15.1

DATE	CVE	VULNERABILITY TITLE	RISK
2018-09-04	CVE-2018-10913	Information Exposure Through an Error Message vulnerability in multiple products An information disclosure vulnerability was discovered in glusterfs server. network low complexity gluster redhat debian opensuse CWE-209	4.0
2018-09-04	CVE-2018-10911	Deserialization of Untrusted Data vulnerability in multiple products A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. network low complexity gluster redhat debian opensuse CWE-502	5.0
2018-09-04	CVE-2018-10907	Stack-based Buffer Overflow vulnerability in multiple products It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. network low complexity gluster redhat debian opensuse CWE-121	6.5
2018-09-04	CVE-2018-10904	Untrusted Search Path vulnerability in multiple products It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. network low complexity gluster redhat debian opensuse CWE-426	6.5
2018-09-03	CVE-2018-16402	Double Free vulnerability in multiple products libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice. network low complexity elfutils-project debian redhat opensuse canonical CWE-415 critical	9.8
2018-08-29	CVE-2018-16062	Out-of-bounds Read vulnerability in multiple products dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. local low complexity elfutils-project debian opensuse canonical redhat CWE-125	5.5
2018-07-09	CVE-2018-1000613	Unsafe Reflection vulnerability in multiple products Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. network low complexity bouncycastle netapp opensuse oracle CWE-470 critical	9.8
2018-07-06	CVE-2018-10892	Execution with Unnecessary Privileges vulnerability in multiple products The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. network low complexity docker mobyproject redhat opensuse CWE-250	5.3
2018-05-23	CVE-2018-1125	Out-of-bounds Write vulnerability in multiple products procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. network low complexity procps-ng-project canonical debian opensuse CWE-787	5.0
2018-05-23	CVE-2018-1124	Integer Overflow or Wraparound vulnerability in multiple products procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. local low complexity procps-ng-project canonical debian redhat schneider-electric opensuse CWE-190	4.6