Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-11-11	CVE-2018-19141	Cross-site Scripting vulnerability in multiple products Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to conduct an XSS attack via a modified URL because user and customer preferences are mishandled. network low complexity otrs debian CWE-79	4.8
2018-11-09	CVE-2018-19139	Missing Release of Resource after Effective Lifetime vulnerability in multiple products An issue has been found in JasPer 2.0.14. local low complexity jasper-project redhat debian CWE-772	5.5
2018-11-09	CVE-2018-19132	Missing Release of Resource after Effective Lifetime vulnerability in multiple products Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet. network high complexity squid-cache debian CWE-772	5.9
2018-11-08	CVE-2018-19108	Infinite Loop vulnerability in multiple products In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file. network low complexity exiv2 debian redhat canonical CWE-835	6.5
2018-11-08	CVE-2018-19107	Integer Overflow or Wraparound vulnerability in multiple products In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file. network low complexity exiv2 debian redhat canonical CWE-190	6.5
2018-11-07	CVE-2018-19058	Always-Incorrect Control Flow Implementation vulnerability in multiple products An issue was discovered in Poppler 0.71.0. network low complexity freedesktop canonical debian redhat CWE-670	6.5
2018-11-07	CVE-2018-16845	nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. local low complexity f5 debian canonical opensuse apple	6.1
2018-11-02	CVE-2018-18897	Missing Release of Resource after Effective Lifetime vulnerability in multiple products An issue was discovered in Poppler 0.71.0. network low complexity freedesktop debian canonical redhat CWE-772	6.5
2018-11-01	CVE-2018-14660	A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. network low complexity gluster redhat debian	6.5
2018-11-01	CVE-2016-2120	Integer Overflow or Wraparound vulnerability in multiple products An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. network low complexity powerdns debian CWE-190	6.5