Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-08-22	CVE-2018-10844	Covert Timing Channel vulnerability in multiple products It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. network high complexity gnu redhat canonical fedoraproject debian CWE-385	5.9
2018-08-21	CVE-2018-15599	Information Exposure vulnerability in multiple products The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase. network low complexity debian dropbear-ssh-project CWE-200	5.0
2018-08-20	CVE-2018-1000637	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential denial of service or arbitrary code execution. network nongnu debian CWE-119	6.8
2018-08-18	CVE-2018-15501	Out-of-bounds Read vulnerability in multiple products In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS. network low complexity debian libgit2 CWE-125	5.0
2018-08-17	CVE-2018-15473	Race Condition vulnerability in multiple products OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. network low complexity openbsd debian redhat canonical netapp oracle siemens CWE-362	5.3
2018-08-17	CVE-2018-15469	Resource Exhaustion vulnerability in multiple products An issue was discovered in Xen through 4.11.x. local low complexity xen debian CWE-400	4.9
2018-08-17	CVE-2018-10873	Improper Input Validation vulnerability in multiple products A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. network low complexity spice-project debian canonical redhat CWE-20	6.5
2018-08-16	CVE-2018-14567	Infinite Loop vulnerability in multiple products libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251. network xmlsoft canonical debian CWE-835	4.3
2018-08-10	CVE-2018-6553	The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. local low complexity cups canonical debian	4.6
2018-08-09	CVE-2018-10915	SQL Injection vulnerability in multiple products A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. network redhat canonical debian postgresql CWE-89	6.0