Ubuntu Linux

DATE	CVE	VULNERABILITY TITLE	RISK
2018-10-06	CVE-2018-17456	Argument Injection or Modification vulnerability in multiple products Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character. network low complexity git-scm redhat canonical debian CWE-88 critical	9.8
2018-10-04	CVE-2018-11784	Open Redirect vulnerability in multiple products When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. network low complexity apache debian canonical netapp redhat oracle CWE-601	4.3
2018-10-03	CVE-2018-17972	Race Condition vulnerability in multiple products An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. local low complexity linux canonical redhat debian CWE-362	5.5
2018-10-03	CVE-2018-17540	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate. network low complexity strongswan debian canonical CWE-119	7.5
2018-09-28	CVE-2018-17581	Resource Exhaustion vulnerability in multiple products CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service. network low complexity exiv2 debian canonical redhat CWE-400	6.5
2018-09-26	CVE-2018-16152	Improper Verification of Cryptographic Signature vulnerability in multiple products In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. network low complexity strongswan debian canonical CWE-347	7.5
2018-09-26	CVE-2018-16151	Improper Verification of Cryptographic Signature vulnerability in multiple products In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. network low complexity strongswan debian canonical CWE-347	7.5
2018-09-25	CVE-2018-14634	An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. local low complexity linux redhat canonical netapp	7.8
2018-09-25	CVE-2018-11763	In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. network high complexity apache canonical redhat oracle netapp	5.9
2018-09-25	CVE-2018-14647	Missing Initialization of Resource vulnerability in multiple products Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. network low complexity python canonical debian fedoraproject opensuse redhat CWE-909	7.5