE-89 critical	9.8