High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-01-09	CVE-2017-15131	It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. local low complexity freedesktop redhat	7.8
2018-01-08	CVE-2013-4364	Link Following vulnerability in Redhat Openshift 1.0/2.0 (1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp. local low complexity redhat CWE-59	7.8
2017-12-29	CVE-2014-8119	Improper Input Validation vulnerability in multiple products The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions. network low complexity redhat fedoraproject netcf-project CWE-20	7.5
2017-12-29	CVE-2014-0120	Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f." network low complexity hawt redhat CWE-352	8.8
2017-12-18	CVE-2017-15104	An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. local low complexity heketi-project redhat	7.8
2017-12-18	CVE-2017-15103	A security-check flaw was found in the way the Heketi 5 server API handled user requests. network low complexity heketi-project redhat	8.8
2017-12-18	CVE-2017-16997	Untrusted Search Path vulnerability in multiple products elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. local low complexity gnu redhat CWE-426	7.8
2017-12-15	CVE-2017-17405	OS Command Injection vulnerability in multiple products Ruby before 2.4.3 allows Net::FTP command injection. network low complexity ruby-lang debian redhat CWE-78	8.8
2017-12-11	CVE-2017-1000407	Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic. low complexity redhat linux debian canonical CWE-754	7.4
2017-12-07	CVE-2017-1000410	Information Exposure vulnerability in multiple products The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. network low complexity linux debian redhat CWE-200	7.5