Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-01-01	CVE-2018-20650	Improper Input Validation vulnerability in multiple products A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. network low complexity freedesktop canonical debian redhat CWE-20	6.5
2018-11-26	CVE-2018-16862	Information Exposure vulnerability in multiple products A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). local low complexity linux redhat canonical debian CWE-200	5.5
2018-11-12	CVE-2018-19208	NULL Pointer Dereference vulnerability in multiple products In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. network low complexity libwpd-project redhat suse CWE-476	6.5
2018-11-02	CVE-2018-18897	Missing Release of Resource after Effective Lifetime vulnerability in multiple products An issue was discovered in Poppler 0.71.0. network low complexity freedesktop debian canonical redhat CWE-772	6.5
2018-10-23	CVE-2018-18584	Out-of-bounds Write vulnerability in multiple products In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write. network low complexity libmspack-project cabextract-project debian redhat canonical suse starwindsoftware CWE-787	6.5
2018-10-19	CVE-2018-18438	Integer Overflow or Wraparound vulnerability in multiple products Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value. local low complexity qemu redhat CWE-190	5.5
2018-10-18	CVE-2018-12374	Information Exposure vulnerability in multiple products Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. network low complexity mozilla redhat debian canonical CWE-200	4.3
2018-10-18	CVE-2018-12373	Information Exposure vulnerability in multiple products dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. network low complexity mozilla redhat debian canonical CWE-200	6.5
2018-10-18	CVE-2018-12372	Information Exposure vulnerability in multiple products Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. network low complexity mozilla redhat debian canonical CWE-200	6.5
2018-09-25	CVE-2018-11763	In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. network high complexity apache canonical redhat oracle netapp	5.9