High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-10-06	CVE-2018-17456	Argument Injection or Modification vulnerability in multiple products Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character. network low complexity git-scm redhat canonical debian CWE-88	7.5
2018-10-03	CVE-2018-17540	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate. network low complexity strongswan debian canonical CWE-119	7.5
2018-09-28	CVE-2018-14648	Resource Exhaustion vulnerability in multiple products A flaw was found in 389 Directory Server. network low complexity fedoraproject debian redhat CWE-400	7.8
2018-09-26	CVE-2018-16152	Improper Verification of Cryptographic Signature vulnerability in multiple products In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. network low complexity strongswan debian canonical CWE-347	7.5
2018-09-26	CVE-2018-16151	Improper Verification of Cryptographic Signature vulnerability in multiple products In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. network low complexity strongswan debian canonical CWE-347	7.5
2018-09-25	CVE-2018-6054	Use After Free vulnerability in multiple products Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. network low complexity google redhat debian CWE-416	8.8
2018-09-25	CVE-2018-6043	Improper Input Validation vulnerability in multiple products Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page. network low complexity google debian redhat CWE-20	8.8
2018-09-25	CVE-2018-6035	Information Exposure vulnerability in multiple products Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension. network low complexity google debian redhat CWE-200	8.8
2018-09-25	CVE-2018-6034	Out-of-bounds Read vulnerability in multiple products Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. network low complexity google debian redhat CWE-125	8.1
2018-09-25	CVE-2018-6033	Improper Input Validation vulnerability in multiple products Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted Chrome Extension. network low complexity google redhat debian CWE-20	8.8