Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-11-26	CVE-2018-19539	Reachable Assertion vulnerability in multiple products An issue was discovered in JasPer 2.0.14. network low complexity jasper-project suse debian opensuse CWE-617	6.5
2018-11-15	CVE-2018-18954	Out-of-bounds Write vulnerability in multiple products The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory. local low complexity qemu canonical opensuse CWE-787	5.5
2018-11-07	CVE-2018-16845	nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. local low complexity f5 debian canonical opensuse apple	6.1
2018-10-21	CVE-2018-18544	Missing Release of Resource after Effective Lifetime vulnerability in multiple products There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. network low complexity imagemagick graphicsmagick opensuse CWE-772	6.5
2018-10-19	CVE-2018-18521	Divide By Zero vulnerability in multiple products Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled. local low complexity elfutils-project debian redhat opensuse canonical CWE-369	5.5
2018-10-19	CVE-2018-18520	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. network low complexity elfutils-project debian canonical opensuse redhat CWE-119	6.5
2018-10-15	CVE-2017-5934	Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network low complexity moinmo debian canonical opensuse CWE-79	6.1
2018-10-15	CVE-2018-18310	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. local low complexity elfutils-project debian redhat opensuse canonical CWE-119	5.5
2018-10-09	CVE-2018-12478	Improper Input Validation vulnerability in Opensuse Open Build Service A Improper Input Validation vulnerability in Open Build Service allows remote attackers to extract files from the system where the service runs. network low complexity opensuse CWE-20	6.5
2018-09-21	CVE-2018-16597	Incorrect Authorization vulnerability in multiple products An issue was discovered in the Linux kernel before 4.8. local low complexity linux netapp opensuse CWE-863	5.5