High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-11-29	CVE-2018-19623	Out-of-bounds Write vulnerability in multiple products In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. network low complexity wireshark debian CWE-787	7.5
2018-11-29	CVE-2018-19622	Infinite Loop vulnerability in multiple products In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. network low complexity wireshark debian CWE-835	7.5
2018-11-25	CVE-2018-19518	Argument Injection or Modification vulnerability in multiple products University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. network high complexity php debian uw-imap-project canonical CWE-88	7.5
2018-11-23	CVE-2018-19477	Incorrect Type Conversion or Cast vulnerability in multiple products psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. local low complexity artifex debian canonical redhat CWE-704	7.8
2018-11-23	CVE-2018-19476	Incorrect Type Conversion or Cast vulnerability in multiple products psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. local low complexity artifex debian canonical redhat CWE-704	7.8
2018-11-23	CVE-2018-19475	psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. local low complexity artifex debian canonical redhat	7.8
2018-11-17	CVE-2018-19274	Passing an absolute path to a file_exists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions. network low complexity phpbb debian	7.2
2018-11-16	CVE-2018-16395	An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. network low complexity ruby-lang canonical debian redhat	7.5
2018-11-16	CVE-2018-19296	PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack. network low complexity phpmailer-project debian fedoraproject wordpress	8.8
2018-11-14	CVE-2018-6083	Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page. network low complexity google redhat debian	8.8