High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-12-28	CVE-2018-20546	Integer Overflow or Wraparound vulnerability in multiple products There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case. network low complexity libcaca-project canonical fedoraproject debian opensuse CWE-190	8.1
2018-12-28	CVE-2018-20545	Integer Overflow or Wraparound vulnerability in multiple products There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 4bpp data. network low complexity libcaca-project canonical fedoraproject opensuse CWE-190	8.8
2018-12-23	CVE-2018-20406	Integer Overflow or Wraparound vulnerability in multiple products Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. network low complexity python debian fedoraproject CWE-190	7.5
2018-12-20	CVE-2018-20191	NULL Pointer Dereference vulnerability in multiple products hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference). network low complexity qemu canonical fedoraproject CWE-476	7.5
2018-12-20	CVE-2018-1000878	Use After Free vulnerability in multiple products libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. network low complexity libarchive debian canonical redhat opensuse fedoraproject CWE-416	8.8
2018-12-20	CVE-2018-1000877	Double Free vulnerability in multiple products libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. network low complexity libarchive debian canonical redhat fedoraproject CWE-415	8.8
2018-12-12	CVE-2018-16867	Race Condition vulnerability in multiple products A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. local high complexity qemu fedoraproject canonical CWE-362	7.8
2018-12-10	CVE-2018-20004	Out-of-bounds Write vulnerability in multiple products An issue has been found in Mini-XML (aka mxml) 2.12. network low complexity mini-xml-project debian fedoraproject CWE-787	8.8
2018-12-04	CVE-2018-19591	Improper Input Validation vulnerability in multiple products In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. network low complexity gnu fedoraproject CWE-20	7.5
2018-11-16	CVE-2018-19296	PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack. network low complexity phpmailer-project debian fedoraproject wordpress	8.8