Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-12-12	CVE-2018-20097	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. network low complexity exiv2 debian fedoraproject redhat CWE-119	6.5
2018-12-10	CVE-2018-20005	Use After Free vulnerability in multiple products An issue has been found in Mini-XML (aka mxml) 2.12. local low complexity msweet fedoraproject CWE-416	5.5
2018-12-04	CVE-2018-19841	Out-of-bounds Read vulnerability in multiple products The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack. local low complexity wavpack canonical fedoraproject opensuse debian CWE-125	5.5
2018-12-04	CVE-2018-19840	Infinite Loop vulnerability in multiple products The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero. local low complexity wavpack canonical fedoraproject opensuse CWE-835	5.5
2018-11-29	CVE-2018-19497	Out-of-bounds Read vulnerability in multiple products In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service (SEGV on unknown address with READ memory access in a tsk_getu16 call in hfs_dir_open_meta_cb in tsk/fs/hfs_dent.c). network low complexity sleuthkit debian fedoraproject CWE-125	6.5
2018-10-17	CVE-2018-18409	Out-of-bounds Read vulnerability in multiple products A stack-based buffer over-read exists in setbit() at iptree.h of TCPFLOW 1.5.0, due to received incorrect values causing incorrect computation, leading to denial of service during an address_histogram call or a get_histogram call. local low complexity digitalcorpora fedoraproject canonical CWE-125	5.5
2018-10-17	CVE-2018-18407	Out-of-bounds Read vulnerability in multiple products A heap-based buffer over-read was discovered in the tcpreplay-edit binary of Tcpreplay 4.3.0 beta1, during the incremental checksum operation. local low complexity broadcom fedoraproject CWE-125	5.5
2018-10-05	CVE-2018-11797	In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree. local low complexity apache fedoraproject oracle	5.5
2018-08-22	CVE-2018-10846	A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. local high complexity gnu redhat canonical fedoraproject debian	5.6
2018-08-22	CVE-2018-10845	It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. network high complexity gnu redhat canonical fedoraproject debian	5.9