High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-08-27	CVE-2018-15910	Incorrect Type Conversion or Cast vulnerability in multiple products In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code. local low complexity debian canonical artifex redhat pulsesecure CWE-704	7.8
2018-08-27	CVE-2018-15909	Incorrect Type Conversion or Cast vulnerability in multiple products In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code. local low complexity debian canonical artifex redhat pulsesecure CWE-704	7.8
2018-08-27	CVE-2018-15908	In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files. local low complexity artifex debian canonical redhat	7.8
2018-08-27	CVE-2017-15139	Information Exposure vulnerability in multiple products A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. network low complexity openstack redhat CWE-200	7.5
2018-08-22	CVE-2017-2627	Path Traversal vulnerability in multiple products A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. local low complexity redhat openstack CWE-22	7.2
2018-08-21	CVE-2018-10902	Use After Free vulnerability in multiple products It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. local low complexity debian canonical linux redhat CWE-416	7.8
2018-08-20	CVE-2018-1000632	XML Injection (aka Blind XPath Injection) vulnerability in multiple products dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. network low complexity dom4j-project debian oracle redhat netapp CWE-91	7.5
2018-08-09	CVE-2018-10908	Allocation of Resources Without Limits or Throttling vulnerability in multiple products It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. network ovirt redhat CWE-770	7.1
2018-08-06	CVE-2018-5390	Resource Exhaustion vulnerability in multiple products Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. network low complexity redhat linux canonical debian hp hpe f5 a10networks cisco CWE-400	7.5
2018-08-02	CVE-2018-1336	Infinite Loop vulnerability in multiple products An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. network low complexity apache redhat debian canonical CWE-835	7.5