High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-09-25	CVE-2018-14647	Missing Initialization of Resource vulnerability in multiple products Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. network low complexity python canonical debian fedoraproject opensuse redhat CWE-909	7.5
2018-09-25	CVE-2018-14633	Stack-based Buffer Overflow vulnerability in multiple products A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. network high complexity linux debian canonical redhat CWE-121	7.0
2018-09-21	CVE-2018-14645	Out-of-bounds Read vulnerability in multiple products A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. network low complexity haproxy canonical redhat CWE-125	7.5
2018-09-19	CVE-2018-17183	Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code. local low complexity debian canonical artifex redhat	7.8
2018-09-17	CVE-2018-11781	Code Injection vulnerability in multiple products Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax. local low complexity apache redhat debian canonical CWE-94	7.8
2018-09-11	CVE-2016-7066	Permission Issues vulnerability in Redhat Jboss Enterprise Application Platform It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations. local low complexity redhat CWE-275	7.8
2018-09-10	CVE-2018-14620	Improper Input Validation vulnerability in Redhat Openstack 12/13 The OpenStack RabbitMQ container image insecurely retrieves the rabbitmq_clusterer component over HTTP during the build stage. network low complexity redhat CWE-20	7.5
2018-09-10	CVE-2018-16802	An issue was discovered in Artifex Ghostscript before 9.25. local low complexity artifex debian canonical redhat	7.8
2018-09-10	CVE-2016-7035	Improper Authorization vulnerability in multiple products An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. local low complexity clusterlabs redhat CWE-285	7.8
2018-09-10	CVE-2016-7071	Improper Authorization vulnerability in Redhat Cloudforms and Cloudforms Management Engine It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. network low complexity redhat CWE-285	8.8