High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-12-20	CVE-2018-1000878	Use After Free vulnerability in multiple products libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. network low complexity libarchive debian canonical redhat opensuse fedoraproject CWE-416	8.8
2018-12-14	CVE-2018-16875	Improper Certificate Validation vulnerability in multiple products The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. network low complexity golang opensuse CWE-295	7.5
2018-12-14	CVE-2018-16874	In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). network high complexity golang opensuse suse debian	8.1
2018-12-14	CVE-2018-16873	In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. network high complexity golang opensuse suse debian	8.1
2018-12-11	CVE-2018-18356	Use After Free vulnerability in multiple products An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google debian canonical redhat opensuse CWE-416	8.8
2018-12-11	CVE-2018-18335	Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google redhat debian opensuse CWE-787	8.8
2018-12-05	CVE-2018-19865	Information Exposure Through Log Files vulnerability in multiple products A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3. network low complexity qt opensuse CWE-532	7.5
2018-11-23	CVE-2018-19492	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in cairo.trm in Gnuplot 5.2.5. local low complexity gnuplot debian opensuse CWE-119	7.8
2018-11-23	CVE-2018-19491	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in post.trm in Gnuplot 5.2.5. local low complexity gnuplot debian opensuse CWE-119	7.8
2018-11-23	CVE-2018-19490	Out-of-bounds Write vulnerability in multiple products An issue was discovered in datafile.c in Gnuplot 5.2.5. local low complexity gnuplot debian opensuse CWE-787	7.8