High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-11-23	CVE-2018-19491	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in post.trm in Gnuplot 5.2.5. local low complexity gnuplot debian opensuse CWE-119	7.8
2018-11-23	CVE-2018-19490	Out-of-bounds Write vulnerability in multiple products An issue was discovered in datafile.c in Gnuplot 5.2.5. local low complexity gnuplot debian opensuse CWE-787	7.8
2018-11-07	CVE-2018-16843	nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. network low complexity f5 debian canonical opensuse apple	7.5
2018-11-07	CVE-2018-19052	Path Traversal vulnerability in multiple products An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. network low complexity lighttpd suse opensuse debian CWE-22	7.5
2018-10-12	CVE-2018-18225	Incorrect Calculation vulnerability in multiple products In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. network low complexity wireshark debian opensuse CWE-682	7.5
2018-10-09	CVE-2018-18074	Insufficiently Protected Credentials vulnerability in multiple products The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. network low complexity python canonical opensuse redhat CWE-522	7.5
2018-10-09	CVE-2018-12477	CRLF Injection vulnerability in Opensuse Leap 15.0/42.3 A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. network low complexity opensuse CWE-93	7.5
2018-09-25	CVE-2018-14647	Missing Initialization of Resource vulnerability in multiple products Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. network low complexity python canonical debian fedoraproject opensuse redhat CWE-909	7.5
2018-09-04	CVE-2018-10929	A flaw was found in RPC request using gfs2_create_req in glusterfs server. network low complexity redhat debian gluster opensuse	8.8
2018-09-04	CVE-2018-10928	A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. network low complexity redhat debian gluster opensuse	8.8