High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-12-19	CVE-2018-20021	Infinite Loop vulnerability in multiple products LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835: Infinite loop vulnerability in VNC client code. network low complexity libvnc-project canonical debian CWE-835	7.8
2018-12-19	CVE-2018-20020	Out-of-bounds Write vulnerability in multiple products LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside structure in VNC client code that can result remote code execution network low complexity libvnc-project canonical debian CWE-787	7.5
2018-12-19	CVE-2018-20019	Out-of-bounds Write vulnerability in multiple products LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result remote code execution network low complexity libvnc-project canonical debian siemens CWE-787	7.5
2018-12-19	CVE-2018-15127	Out-of-bounds Write vulnerability in multiple products LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution network low complexity libvnc-project canonical redhat debian CWE-787	7.5
2018-12-19	CVE-2018-15126	Use After Free vulnerability in multiple products LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution network low complexity libvnc-project canonical debian CWE-416	7.5
2018-12-18	CVE-2018-16884	Use After Free vulnerability in multiple products A flaw was found in the Linux kernel's NFS41+ subsystem. low complexity linux redhat debian canonical CWE-416	8.0
2018-12-14	CVE-2018-20148	Deserialization of Untrusted Data vulnerability in Wordpress In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. network low complexity wordpress debian CWE-502	7.5
2018-12-14	CVE-2018-16874	Improper Input Validation vulnerability in multiple products In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). network high complexity golang opensuse suse debian CWE-20	8.1
2018-12-14	CVE-2018-16873	Improper Input Validation vulnerability in multiple products In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. network high complexity golang opensuse suse debian CWE-20	8.1
2018-12-11	CVE-2018-18359	Out-of-bounds Read vulnerability in multiple products Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. network low complexity google redhat debian CWE-125	8.8