High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-01-14	CVE-2019-6251	WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. network low complexity gnome wpewebkit webkitgtk fedoraproject canonical opensuse	8.1
2019-01-02	CVE-2019-3500	Information Exposure Through Log Files vulnerability in multiple products aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file. local low complexity aria2-project debian fedoraproject canonical CWE-532	7.8
2018-12-28	CVE-2018-20549	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca 0.99.beta19. network low complexity libcaca-project canonical debian fedoraproject opensuse CWE-119	8.8
2018-12-28	CVE-2018-20548	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 1bpp data. network low complexity libcaca-project canonical fedoraproject opensuse CWE-119	8.8
2018-12-28	CVE-2018-20547	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for 24bpp data. network low complexity libcaca-project canonical debian fedoraproject opensuse CWE-119	8.1
2018-12-28	CVE-2018-20546	Integer Overflow or Wraparound vulnerability in multiple products There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case. network low complexity libcaca-project canonical fedoraproject debian opensuse CWE-190	8.1
2018-12-28	CVE-2018-20545	Integer Overflow or Wraparound vulnerability in multiple products There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 4bpp data. network low complexity libcaca-project canonical fedoraproject opensuse CWE-190	8.8
2018-12-23	CVE-2018-20406	Integer Overflow or Wraparound vulnerability in multiple products Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. network low complexity python debian fedoraproject CWE-190	7.5
2018-12-20	CVE-2018-20191	NULL Pointer Dereference vulnerability in multiple products hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference). network low complexity qemu canonical fedoraproject CWE-476	7.5
2018-12-20	CVE-2018-1000878	Use After Free vulnerability in multiple products libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. network low complexity libarchive debian canonical redhat opensuse fedoraproject CWE-416	8.8