High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-09-25	CVE-2018-6033	Improper Input Validation vulnerability in multiple products Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted Chrome Extension. network low complexity google redhat debian CWE-20	8.8
2018-09-25	CVE-2018-6031	Use After Free vulnerability in multiple products Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. network low complexity google redhat debian CWE-416	8.8
2018-09-25	CVE-2018-14647	Missing Initialization of Resource vulnerability in multiple products Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. network low complexity python canonical debian fedoraproject opensuse redhat CWE-909	7.5
2018-09-25	CVE-2018-14633	A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. network high complexity linux debian canonical redhat	7.0
2018-09-24	CVE-2018-17281	Resource Exhaustion vulnerability in multiple products There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. network low complexity digium debian CWE-400	7.5
2018-09-23	CVE-2018-17407	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. local low complexity tug canonical debian CWE-119	7.8
2018-09-19	CVE-2018-17183	Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code. local low complexity debian canonical artifex redhat	7.8
2018-09-19	CVE-2018-17182	Use After Free vulnerability in multiple products An issue was discovered in the Linux kernel through 4.18.8. local low complexity linux canonical debian netapp CWE-416	7.8
2018-09-18	CVE-2018-16515	Improper Verification of Cryptographic Signature vulnerability in multiple products Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation. network low complexity matrix debian CWE-347	8.8
2018-09-18	CVE-2018-13982	Path Traversal vulnerability in multiple products Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. network low complexity smarty debian CWE-22	7.5