Vulnerabilities > Canonical > Ubuntu Linux > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-08-22 | CVE-2018-10844 | Covert Timing Channel vulnerability in multiple products It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. | 5.9 |
2018-08-21 | CVE-2018-0501 | Improper Verification of Cryptographic Signature vulnerability in multiple products The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail. | 5.9 |
2018-08-17 | CVE-2018-15473 | Race Condition vulnerability in multiple products OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. | 5.3 |
2018-08-17 | CVE-2018-10873 | Improper Input Validation vulnerability in multiple products A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. | 6.5 |
2018-08-16 | CVE-2018-14567 | Infinite Loop vulnerability in multiple products libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251. | 4.3 |
2018-08-10 | CVE-2018-6553 | The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. | 4.6 |
2018-08-09 | CVE-2018-10915 | SQL Injection vulnerability in multiple products A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. | 6.0 |
2018-08-05 | CVE-2018-14938 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. | 6.4 |
2018-08-03 | CVE-2018-14574 | Open Redirect vulnerability in multiple products django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect. | 5.8 |
2018-08-03 | CVE-2018-14883 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. | 5.0 |