High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-08-24	CVE-2018-14598	Improper Input Validation vulnerability in multiple products An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. network low complexity x-org debian canonical fedoraproject CWE-20	7.5
2018-08-14	CVE-2018-14348	Information Exposure vulnerability in multiple products libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information. network low complexity libcgroup-project debian fedoraproject CWE-200	8.1
2018-07-27	CVE-2017-12173	Improper Input Validation vulnerability in multiple products It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. network low complexity redhat fedoraproject CWE-20	8.8
2018-07-18	CVE-2018-10871	Cleartext Storage of Sensitive Information vulnerability in multiple products 389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. network low complexity fedoraproject debian CWE-312	7.2
2018-07-06	CVE-2018-13405	Improper Privilege Management vulnerability in multiple products The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. local low complexity linux debian canonical fedoraproject redhat f5 CWE-269	7.8
2018-06-26	CVE-2018-10852	Information Exposure vulnerability in multiple products The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. network low complexity debian fedoraproject redhat CWE-200	7.5
2018-06-19	CVE-2018-10811	Missing Initialization of Resource vulnerability in multiple products strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable. network low complexity strongswan debian canonical fedoraproject CWE-909	7.5
2018-06-19	CVE-2018-1061	python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. network low complexity python debian redhat canonical fedoraproject	7.5
2018-06-18	CVE-2018-1090	Information Exposure vulnerability in multiple products In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and then become readable to all users with read access on the distributor/importer. network low complexity pulpproject fedoraproject redhat CWE-200	7.5
2018-06-18	CVE-2018-1060	python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. network low complexity python fedoraproject canonical redhat debian	7.5