High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-09-25	CVE-2018-14634	Integer Overflow or Wraparound vulnerability in multiple products An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. local low complexity linux redhat canonical netapp CWE-190	7.8
2018-09-25	CVE-2018-14647	Missing Initialization of Resource vulnerability in multiple products Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. network low complexity python canonical debian fedoraproject opensuse redhat CWE-909	7.5
2018-09-25	CVE-2018-14633	Stack-based Buffer Overflow vulnerability in multiple products A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. network high complexity linux debian canonical redhat CWE-121	7.0
2018-09-21	CVE-2018-14645	Out-of-bounds Read vulnerability in multiple products A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. network low complexity haproxy canonical redhat CWE-125	7.5
2018-09-19	CVE-2018-17183	Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code. local low complexity debian canonical artifex redhat	7.8
2018-09-19	CVE-2018-17182	Use After Free vulnerability in multiple products An issue was discovered in the Linux kernel through 4.18.8. local low complexity linux canonical debian netapp CWE-416	7.8
2018-09-17	CVE-2018-11781	Code Injection vulnerability in multiple products Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax. local low complexity apache redhat debian canonical CWE-94	7.8
2018-09-10	CVE-2018-16802	An issue was discovered in Artifex Ghostscript before 9.25. local low complexity artifex debian canonical redhat	7.8
2018-09-10	CVE-2018-14625	Use After Free vulnerability in multiple products A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. local high complexity linux canonical debian CWE-416	7.0
2018-09-07	CVE-2018-0643	OS Command Injection vulnerability in multiple products Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-server) 1:1.4.9+p41-u4jma1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. canonical orcamo CWE-78	7.4