Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-07-26	CVE-2017-7562	Improper Certificate Validation vulnerability in multiple products An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. network low complexity redhat mit CWE-295	6.5
2018-07-25	CVE-2018-1002200	Path Traversal vulnerability in multiple products plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. local low complexity codehaus-plexus redhat debian CWE-22	5.5
2018-07-25	CVE-2018-10880	Out-of-bounds Write vulnerability in multiple products Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). local low complexity debian linux redhat canonical CWE-787	5.5
2018-07-18	CVE-2018-10877	Out-of-bounds Read vulnerability in multiple products Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image. local low complexity canonical linux debian redhat CWE-125	6.5
2018-07-16	CVE-2018-10840	Heap-based Buffer Overflow vulnerability in multiple products Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. low complexity linux canonical redhat CWE-122	6.6
2018-07-10	CVE-2018-3693	Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. local intel arm oracle schneider-electric netapp redhat fujitsu	4.7
2018-07-10	CVE-2018-10872	Execution with Unnecessary Privileges vulnerability in Redhat products A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. local low complexity redhat CWE-250	5.5
2018-07-10	CVE-2018-1128	Improper Authentication vulnerability in multiple products It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. redhat debian opensuse CWE-287	5.4
2018-07-06	CVE-2018-10892	Execution with Unnecessary Privileges vulnerability in multiple products The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. network low complexity docker mobyproject redhat opensuse CWE-250	5.3
2018-07-03	CVE-2018-1113	Incorrect Permission Assignment for Critical Resource vulnerability in Redhat products setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. local low complexity redhat fedoraproject CWE-732	4.6