Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-12-20	CVE-2018-1000852	Out-of-bounds Read vulnerability in multiple products FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result in The RDP server can read the client's memory.. network low complexity freerdp canonical fedoraproject CWE-125	6.5
2018-12-19	CVE-2018-16883	Information Exposure vulnerability in Fedoraproject Sssd sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. local low complexity fedoraproject CWE-200	5.5
2018-12-18	CVE-2018-19790	Open Redirect vulnerability in multiple products An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. network low complexity sensiolabs fedoraproject debian CWE-601	6.1
2018-12-17	CVE-2018-20123	Missing Release of Resource after Effective Lifetime vulnerability in multiple products pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak after an initialisation error. local low complexity qemu canonical fedoraproject CWE-772	5.5
2018-12-13	CVE-2018-16872	A flaw was found in qemu Media Transfer Protocol (MTP). network high complexity qemu debian fedoraproject canonical opensuse	5.3
2018-12-13	CVE-2018-19489	Race Condition vulnerability in multiple products v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming. local high complexity qemu debian fedoraproject canonical opensuse CWE-362	4.7
2018-12-13	CVE-2018-19364	Use After Free vulnerability in multiple products hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome. local low complexity qemu canonical debian fedoraproject opensuse CWE-416	5.5
2018-12-12	CVE-2018-20097	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. network low complexity exiv2 debian fedoraproject redhat CWE-119	6.5
2018-12-10	CVE-2018-20005	Use After Free vulnerability in multiple products An issue has been found in Mini-XML (aka mxml) 2.12. local low complexity msweet fedoraproject CWE-416	5.5
2018-12-04	CVE-2018-19841	Out-of-bounds Read vulnerability in multiple products The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack. local low complexity wavpack canonical fedoraproject opensuse debian CWE-125	5.5