High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-01-02	CVE-2019-3500	Information Exposure Through Log Files vulnerability in multiple products aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file. local low complexity aria2-project debian fedoraproject canonical CWE-532	7.8
2018-12-28	CVE-2018-20549	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca 0.99.beta19. network low complexity libcaca-project canonical debian fedoraproject opensuse CWE-119	8.8
2018-12-28	CVE-2018-20548	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 1bpp data. network low complexity libcaca-project canonical fedoraproject opensuse CWE-119	8.8
2018-12-28	CVE-2018-20547	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for 24bpp data. network low complexity libcaca-project canonical debian fedoraproject opensuse CWE-119	8.1
2018-12-28	CVE-2018-20546	Integer Overflow or Wraparound vulnerability in multiple products There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case. network low complexity libcaca-project canonical fedoraproject debian opensuse CWE-190	8.1
2018-12-28	CVE-2018-20545	Integer Overflow or Wraparound vulnerability in multiple products There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 4bpp data. network low complexity libcaca-project canonical fedoraproject opensuse CWE-190	8.8
2018-12-28	CVE-2018-1000888	Deserialization of Untrusted Data vulnerability in multiple products PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. network low complexity php canonical debian CWE-502	8.8
2018-12-20	CVE-2018-20191	NULL Pointer Dereference vulnerability in multiple products hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference). network low complexity qemu canonical fedoraproject CWE-476	7.5
2018-12-20	CVE-2018-20216	Infinite Loop vulnerability in multiple products QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not checked (and -1 is mishandled). network low complexity qemu canonical CWE-835	7.5
2018-12-20	CVE-2018-20125	NULL Pointer Dereference vulnerability in multiple products hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of service (NULL pointer dereference or excessive memory allocation) in create_cq_ring or create_qp_rings. network low complexity qemu canonical CWE-476	7.5