High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-01-09	CVE-2018-16071	Use After Free vulnerability in multiple products A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. network low complexity google redhat CWE-416	8.8
2019-01-09	CVE-2018-16065	Use After Free vulnerability in multiple products A Javascript reentrancy issues that caused a use-after-free in V8 in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. network low complexity google debian redhat CWE-416	8.8
2019-01-09	CVE-2016-9651	Code Injection vulnerability in multiple products A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. network low complexity google redhat CWE-94	8.8
2019-01-09	CVE-2019-0542	Code Injection vulnerability in multiple products A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka "Xterm Remote Code Execution Vulnerability." This affects xterm.js. network low complexity xtermjs redhat CWE-94	8.8
2018-12-21	CVE-2018-20346	Integer Overflow or Wraparound vulnerability in multiple products SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan. network high complexity sqlite google redhat debian opensuse CWE-190	8.1
2018-12-20	CVE-2018-19134	Incorrect Type Conversion or Cast vulnerability in multiple products In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. local low complexity artifex debian redhat CWE-704	7.8
2018-12-20	CVE-2018-1000878	Use After Free vulnerability in multiple products libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. network low complexity libarchive debian canonical redhat opensuse fedoraproject CWE-416	8.8
2018-12-20	CVE-2018-1000877	Double Free vulnerability in multiple products libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. network low complexity libarchive debian canonical redhat fedoraproject CWE-415	8.8
2018-12-20	CVE-2018-1000876	Integer Overflow or Wraparound vulnerability in multiple products binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. local low complexity gnu canonical redhat CWE-190	7.8
2018-12-18	CVE-2018-16884	A flaw was found in the Linux kernel's NFS41+ subsystem. low complexity linux redhat debian canonical	8.0