19.04

DATE	CVE	VULNERABILITY TITLE	RISK
2019-02-05	CVE-2019-7397	Memory Leak vulnerability in multiple products In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. network low complexity imagemagick graphicsmagick opensuse debian canonical CWE-401	5.0
2019-02-05	CVE-2019-7396	Memory Leak vulnerability in multiple products In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c. network low complexity imagemagick opensuse debian canonical CWE-401	5.0
2019-02-05	CVE-2019-7395	Memory Leak vulnerability in multiple products In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c. network low complexity imagemagick opensuse debian canonical CWE-401	5.0
2019-02-04	CVE-2019-7317	Use After Free vulnerability in multiple products png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. network high complexity libpng debian canonical oracle hpe hp mozilla opensuse netapp redhat CWE-416	2.6
2019-01-15	CVE-2018-14662	Improper Authorization vulnerability in multiple products It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. low complexity redhat debian opensuse canonical CWE-285	2.7
2019-01-15	CVE-2018-16846	Allocation of Resources Without Limits or Throttling vulnerability in multiple products It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices. network low complexity redhat debian opensuse canonical CWE-770	4.0
2019-01-03	CVE-2018-16876	Information Exposure vulnerability in multiple products ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data. network redhat debian suse canonical CWE-200	3.5
2019-01-03	CVE-2018-20662	Improper Input Validation vulnerability in multiple products In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing. network low complexity freedesktop debian fedoraproject canonical redhat CWE-20	6.5
2019-01-02	CVE-2019-3500	Information Exposure Through Log Files vulnerability in multiple products aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file. local low complexity aria2-project debian fedoraproject canonical CWE-532	7.8
2018-12-26	CVE-2018-20467	Infinite Loop vulnerability in multiple products In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. network imagemagick opensuse debian canonical CWE-835	4.3