10.0

DATE	CVE	VULNERABILITY TITLE	RISK
2018-11-06	CVE-2018-16472	Improper Input Validation vulnerability in multiple products A prototype pollution attack in cached-path-relative versions <=1.0.1 allows an attacker to inject properties on Object.prototype which are then inherited by all the JS objects through the prototype chain causing a DoS attack. network low complexity cached-path-relative-project debian CWE-20	7.5
2018-11-02	CVE-2018-18897	Missing Release of Resource after Effective Lifetime vulnerability in multiple products An issue was discovered in Poppler 0.71.0. network low complexity freedesktop debian canonical redhat CWE-772	6.5
2018-10-24	CVE-2016-10729	Command Injection vulnerability in multiple products An issue was discovered in Amanda 3.3.1. local low complexity zmanda redhat debian CWE-77	7.8
2018-09-28	CVE-2018-17581	Resource Exhaustion vulnerability in multiple products CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service. network low complexity exiv2 debian canonical redhat CWE-400	6.5
2018-09-12	CVE-2018-16981	Out-of-bounds Write vulnerability in multiple products stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function. network low complexity nothings debian CWE-787	8.8
2018-08-28	CVE-2017-15399	Use After Free vulnerability in multiple products A use after free in V8 in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google debian redhat CWE-416	8.8
2018-08-28	CVE-2017-15398	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A stack buffer overflow in the QUIC networking stack in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to gain code execution via a malicious server. network low complexity google redhat debian CWE-119 critical	9.8
2018-08-28	CVE-2017-15396	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google redhat debian icu-project CWE-119	6.5
2018-07-27	CVE-2017-7519	Use of Externally-Controlled Format String vulnerability in multiple products In Ceph, a format string flaw was found in the way libradosstriper parses input from user. local low complexity ceph debian CWE-134	4.4
2018-07-27	CVE-2017-2666	HTTP Request Smuggling vulnerability in multiple products It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. network low complexity redhat debian CWE-444	6.5