Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-09-25	CVE-2018-6040	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially bypass content security policy via a crafted HTML page. network low complexity google debian redhat CWE-732	6.5
2018-09-25	CVE-2018-6039	Improper Input Validation vulnerability in multiple products Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension. network low complexity google debian redhat CWE-20	6.1
2018-09-25	CVE-2018-6038	Out-of-bounds Read vulnerability in multiple products Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. network low complexity google debian redhat CWE-125	6.5
2018-09-25	CVE-2018-6037	Information Exposure vulnerability in multiple products Inappropriate implementation in autofill in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain autofill data with insufficient user gestures via a crafted HTML page. network low complexity google debian redhat CWE-200	6.5
2018-09-25	CVE-2018-6036	Improper Input Validation vulnerability in multiple products Insufficient data validation in V8 in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user data via a crafted HTML page. network low complexity google debian redhat CWE-20	6.5
2018-09-25	CVE-2018-6032	Improper Input Validation vulnerability in multiple products Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted HTML page. network low complexity google redhat debian CWE-20	6.5
2018-09-17	CVE-2017-15705	Improper Input Validation vulnerability in multiple products A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. network low complexity apache redhat debian canonical CWE-20	5.3
2018-09-05	CVE-2018-16542	Out-of-bounds Write vulnerability in multiple products In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter. local low complexity artifex redhat debian canonical CWE-787	5.5
2018-09-05	CVE-2018-16541	Use After Free vulnerability in multiple products In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter. local low complexity artifex canonical debian redhat CWE-416	5.5
2018-09-05	CVE-2018-16539	Information Exposure vulnerability in multiple products In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable. local low complexity artifex canonical debian redhat CWE-200	5.5