Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-11-26	CVE-2018-16862	Information Exposure vulnerability in multiple products A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). local low complexity linux redhat canonical debian CWE-200	5.5
2018-11-26	CVE-2018-19542	NULL Pointer Dereference vulnerability in multiple products An issue was discovered in JasPer 2.0.14. network low complexity jasper-project canonical suse debian opensuse CWE-476	6.5
2018-11-26	CVE-2018-19539	Reachable Assertion vulnerability in multiple products An issue was discovered in JasPer 2.0.14. network low complexity jasper-project suse debian opensuse CWE-617	6.5
2018-11-26	CVE-2018-19535	Out-of-bounds Read vulnerability in multiple products In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file. network low complexity exiv2 debian redhat canonical CWE-125	6.5
2018-11-22	CVE-2018-19432	NULL Pointer Dereference vulnerability in multiple products An issue was discovered in libsndfile 1.0.28. network low complexity libsndfile-project debian CWE-476	6.5
2018-11-15	CVE-2018-5407	Information Exposure Through Discrepancy vulnerability in multiple products Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. local high complexity canonical debian nodejs openssl tenable oracle redhat CWE-203	4.7
2018-11-14	CVE-2018-6082	Information Exposure vulnerability in multiple products Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page. network low complexity google redhat debian CWE-200	4.7
2018-11-14	CVE-2018-6081	Cross-site Scripting vulnerability in multiple products XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension or open Developer Console to inject arbitrary scripts or HTML via a crafted HTML page. network low complexity google redhat debian CWE-79	6.1
2018-11-14	CVE-2018-6080	Improper Privilege Management vulnerability in multiple products Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes . network low complexity google redhat debian CWE-269	6.5
2018-11-14	CVE-2018-6079	Information Exposure vulnerability in multiple products Inappropriate sharing of TEXTURE_2D_ARRAY/TEXTURE_3D data between tabs in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page. network low complexity google redhat debian CWE-200	6.5