Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-12-04	CVE-2018-6098	Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. network low complexity redhat debian google	6.5
2018-12-04	CVE-2018-6095	Information Exposure vulnerability in multiple products Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to read local files via a crafted HTML page. network low complexity redhat debian google CWE-200	6.5
2018-12-04	CVE-2018-6089	Improper Input Validation vulnerability in multiple products A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page. network low complexity google redhat debian CWE-20	6.5
2018-12-04	CVE-2018-19841	Out-of-bounds Read vulnerability in multiple products The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack. local low complexity wavpack canonical fedoraproject opensuse debian CWE-125	5.5
2018-12-03	CVE-2018-19824	Use After Free vulnerability in Linux Kernel In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c. local low complexity linux canonical debian CWE-416	4.6
2018-12-02	CVE-2018-19787	Cross-site Scripting vulnerability in multiple products An issue was discovered in lxml before 4.2.5. network lxml debian canonical CWE-79	4.3
2018-11-30	CVE-2018-19777	Infinite Loop vulnerability in multiple products In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool. local low complexity artifex debian CWE-835	5.5
2018-11-30	CVE-2018-19758	Out-of-bounds Read vulnerability in multiple products There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. network libsndfile-project debian CWE-125	4.3
2018-11-29	CVE-2018-19497	Out-of-bounds Read vulnerability in multiple products In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service (SEGV on unknown address with READ memory access in a tsk_getu16 call in hfs_dir_open_meta_cb in tsk/fs/hfs_dent.c). network low complexity sleuthkit debian fedoraproject CWE-125	6.5
2018-11-29	CVE-2018-8789	Out-of-bounds Read vulnerability in multiple products FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault). network low complexity freerdp canonical debian CWE-125	5.0