18.04

DATE	CVE	VULNERABILITY TITLE	RISK
2019-12-10	CVE-2019-13750	Improper Input Validation vulnerability in multiple products Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page. network low complexity google debian fedoraproject redhat canonical CWE-20	6.5
2019-12-10	CVE-2019-13734	Out-of-bounds Write vulnerability in multiple products Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject redhat canonical suse opensuse debian oracle CWE-787	8.8
2019-12-08	CVE-2019-19448	Use After Free vulnerability in multiple products In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure. local low complexity linux debian canonical netapp CWE-416	7.8
2019-12-06	CVE-2019-1551	Integer Overflow or Wraparound vulnerability in multiple products There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. network low complexity openssl opensuse oracle canonical fedoraproject debian tenable CWE-190	5.3
2019-12-05	CVE-2019-19602	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is used, allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact because of incorrect fpu_fpregs_owner_ctx caching, as demonstrated by mishandling of signal-based non-cooperative preemption in Go 1.14 prereleases on amd64, aka CID-59c4bd853abc. local linux canonical CWE-119	5.4
2019-12-03	CVE-2019-19534	Missing Initialization of Resource vulnerability in multiple products In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29. local low complexity linux debian canonical CWE-909	2.1
2019-12-03	CVE-2019-19529	Use After Free vulnerability in multiple products In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41. local linux canonical CWE-416	6.9
2019-12-03	CVE-2019-19526	Use After Free vulnerability in multiple products In the Linux kernel before 5.3.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098. low complexity linux canonical opensuse CWE-416	4.6
2019-12-03	CVE-2019-19524	Use After Free vulnerability in multiple products In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9. low complexity linux debian canonical CWE-416	4.6
2019-12-01	CVE-2019-18609	Out-of-bounds Write vulnerability in multiple products An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. network low complexity rabbitmq-c-project fedoraproject canonical debian CWE-787 critical	9.8