Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-10-09	CVE-2018-17958	Integer Overflow or Wraparound vulnerability in multiple products Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used. network low complexity qemu canonical debian redhat CWE-190	5.0
2018-10-09	CVE-2018-18074	Insufficiently Protected Credentials vulnerability in multiple products The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. network low complexity python canonical opensuse redhat CWE-522	5.0
2018-10-08	CVE-2018-18065	NULL Pointer Dereference vulnerability in multiple products _set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. network low complexity net-snmp debian canonical netapp paloaltonetworks CWE-476	4.0
2018-10-08	CVE-2018-1000808	Improper Resource Shutdown or Release vulnerability in multiple products Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. network pyopenssl-project canonical redhat CWE-404	4.3
2018-10-08	CVE-2018-1000805	Incorrect Authorization vulnerability in multiple products Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. network low complexity paramiko redhat debian canonical CWE-863	6.5
2018-10-04	CVE-2018-11784	Open Redirect vulnerability in multiple products When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. network low complexity apache debian canonical netapp redhat oracle CWE-601	4.3
2018-10-03	CVE-2018-17972	Race Condition vulnerability in multiple products An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. local low complexity linux canonical redhat debian CWE-362	5.5
2018-09-28	CVE-2018-17581	Resource Exhaustion vulnerability in multiple products CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service. network low complexity exiv2 debian canonical redhat CWE-400	6.5
2018-09-25	CVE-2018-11763	In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. network high complexity apache canonical redhat oracle netapp	5.9
2018-09-23	CVE-2018-17407	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. network tug canonical debian CWE-119	6.8