High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-01-02	CVE-2019-3500	Information Exposure Through Log Files vulnerability in multiple products aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file. local low complexity aria2-project debian fedoraproject canonical CWE-532	7.8
2018-12-28	CVE-2018-20549	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca 0.99.beta19. network low complexity libcaca-project canonical debian fedoraproject opensuse CWE-119	8.8
2018-12-28	CVE-2018-20547	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for 24bpp data. network low complexity libcaca-project canonical debian fedoraproject opensuse CWE-119	8.1
2018-12-28	CVE-2018-20546	Integer Overflow or Wraparound vulnerability in multiple products There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case. network low complexity libcaca-project canonical fedoraproject debian opensuse CWE-190	8.1
2018-12-26	CVE-2018-19873	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in Qt before 5.11.3. network low complexity qt debian opensuse CWE-119	7.5
2018-12-23	CVE-2018-20406	Integer Overflow or Wraparound vulnerability in multiple products Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. network low complexity python debian fedoraproject CWE-190	7.5
2018-12-21	CVE-2018-20346	Integer Overflow or Wraparound vulnerability in multiple products SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan. network high complexity sqlite google redhat debian opensuse CWE-190	8.1
2018-12-20	CVE-2018-19134	Incorrect Type Conversion or Cast vulnerability in multiple products In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. local low complexity artifex debian redhat CWE-704	7.8
2018-12-20	CVE-2018-1000878	Use After Free vulnerability in multiple products libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. network low complexity libarchive debian canonical redhat opensuse fedoraproject CWE-416	8.8
2018-12-20	CVE-2018-1000877	Double Free vulnerability in multiple products libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. network low complexity libarchive debian canonical redhat fedoraproject CWE-415	8.8