Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-08-28	CVE-2017-15415	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the value of a pointer via a crafted HTML page. network low complexity debian redhat google CWE-119	6.5
2018-08-27	CVE-2018-10938	Infinite Loop vulnerability in multiple products A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. network high complexity linux canonical debian CWE-835	5.9
2018-08-22	CVE-2018-10919	Information Exposure vulnerability in multiple products The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. network low complexity canonical debian samba CWE-200	6.5
2018-08-22	CVE-2018-10846	A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. local high complexity gnu redhat canonical fedoraproject debian	5.6
2018-08-22	CVE-2018-10845	It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. network high complexity gnu redhat canonical fedoraproject debian	5.9
2018-08-22	CVE-2018-10844	It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. network high complexity gnu redhat canonical fedoraproject debian	5.9
2018-08-21	CVE-2018-15599	Information Exposure vulnerability in multiple products The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase. network low complexity debian dropbear-ssh-project CWE-200	5.3
2018-08-20	CVE-2018-15594	Information Exposure vulnerability in multiple products arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests. local low complexity debian canonical linux CWE-200	5.5
2018-08-20	CVE-2018-15572	The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks. local low complexity debian canonical linux	6.5
2018-08-17	CVE-2018-15473	Race Condition vulnerability in multiple products OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. network low complexity openbsd debian redhat canonical netapp oracle siemens CWE-362	5.3