42.3

DATE	CVE	VULNERABILITY TITLE	RISK
2019-01-16	CVE-2019-2422	Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). network high complexity oracle canonical netapp redhat debian opensuse hp	3.1
2019-01-15	CVE-2019-3811	A vulnerability was found in sssd. low complexity fedoraproject debian opensuse redhat	5.2
2019-01-14	CVE-2019-6251	WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. network low complexity gnome wpewebkit webkitgtk fedoraproject canonical opensuse	8.1
2018-12-26	CVE-2018-19873	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in Qt before 5.11.3. network low complexity qt opensuse debian canonical CWE-119 critical	9.8
2018-12-26	CVE-2018-15518	Double Free vulnerability in multiple products QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. network low complexity qt debian opensuse CWE-415	8.8
2018-12-21	CVE-2018-20346	Integer Overflow or Wraparound vulnerability in multiple products SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan. network high complexity sqlite google redhat debian opensuse CWE-190	8.1
2018-12-14	CVE-2018-16875	Improper Certificate Validation vulnerability in multiple products The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. network low complexity golang opensuse CWE-295	7.5
2018-12-14	CVE-2018-16874	In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). network high complexity golang opensuse suse debian	8.1
2018-12-14	CVE-2018-16873	In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. network high complexity golang opensuse suse debian	8.1
2018-12-13	CVE-2018-16872	A flaw was found in qemu Media Transfer Protocol (MTP). network high complexity qemu debian fedoraproject canonical opensuse	5.3