15.1

DATE	CVE	VULNERABILITY TITLE	RISK
2018-10-09	CVE-2018-18074	Insufficiently Protected Credentials vulnerability in multiple products The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. network low complexity python canonical opensuse redhat CWE-522	5.0
2018-09-25	CVE-2018-14647	Missing Initialization of Resource vulnerability in multiple products Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. network low complexity python canonical debian fedoraproject opensuse redhat CWE-909	7.5
2018-09-18	CVE-2018-1000802	Command Injection vulnerability in multiple products Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. network low complexity python debian canonical opensuse CWE-77 critical	9.8
2018-09-04	CVE-2018-10930	Improper Input Validation vulnerability in multiple products A flaw was found in RPC request using gfs3_rename_req in glusterfs server. network low complexity gluster redhat debian opensuse CWE-20	4.0
2018-09-04	CVE-2018-10929	Improper Input Validation vulnerability in multiple products A flaw was found in RPC request using gfs2_create_req in glusterfs server. network low complexity debian redhat gluster opensuse CWE-20	6.5
2018-09-04	CVE-2018-10928	Link Following vulnerability in multiple products A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. network low complexity debian redhat gluster opensuse CWE-59	6.5
2018-09-04	CVE-2018-10927	Improper Input Validation vulnerability in multiple products A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. network low complexity debian redhat gluster opensuse CWE-20	5.5
2018-09-04	CVE-2018-10926	Improper Input Validation vulnerability in multiple products A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. network low complexity redhat debian gluster opensuse CWE-20	6.5
2018-09-04	CVE-2018-10923	Improper Input Validation vulnerability in multiple products It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. network low complexity gluster redhat debian opensuse CWE-20	5.5
2018-09-04	CVE-2018-10914	NULL Pointer Dereference vulnerability in multiple products It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. network low complexity gluster redhat debian opensuse CWE-476	4.0