High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-07-19	CVE-2017-7481	Improper Input Validation vulnerability in multiple products Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. network low complexity redhat canonical debian CWE-20	7.5
2018-07-19	CVE-2017-2673	Incorrect Authorization vulnerability in Redhat Openstack 10/9 An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). network low complexity redhat CWE-863	7.2
2018-07-17	CVE-2018-14362	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. network low complexity mutt neomutt canonical debian redhat CWE-119	7.5
2018-07-17	CVE-2018-14357	OS Command Injection vulnerability in multiple products An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. network low complexity mutt neomutt canonical debian redhat CWE-78	7.5
2018-07-17	CVE-2018-14354	OS Command Injection vulnerability in multiple products An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. network low complexity mutt neomutt canonical debian redhat CWE-78	7.5
2018-07-06	CVE-2018-13405	Improper Privilege Management vulnerability in multiple products The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. local low complexity linux debian canonical fedoraproject redhat f5 CWE-269	7.8
2018-07-02	CVE-2018-8039	Improper Handling of Exceptional Conditions vulnerability in multiple products It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");'. network high complexity apache redhat CWE-755	8.1
2018-07-02	CVE-2018-10874	Untrusted Search Path vulnerability in Redhat products In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result. local low complexity redhat CWE-426	7.8
2018-06-26	CVE-2018-1000544	Unrestricted Upload of File with Dangerous Type vulnerability in multiple products rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. network low complexity rubyzip-project debian redhat CWE-434	7.5
2018-06-22	CVE-2017-7466	Improper Input Validation vulnerability in Redhat Ansible Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. network redhat CWE-20	8.5