14.04

DATE	CVE	VULNERABILITY TITLE	RISK
2018-09-25	CVE-2018-14633	Stack-based Buffer Overflow vulnerability in multiple products A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. network high complexity linux debian canonical redhat CWE-121	7.0
2018-09-23	CVE-2018-17407	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. network tug canonical debian CWE-119	6.8
2018-09-21	CVE-2018-17294	Out-of-bounds Read vulnerability in multiple products The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries. network liblouis canonical opensuse CWE-125	4.3
2018-09-19	CVE-2018-17183	Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code. local low complexity debian canonical artifex redhat	7.8
2018-09-19	CVE-2018-17182	Use After Free vulnerability in multiple products An issue was discovered in the Linux kernel through 4.18.8. local low complexity linux canonical debian netapp CWE-416	7.8
2018-09-18	CVE-2018-1000802	Command Injection vulnerability in multiple products Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. network low complexity python debian canonical opensuse CWE-77 critical	9.8
2018-09-17	CVE-2018-11781	Code Injection vulnerability in multiple products Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax. local low complexity apache redhat debian canonical CWE-94	7.8
2018-09-17	CVE-2018-11780	Code Injection vulnerability in multiple products A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2. network low complexity apache pdfinfo-project debian canonical CWE-94 critical	9.8
2018-09-17	CVE-2017-15705	Improper Input Validation vulnerability in multiple products A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. network low complexity apache redhat debian canonical CWE-20	5.3
2018-09-16	CVE-2018-17101	Out-of-bounds Write vulnerability in multiple products An issue was discovered in LibTIFF 4.0.9. network debian libtiff canonical CWE-787	6.8