High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-10-25	CVE-2018-14665	Incorrect Authorization vulnerability in multiple products A flaw was found in xorg-x11-server before 1.20.3. local low complexity x-org redhat canonical debian CWE-863	7.2
2018-10-19	CVE-2018-18284	Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. local low complexity artifex debian canonical redhat pulsesecure	8.6
2018-10-18	CVE-2018-5187	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs present in Firefox 60 and Firefox ESR 60. network low complexity debian canonical mozilla CWE-119	7.5
2018-10-18	CVE-2018-5186	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs present in Firefox 60. network low complexity mozilla canonical CWE-119	7.5
2018-10-18	CVE-2018-12378	Use After Free vulnerability in multiple products A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. network low complexity redhat debian canonical mozilla CWE-416	7.5
2018-10-18	CVE-2018-12377	Use After Free vulnerability in multiple products A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. network low complexity redhat debian canonical mozilla CWE-416	7.5
2018-10-18	CVE-2018-12376	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. network low complexity redhat debian canonical mozilla CWE-119	7.5
2018-10-18	CVE-2018-12369	Incorrect Authorization vulnerability in Mozilla Firefox and Firefox ESR WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. network low complexity mozilla canonical CWE-863	7.5
2018-10-18	CVE-2018-12364	Cross-Site Request Forgery (CSRF) vulnerability in multiple products NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. network low complexity redhat debian canonical mozilla CWE-352	8.8
2018-10-18	CVE-2018-12363	Use After Free vulnerability in multiple products A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. network low complexity redhat debian canonical mozilla CWE-416	8.8