Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-12-30	CVE-2018-20593	Out-of-bounds Write vulnerability in multiple products In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c. local low complexity msweet fedoraproject CWE-787	5.5
2018-12-30	CVE-2018-20592	Use After Free vulnerability in multiple products In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. local low complexity msweet fedoraproject CWE-416	5.5
2018-12-20	CVE-2018-1000880	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. network low complexity libarchive canonical opensuse fedoraproject CWE-119	6.5
2018-12-20	CVE-2018-1000879	NULL Pointer Dereference vulnerability in multiple products libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. network low complexity libarchive opensuse fedoraproject CWE-476	6.5
2018-12-20	CVE-2018-1000852	Out-of-bounds Read vulnerability in multiple products FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result in The RDP server can read the client's memory.. network low complexity freerdp canonical fedoraproject CWE-125	6.5
2018-12-18	CVE-2018-19790	Open Redirect vulnerability in multiple products An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. network low complexity sensiolabs fedoraproject debian CWE-601	6.1
2018-12-17	CVE-2018-20123	Missing Release of Resource after Effective Lifetime vulnerability in multiple products pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak after an initialisation error. local low complexity qemu canonical fedoraproject CWE-772	5.5
2018-12-13	CVE-2018-16872	A flaw was found in qemu Media Transfer Protocol (MTP). network high complexity qemu debian fedoraproject canonical opensuse	5.3
2018-12-13	CVE-2018-19489	Race Condition vulnerability in multiple products v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming. local high complexity qemu debian fedoraproject canonical opensuse CWE-362	4.7
2018-12-13	CVE-2018-19364	Use After Free vulnerability in multiple products hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome. local low complexity qemu canonical debian fedoraproject opensuse CWE-416	5.5