Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-12-17	CVE-2018-20185	Out-of-bounds Read vulnerability in multiple products In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. network high complexity graphicsmagick debian canonical CWE-125	5.3
2018-12-17	CVE-2018-20184	Out-of-bounds Write vulnerability in multiple products In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specification. network low complexity graphicsmagick debian CWE-787	6.5
2018-12-17	CVE-2018-18245	Cross-site Scripting vulnerability in multiple products Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE. network low complexity nagios debian CWE-79	5.4
2018-12-17	CVE-2018-20169	Resource Exhaustion vulnerability in multiple products An issue was discovered in the Linux kernel before 4.19.9. low complexity linux canonical debian CWE-400	6.8
2018-12-14	CVE-2018-20153	Cross-site Scripting vulnerability in multiple products In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS. network low complexity wordpress debian CWE-79	5.4
2018-12-14	CVE-2018-20152	Improper Input Validation vulnerability in multiple products In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass intended restrictions on post types via crafted input. network low complexity wordpress debian CWE-20	6.5
2018-12-14	CVE-2018-20150	Cross-site Scripting vulnerability in multiple products In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins. network low complexity wordpress debian CWE-79	6.1
2018-12-14	CVE-2018-20149	Cross-site Scripting vulnerability in multiple products In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data. network low complexity wordpress debian CWE-79	5.4
2018-12-14	CVE-2018-20147	Incorrect Authorization vulnerability in multiple products In WordPress before 4.9.9 and 5.x before 5.0.1, authors could modify metadata to bypass intended restrictions on deleting files. network low complexity wordpress debian CWE-863	6.5
2018-12-13	CVE-2018-16872	A flaw was found in qemu Media Transfer Protocol (MTP). network high complexity qemu debian fedoraproject canonical opensuse	5.3