18.04

DATE	CVE	VULNERABILITY TITLE	RISK
2019-09-21	CVE-2019-16680	Path Traversal vulnerability in multiple products An issue was discovered in GNOME file-roller before 3.29.91. network high complexity gnome canonical debian redhat CWE-22	2.6
2019-09-20	CVE-2019-14816	Heap-based Buffer Overflow vulnerability in multiple products There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. local low complexity linux redhat debian fedoraproject netapp canonical opensuse CWE-122	7.8
2019-09-20	CVE-2019-14814	Heap-based Buffer Overflow vulnerability in multiple products There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. local low complexity linux redhat debian canonical opensuse netapp CWE-122	7.8
2019-09-19	CVE-2019-14821	Out-of-bounds Write vulnerability in multiple products An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. local low complexity linux redhat canonical opensuse fedoraproject debian netapp oracle CWE-787	8.8
2019-09-17	CVE-2019-16394	Information Exposure Through Discrepancy vulnerability in multiple products SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers. network low complexity spip debian canonical CWE-203	5.0
2019-09-17	CVE-2019-16393	Open Redirect vulnerability in multiple products SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character. network low complexity spip debian canonical CWE-601	6.1
2019-09-17	CVE-2019-16392	Cross-site Scripting vulnerability in multiple products SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages. network low complexity spip debian canonical CWE-79	6.1
2019-09-17	CVE-2019-16391	SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. network low complexity spip debian canonical	6.5
2019-09-17	CVE-2019-14835	Classic Buffer Overflow vulnerability in multiple products A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. local low complexity linux canonical debian fedoraproject opensuse netapp redhat huawei CWE-120	7.8
2019-09-17	CVE-2019-16378	Authentication Bypass by Spoofing vulnerability in multiple products OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be relevant to the origin of an e-mail message. network low complexity trusteddomain debian fedoraproject canonical CWE-290 critical	9.8