42.3

DATE	CVE	VULNERABILITY TITLE	RISK
2018-12-13	CVE-2018-19489	Race Condition vulnerability in multiple products v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming. local high complexity qemu debian fedoraproject canonical opensuse CWE-362	4.7
2018-12-13	CVE-2018-19364	Use After Free vulnerability in multiple products hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome. local low complexity qemu canonical debian fedoraproject opensuse CWE-416	5.5
2018-12-06	CVE-2018-19665	Integer Overflow or Wraparound vulnerability in multiple products The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption. low complexity qemu opensuse CWE-190	5.7
2018-11-15	CVE-2018-18954	Out-of-bounds Write vulnerability in multiple products The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory. local low complexity qemu canonical opensuse CWE-787	5.5
2018-10-15	CVE-2017-5934	Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network low complexity moinmo debian canonical opensuse CWE-79	6.1
2018-10-09	CVE-2018-12477	CRLF Injection vulnerability in Opensuse Leap 15.0/42.3 A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. network low complexity opensuse CWE-93	7.5
2018-09-21	CVE-2018-16597	Incorrect Authorization vulnerability in multiple products An issue was discovered in the Linux kernel before 4.8. local low complexity linux netapp opensuse CWE-863	5.5
2018-08-01	CVE-2018-10916	Improper Input Validation vulnerability in multiple products It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. network low complexity lftp-project canonical opensuse CWE-20	6.5
2018-07-23	CVE-2018-14523	Out-of-bounds Read vulnerability in multiple products An issue was discovered in aubio 0.4.6. network low complexity aubio opensuse suse CWE-125	8.8
2018-07-23	CVE-2018-14522	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in aubio 0.4.6. network low complexity aubio opensuse suse CWE-119	8.8