Leap

DATE	CVE	VULNERABILITY TITLE	RISK
2018-12-04	CVE-2018-19840	Infinite Loop vulnerability in multiple products The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero. local low complexity wavpack canonical fedoraproject opensuse CWE-835	5.5
2018-11-26	CVE-2018-19542	NULL Pointer Dereference vulnerability in multiple products An issue was discovered in JasPer 2.0.14. network low complexity jasper-project canonical suse debian opensuse CWE-476	6.5
2018-11-26	CVE-2018-19539	Reachable Assertion vulnerability in multiple products An issue was discovered in JasPer 2.0.14. network low complexity jasper-project suse debian opensuse CWE-617	6.5
2018-11-23	CVE-2018-19492	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in cairo.trm in Gnuplot 5.2.5. local low complexity gnuplot debian opensuse CWE-119	7.8
2018-11-23	CVE-2018-19491	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in post.trm in Gnuplot 5.2.5. local low complexity gnuplot debian opensuse CWE-119	7.8
2018-11-23	CVE-2018-19490	Out-of-bounds Write vulnerability in multiple products An issue was discovered in datafile.c in Gnuplot 5.2.5. local low complexity gnuplot debian opensuse CWE-787	7.8
2018-11-15	CVE-2018-18954	Out-of-bounds Write vulnerability in multiple products The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory. local low complexity qemu canonical opensuse CWE-787	5.5
2018-11-07	CVE-2018-16845	nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. local low complexity f5 debian canonical opensuse apple	6.1
2018-11-07	CVE-2018-16843	nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. network low complexity f5 debian canonical opensuse apple	7.5
2018-11-07	CVE-2018-19052	Path Traversal vulnerability in multiple products An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. network low complexity lighttpd suse opensuse debian CWE-22	7.5