High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-12-20	CVE-2018-17246	Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. network low complexity elastic redhat CWE-829	7.5
2018-12-20	CVE-2018-1000878	Use After Free vulnerability in multiple products libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. network low complexity libarchive debian canonical redhat opensuse fedoraproject CWE-416	8.8
2018-12-20	CVE-2018-1000877	Double Free vulnerability in multiple products libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. network low complexity libarchive debian canonical redhat fedoraproject CWE-415	8.8
2018-12-20	CVE-2018-1000876	Integer Overflow or Wraparound vulnerability in multiple products binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. local low complexity gnu canonical redhat CWE-190	7.8
2018-12-19	CVE-2018-15127	Out-of-bounds Write vulnerability in multiple products LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution network low complexity libvnc-project canonical redhat debian CWE-787	7.5
2018-12-18	CVE-2018-16884	Use After Free vulnerability in multiple products A flaw was found in the Linux kernel's NFS41+ subsystem. low complexity linux redhat debian canonical CWE-416	8.0
2018-12-12	CVE-2018-20103	Infinite Loop vulnerability in multiple products An issue was discovered in dns.c in HAProxy through 1.8.14. network low complexity haproxy canonical redhat CWE-835	7.5
2018-12-12	CVE-2018-20102	Out-of-bounds Read vulnerability in multiple products An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14. network low complexity haproxy canonical redhat CWE-125	7.5
2018-12-11	CVE-2018-18359	Out-of-bounds Read vulnerability in multiple products Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. network low complexity google redhat debian CWE-125	8.8
2018-12-11	CVE-2018-18356	Use After Free vulnerability in multiple products An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google debian canonical redhat opensuse CWE-416	8.8