High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-10-18	CVE-2018-12376	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. network low complexity redhat debian canonical mozilla CWE-119	7.5
2018-10-18	CVE-2018-12364	Cross-Site Request Forgery (CSRF) vulnerability in multiple products NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. network low complexity redhat debian canonical mozilla CWE-352	8.8
2018-10-18	CVE-2018-12363	Use After Free vulnerability in multiple products A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. network low complexity redhat debian canonical mozilla CWE-416	8.8
2018-10-18	CVE-2018-12362	Integer Overflow or Wraparound vulnerability in multiple products An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. network low complexity redhat debian canonical mozilla CWE-190	8.8
2018-10-18	CVE-2018-12360	Use After Free vulnerability in multiple products A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. network low complexity redhat debian canonical mozilla CWE-416	8.8
2018-10-15	CVE-2018-17961	Information Exposure Through an Error Message vulnerability in multiple products Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. local low complexity artifex debian canonical redhat CWE-209	8.6
2018-10-12	CVE-2018-18227	NULL Pointer Dereference vulnerability in multiple products In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. network low complexity wireshark debian CWE-476	7.5
2018-10-12	CVE-2018-18226	Missing Release of Resource after Effective Lifetime vulnerability in multiple products In Wireshark 2.6.0 to 2.6.3, the Steam IHS Discovery dissector could consume system memory. network low complexity wireshark debian CWE-772	7.5
2018-10-12	CVE-2018-18225	Incorrect Calculation vulnerability in multiple products In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. network low complexity wireshark debian opensuse CWE-682	7.5
2018-10-09	CVE-2018-17963	Integer Overflow or Wraparound vulnerability in multiple products qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. network low complexity qemu debian canonical redhat CWE-190	7.5