14.04

DATE	CVE	VULNERABILITY TITLE	RISK
2018-12-07	CVE-2018-18313	Out-of-bounds Read vulnerability in multiple products Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory. network low complexity perl canonical debian redhat netapp apple CWE-125 critical	9.1
2018-12-07	CVE-2018-18311	Integer Overflow or Wraparound vulnerability in multiple products Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. network low complexity perl canonical debian netapp redhat apple fedoraproject mcafee CWE-190 critical	9.8
2018-12-06	CVE-2018-9568	Incorrect Type Conversion or Cast vulnerability in multiple products In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. local low complexity google canonical redhat linux CWE-704	7.8
2018-12-05	CVE-2018-18312	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. network low complexity perl canonical debian redhat netapp CWE-119 critical	9.8
2018-12-04	CVE-2018-19854	Information Exposure vulnerability in Linux Kernel An issue was discovered in the Linux kernel before 4.19.3. local linux canonical CWE-200	1.9
2018-12-04	CVE-2018-19841	Out-of-bounds Read vulnerability in multiple products The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack. local low complexity wavpack canonical fedoraproject opensuse debian CWE-125	5.5
2018-12-04	CVE-2018-19840	Infinite Loop vulnerability in multiple products The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero. local low complexity wavpack canonical fedoraproject opensuse CWE-835	5.5
2018-12-03	CVE-2018-19824	Use After Free vulnerability in Linux Kernel In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c. local low complexity linux canonical debian CWE-416	4.6
2018-12-03	CVE-2018-19788	Improper Input Validation vulnerability in multiple products A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command. network low complexity polkit-project debian canonical CWE-20 critical	9.0
2018-12-02	CVE-2018-19787	Cross-site Scripting vulnerability in multiple products An issue was discovered in lxml before 4.2.5. network lxml debian canonical CWE-79	4.3