High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-11-29	CVE-2018-8787	Integer Overflow or Wraparound vulnerability in multiple products FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution. network low complexity freerdp canonical debian CWE-190	7.5
2018-11-29	CVE-2018-8785	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress() that results in a memory corruption and probably even a remote code execution. network low complexity freerdp canonical CWE-119	7.5
2018-11-29	CVE-2018-8784	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress_segment() that results in a memory corruption and probably even a remote code execution. network low complexity freerdp canonical CWE-119	7.5
2018-11-25	CVE-2018-19518	Argument Injection or Modification vulnerability in multiple products University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. network high complexity php debian uw-imap-project canonical CWE-88	7.5
2018-11-23	CVE-2018-19486	Untrusted Search Path vulnerability in Git-Scm GIT Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017. network low complexity git-scm linux canonical CWE-426	7.5
2018-11-23	CVE-2018-19477	Incorrect Type Conversion or Cast vulnerability in multiple products psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. local low complexity artifex debian canonical redhat CWE-704	7.8
2018-11-23	CVE-2018-19476	Incorrect Type Conversion or Cast vulnerability in multiple products psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. local low complexity artifex debian canonical redhat CWE-704	7.8
2018-11-23	CVE-2018-19475	psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. local low complexity artifex debian canonical redhat	7.8
2018-11-16	CVE-2018-16395	An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. network low complexity ruby-lang canonical debian redhat	7.5
2018-11-14	CVE-2018-17466	Out-of-bounds Read vulnerability in multiple products Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. network low complexity google redhat debian canonical CWE-125	8.8