High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-11-25	CVE-2018-19518	Argument Injection or Modification vulnerability in multiple products University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. network high complexity php debian uw-imap-project canonical CWE-88	7.5
2018-11-23	CVE-2018-19492	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in cairo.trm in Gnuplot 5.2.5. local low complexity gnuplot debian opensuse CWE-119	7.8
2018-11-23	CVE-2018-19491	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in post.trm in Gnuplot 5.2.5. local low complexity gnuplot debian opensuse CWE-119	7.8
2018-11-23	CVE-2018-19490	Out-of-bounds Write vulnerability in multiple products An issue was discovered in datafile.c in Gnuplot 5.2.5. local low complexity gnuplot debian opensuse CWE-787	7.8
2018-11-23	CVE-2018-19477	Incorrect Type Conversion or Cast vulnerability in multiple products psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. local low complexity artifex debian canonical redhat CWE-704	7.8
2018-11-23	CVE-2018-19476	Incorrect Type Conversion or Cast vulnerability in multiple products psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. local low complexity artifex debian canonical redhat CWE-704	7.8
2018-11-23	CVE-2018-19475	psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. local low complexity artifex debian canonical redhat	7.8
2018-11-17	CVE-2018-19274	Passing an absolute path to a file_exists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions. network low complexity phpbb debian	7.2
2018-11-16	CVE-2018-16396	An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. network high complexity ruby-lang canonical debian redhat	8.1
2018-11-16	CVE-2018-19296	PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack. network low complexity phpmailer-project debian fedoraproject wordpress	8.8