High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-11-25	CVE-2018-19518	Argument Injection or Modification vulnerability in multiple products University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. network high complexity php debian uw-imap-project canonical CWE-88	7.5
2018-11-23	CVE-2018-19486	Untrusted Search Path vulnerability in Git-Scm GIT Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017. network low complexity git-scm linux canonical CWE-426	7.5
2018-11-23	CVE-2018-19477	Incorrect Type Conversion or Cast vulnerability in multiple products psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. local low complexity artifex debian canonical redhat CWE-704	7.8
2018-11-23	CVE-2018-19476	Incorrect Type Conversion or Cast vulnerability in multiple products psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. local low complexity artifex debian canonical redhat CWE-704	7.8
2018-11-23	CVE-2018-19475	psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. local low complexity artifex debian canonical redhat	7.8
2018-11-16	CVE-2018-16395	An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. network low complexity ruby-lang canonical debian redhat	7.5
2018-11-14	CVE-2018-17466	Out-of-bounds Read vulnerability in multiple products Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. network low complexity google redhat debian canonical CWE-125	8.8
2018-11-07	CVE-2018-16844	Resource Exhaustion vulnerability in multiple products nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. network low complexity f5 debian canonical apple CWE-400	7.8
2018-11-07	CVE-2018-16843	Resource Exhaustion vulnerability in multiple products nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. network low complexity f5 debian canonical opensuse apple CWE-400	7.8
2018-11-06	CVE-2018-9516	Out-of-bounds Write vulnerability in multiple products In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. local low complexity google debian canonical CWE-787	7.2