Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-01-03	CVE-2018-16876	Information Exposure vulnerability in multiple products ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data. network high complexity redhat debian suse canonical CWE-200	5.3
2019-01-03	CVE-2018-20662	Improper Input Validation vulnerability in multiple products In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing. network low complexity freedesktop debian fedoraproject canonical redhat CWE-20	6.5
2019-01-02	CVE-2018-19478	Improper Input Validation vulnerability in multiple products In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an extremely long running computation when parsing the file. local low complexity artifex debian CWE-20	5.5
2019-01-01	CVE-2018-20650	Improper Input Validation vulnerability in multiple products A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. network low complexity freedesktop canonical debian redhat CWE-20	6.5
2018-12-31	CVE-2018-20622	Missing Release of Resource after Effective Lifetime vulnerability in multiple products JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when "--output-format jp2" is used. network low complexity jasper-project debian CWE-772	6.5
2018-12-30	CVE-2018-20584	JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format. network low complexity jasper-project debian oracle	6.5
2018-12-28	CVE-2018-20570	Out-of-bounds Read vulnerability in multiple products jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read. network low complexity jasper-project debian CWE-125	6.5
2018-12-28	CVE-2018-20544	Divide By Zero vulnerability in multiple products There is floating point exception at caca/dither.c (function caca_dither_bitmap) in libcaca 0.99.beta19. network low complexity libcaca-project debian canonical CWE-369	6.5
2018-12-27	CVE-2018-20511	Information Exposure vulnerability in multiple products An issue was discovered in the Linux kernel before 4.18.11. local low complexity linux debian CWE-200	5.5
2018-12-26	CVE-2018-20217	Reachable Assertion vulnerability in multiple products A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. network high complexity mit debian CWE-617	5.3