18.04

DATE	CVE	VULNERABILITY TITLE	RISK
2019-04-19	CVE-2019-11338	NULL Pointer Dereference vulnerability in multiple products libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data. network low complexity ffmpeg debian novell canonical CWE-476	8.8
2019-04-18	CVE-2019-11324	Improper Certificate Validation vulnerability in multiple products The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. network low complexity python canonical CWE-295	7.5
2019-04-18	CVE-2019-3885	Use After Free vulnerability in multiple products A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs. network low complexity clusterlabs canonical fedoraproject CWE-416	7.5
2019-04-18	CVE-2018-16878	Resource Exhaustion vulnerability in multiple products A flaw was found in pacemaker up to and including version 2.0.1. local low complexity clusterlabs canonical fedoraproject debian opensuse redhat CWE-400	5.5
2019-04-18	CVE-2018-16877	A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. local low complexity clusterlabs canonical fedoraproject debian opensuse redhat	7.8
2019-04-18	CVE-2019-11035	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. network low complexity php canonical netapp CWE-119	6.4
2019-04-18	CVE-2019-11034	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. network low complexity php canonical netapp CWE-119	6.4
2019-04-11	CVE-2019-9628	Improper Handling of Exceptional Conditions vulnerability in multiple products The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. network low complexity xmltooling-project canonical opensuse CWE-755	5.0
2019-04-11	CVE-2019-3460	Improper Input Validation vulnerability in multiple products A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. low complexity linux canonical debian redhat CWE-20	6.5
2019-04-11	CVE-2019-3459	Out-of-bounds Read vulnerability in multiple products A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. low complexity linux canonical redhat debian CWE-125	6.5