15.0

DATE	CVE	VULNERABILITY TITLE	RISK
2018-12-14	CVE-2018-16874	Improper Input Validation vulnerability in multiple products In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). network high complexity golang opensuse suse debian CWE-20	8.1
2018-12-14	CVE-2018-16873	Improper Input Validation vulnerability in multiple products In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. network high complexity golang opensuse suse debian CWE-20	8.1
2018-12-11	CVE-2018-18356	Use After Free vulnerability in multiple products An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google debian canonical redhat opensuse CWE-416	8.8
2018-12-11	CVE-2018-18335	Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google redhat debian opensuse CWE-787	8.8
2018-12-05	CVE-2018-19865	Information Exposure Through Log Files vulnerability in multiple products A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3. network low complexity qt opensuse CWE-532	5.0
2018-12-04	CVE-2018-19841	Out-of-bounds Read vulnerability in multiple products The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack. local low complexity wavpack canonical fedoraproject opensuse debian CWE-125	5.5
2018-12-04	CVE-2018-19840	Infinite Loop vulnerability in multiple products The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero. local low complexity wavpack canonical fedoraproject opensuse CWE-835	5.5
2018-11-26	CVE-2018-19542	NULL Pointer Dereference vulnerability in multiple products An issue was discovered in JasPer 2.0.14. network jasper-project canonical suse debian opensuse CWE-476	4.3
2018-11-26	CVE-2018-19539	Reachable Assertion vulnerability in multiple products An issue was discovered in JasPer 2.0.14. network jasper-project suse debian opensuse CWE-617	4.3
2018-11-23	CVE-2018-19492	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in cairo.trm in Gnuplot 5.2.5. network gnuplot debian opensuse CWE-119	6.8