Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-09-04	CVE-2018-16435	Integer Overflow or Wraparound vulnerability in multiple products Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile. network littlecms canonical redhat debian CWE-190	4.3
2018-08-29	CVE-2018-12827	Out-of-bounds Read vulnerability in Adobe Flash Player Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. network low complexity adobe apple microsoft google linux redhat CWE-125	5.0
2018-08-29	CVE-2018-12826	Out-of-bounds Read vulnerability in Adobe Flash Player Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. network low complexity adobe apple microsoft google linux redhat CWE-125	5.0
2018-08-29	CVE-2018-12824	Out-of-bounds Read vulnerability in multiple products Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. network adobe apple microsoft google linux redhat CWE-125	4.3
2018-08-29	CVE-2018-16062	Out-of-bounds Read vulnerability in multiple products dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. local low complexity elfutils-project debian opensuse canonical redhat CWE-125	5.5
2018-08-28	CVE-2017-15429	Cross-site Scripting vulnerability in multiple products Inappropriate implementation in V8 WebAssembly JS bindings in Google Chrome prior to 63.0.3239.108 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. network low complexity google debian redhat CWE-79	6.1
2018-08-28	CVE-2017-15396	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google redhat debian icu-project CWE-119	6.5
2018-08-28	CVE-2017-15427	Cross-site Scripting vulnerability in multiple products Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar. network low complexity google redhat debian CWE-79	6.1
2018-08-28	CVE-2017-15426	Improper Input Validation vulnerability in multiple products Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. network low complexity google debian redhat CWE-20	6.5
2018-08-28	CVE-2017-15425	Improper Input Validation vulnerability in multiple products Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. network low complexity google redhat debian CWE-20	6.5