| 2018-10-18 | CVE-2018-12374 | Information Exposure vulnerability in multiple products
Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. | 4.3 |
| 2018-10-18 | CVE-2018-12373 | Information Exposure vulnerability in multiple products
dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. | 6.5 |
| 2018-10-18 | CVE-2018-12372 | Information Exposure vulnerability in multiple products
Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. | 6.5 |
| 2018-09-25 | CVE-2018-11763 | In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. | 5.9 |
| 2018-09-10 | CVE-2016-7056 | A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys. | 5.5 |
| 2018-09-05 | CVE-2018-16542 | Out-of-bounds Write vulnerability in multiple products
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter. | 5.5 |
| 2018-09-04 | CVE-2018-10930 | A flaw was found in RPC request using gfs3_rename_req in glusterfs server. | 6.5 |
| 2018-08-20 | CVE-2015-5160 | Information Exposure vulnerability in multiple products
libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing. | 5.5 |
| 2018-07-30 | CVE-2018-10883 | A flaw was found in the Linux kernel's ext4 filesystem. | 5.5 |
| 2018-07-27 | CVE-2017-2618 | A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. | 5.5 |