High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-10-26	CVE-2018-15686	Deserialization of Untrusted Data vulnerability in multiple products A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. local low complexity debian canonical systemd-project oracle CWE-502	7.8
2018-10-26	CVE-2018-18654	Incorrect Permission Assignment for Critical Resource vulnerability in Debian Crossroads 2.81 Crossroads 2.81 does not properly handle the /tmp directory during a build of xr. local low complexity debian CWE-732	7.2
2018-10-25	CVE-2018-14665	Incorrect Authorization vulnerability in multiple products A flaw was found in xorg-x11-server before 1.20.3. local low complexity x-org redhat canonical debian CWE-863	7.2
2018-10-24	CVE-2016-10729	Command Injection vulnerability in multiple products An issue was discovered in Amanda 3.3.1. local low complexity zmanda redhat debian CWE-77	7.2
2018-10-19	CVE-2018-18284	Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. local low complexity artifex debian canonical redhat pulsesecure	8.6
2018-10-19	CVE-2018-4013	Out-of-bounds Write vulnerability in multiple products An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. network low complexity live555 debian CWE-787	7.5
2018-10-18	CVE-2018-15756	Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. network low complexity vmware oracle debian	7.5
2018-10-18	CVE-2018-5187	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs present in Firefox 60 and Firefox ESR 60. network low complexity debian canonical mozilla CWE-119	7.5
2018-10-18	CVE-2018-12378	Use After Free vulnerability in multiple products A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. network low complexity redhat debian canonical mozilla CWE-416	7.5
2018-10-18	CVE-2018-12377	Use After Free vulnerability in multiple products A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. network low complexity redhat debian canonical mozilla CWE-416	7.5