Vulnerabilities > Canonical > Ubuntu Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-11-16 CVE-2018-16396 An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. 6.8
2018-11-15 CVE-2018-5407 Information Exposure Through Discrepancy vulnerability in multiple products
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
4.7
2018-11-12 CVE-2018-19210 NULL Pointer Dereference vulnerability in multiple products
In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset.
network
low complexity
libtiff debian canonical CWE-476
6.5
2018-11-10 CVE-2018-19149 NULL Pointer Dereference vulnerability in multiple products
Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.
4.3
2018-11-08 CVE-2018-19108 Infinite Loop vulnerability in multiple products
In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file.
network
low complexity
exiv2 debian redhat canonical CWE-835
6.5
2018-11-08 CVE-2018-19107 Integer Overflow or Wraparound vulnerability in multiple products
In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file.
network
low complexity
exiv2 debian redhat canonical CWE-190
6.5
2018-11-07 CVE-2018-19060 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in Poppler 0.71.0.
4.3
2018-11-07 CVE-2018-19059 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in Poppler 0.71.0.
4.3
2018-11-07 CVE-2018-19058 Always-Incorrect Control Flow Implementation vulnerability in multiple products
An issue was discovered in Poppler 0.71.0.
network
low complexity
freedesktop canonical debian redhat CWE-670
6.5
2018-11-07 CVE-2018-16845 Resource Exhaustion vulnerability in multiple products
nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file.
5.8