High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-10-31	CVE-2018-14651	Link Following vulnerability in multiple products It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. network low complexity debian redhat gluster CWE-59	8.8
2018-10-31	CVE-2016-6328	Integer Overflow or Wraparound vulnerability in multiple products A vulnerability was found in libexif. network low complexity libexif-project debian canonical CWE-190	8.1
2018-10-31	CVE-2018-11759	Path Traversal vulnerability in multiple products The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. network low complexity apache debian redhat CWE-22	7.5
2018-10-31	CVE-2018-14653	Heap-based Buffer Overflow vulnerability in multiple products The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. network low complexity redhat debian CWE-122	8.8
2018-10-26	CVE-2018-15686	Deserialization of Untrusted Data vulnerability in multiple products A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. local low complexity debian canonical systemd-project oracle CWE-502	7.8
2018-10-26	CVE-2018-18654	Incorrect Permission Assignment for Critical Resource vulnerability in Debian Crossroads 2.81 Crossroads 2.81 does not properly handle the /tmp directory during a build of xr. local low complexity debian CWE-732	7.2
2018-10-25	CVE-2018-14665	Incorrect Authorization vulnerability in multiple products A flaw was found in xorg-x11-server before 1.20.3. local low complexity x-org redhat canonical debian CWE-863	7.2
2018-10-24	CVE-2016-10729	Command Injection vulnerability in multiple products An issue was discovered in Amanda 3.3.1. local low complexity zmanda redhat debian CWE-77	7.2
2018-10-19	CVE-2018-18284	Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. local low complexity artifex debian canonical redhat pulsesecure	8.6
2018-10-19	CVE-2018-4013	Out-of-bounds Write vulnerability in multiple products An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. network low complexity live555 debian CWE-787	7.5