High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-10-01	CVE-2018-17848	Improper Validation of Array Index vulnerability in multiple products The html package (aka x/net/html) through 2018-09-25 in Go mishandles <math><template><mn><b></template>, leading to a "panic: runtime error" (index out of range) in (*insertionModeStack).pop in node.go, called from inHeadIM, during an html.Parse call. network low complexity golang fedoraproject CWE-129	7.5
2018-10-01	CVE-2018-17847	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The html package (aka x/net/html) through 2018-09-25 in Go mishandles <svg><template><desc><t><svg></template>, leading to a "panic: runtime error" (index out of range) in (nodeStack).pop in node.go, called from (parser).clearActiveFormattingElements, during an html.Parse call. network low complexity golang fedoraproject CWE-119	7.5
2018-10-01	CVE-2018-17846	Infinite Loop vulnerability in multiple products The html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><select></table>, leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification. network low complexity golang fedoraproject CWE-835	7.5
2018-09-28	CVE-2018-14648	Resource Exhaustion vulnerability in multiple products A flaw was found in 389 Directory Server. network low complexity fedoraproject debian redhat CWE-400	7.8
2018-09-25	CVE-2018-14647	Missing Initialization of Resource vulnerability in multiple products Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. network low complexity python canonical debian fedoraproject opensuse redhat CWE-909	7.5
2018-09-17	CVE-2018-17143	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The html package (aka x/net/html) through 2018-09-17 in Go mishandles <template><tBody><isindex/action=0>, leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call. network low complexity golang fedoraproject CWE-119	7.5
2018-09-17	CVE-2018-17142	NULL Pointer Dereference vulnerability in multiple products The html package (aka x/net/html) through 2018-09-17 in Go mishandles <math><template><mo><template>, leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call. network low complexity golang fedoraproject CWE-476	7.5
2018-09-16	CVE-2018-17075	NULL Pointer Dereference vulnerability in multiple products The html package (aka x/net/html) before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of <template><object>, <template><applet>, or <template><marquee>. network low complexity golang fedoraproject CWE-476	7.5
2018-09-06	CVE-2018-14624	Improper Input Validation vulnerability in multiple products A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. network low complexity fedoraproject redhat debian CWE-20	7.5
2018-08-24	CVE-2018-14598	Improper Input Validation vulnerability in multiple products An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. network low complexity x-org debian canonical fedoraproject CWE-20	7.5