High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-12-03	CVE-2018-16863	Incomplete Blacklist vulnerability in multiple products It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. local low complexity artifex redhat CWE-184	7.8
2018-11-23	CVE-2018-19477	Incorrect Type Conversion or Cast vulnerability in multiple products psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. local low complexity artifex debian canonical redhat CWE-704	7.8
2018-11-23	CVE-2018-19476	Incorrect Type Conversion or Cast vulnerability in multiple products psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. local low complexity artifex debian canonical redhat CWE-704	7.8
2018-11-23	CVE-2018-19475	psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. local low complexity artifex debian canonical redhat	7.8
2018-11-14	CVE-2018-17466	Out-of-bounds Read vulnerability in multiple products Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. network low complexity google redhat debian canonical CWE-125	8.8
2018-11-08	CVE-2018-19115	Out-of-bounds Write vulnerability in multiple products keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap. network low complexity keepalived debian redhat CWE-787	7.5
2018-10-25	CVE-2018-14665	Incorrect Authorization vulnerability in multiple products A flaw was found in xorg-x11-server before 1.20.3. local low complexity x-org redhat canonical debian CWE-863	7.2
2018-10-22	CVE-2018-18559	Use After Free vulnerability in multiple products In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. network high complexity linux redhat CWE-416	8.1
2018-10-19	CVE-2018-18284	Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. local low complexity artifex debian canonical redhat pulsesecure	8.6
2018-10-18	CVE-2018-12378	Use After Free vulnerability in multiple products A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. network low complexity redhat debian canonical mozilla CWE-416	7.5