Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-10-15	CVE-2018-18073	Information Exposure vulnerability in multiple products Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object. local low complexity artifex debian canonical redhat CWE-200	6.3
2018-10-08	CVE-2018-1000805	Incorrect Authorization vulnerability in multiple products Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. network low complexity paramiko redhat debian canonical CWE-863	6.5
2018-10-04	CVE-2018-11784	Open Redirect vulnerability in multiple products When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. network low complexity apache debian canonical netapp redhat oracle CWE-601	4.3
2018-10-03	CVE-2018-17972	Race Condition vulnerability in multiple products An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. local low complexity linux canonical redhat debian CWE-362	5.5
2018-09-27	CVE-2018-14650	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. local low complexity sos-collector-project redhat CWE-732	5.0
2018-09-14	CVE-2018-14638	Double Free vulnerability in multiple products A flaw was found in 389-ds-base before version 1.3.8.4-13. network low complexity fedoraproject redhat CWE-415	5.0
2018-09-05	CVE-2018-16542	Out-of-bounds Write vulnerability in multiple products In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter. local low complexity artifex redhat debian canonical CWE-787	5.5
2018-09-05	CVE-2018-16541	Use After Free vulnerability in multiple products In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter. local low complexity artifex canonical debian redhat CWE-416	5.5
2018-09-05	CVE-2018-16539	Information Exposure vulnerability in multiple products In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable. local low complexity artifex canonical debian redhat CWE-200	5.5
2018-08-17	CVE-2018-10873	Improper Input Validation vulnerability in multiple products A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. network low complexity spice-project debian canonical redhat CWE-20	6.5