High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-10-17	CVE-2018-18445	Out-of-bounds Read vulnerability in multiple products In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles 32-bit right shifts. local low complexity linux canonical redhat CWE-125	7.8
2018-10-17	CVE-2018-3169	Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). network high complexity oracle redhat debian canonical hp	8.3
2018-10-17	CVE-2018-3149	Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). network high complexity oracle redhat debian canonical hp	8.3
2018-10-15	CVE-2018-17961	Information Exposure Through an Error Message vulnerability in multiple products Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. local low complexity artifex debian canonical redhat CWE-209	8.6
2018-10-09	CVE-2018-17962	Integer Overflow or Wraparound vulnerability in multiple products Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used. network low complexity qemu suse debian canonical redhat oracle CWE-190	7.5
2018-10-09	CVE-2018-17958	Integer Overflow or Wraparound vulnerability in multiple products Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used. network low complexity qemu canonical debian redhat CWE-190	7.5
2018-10-09	CVE-2018-18074	Insufficiently Protected Credentials vulnerability in multiple products The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. network low complexity python canonical opensuse redhat CWE-522	7.5
2018-10-08	CVE-2018-1000807	Use After Free vulnerability in multiple products Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. network high complexity pyopenssl canonical redhat CWE-416	8.1
2018-10-08	CVE-2018-1000805	Incorrect Authorization vulnerability in multiple products Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. network low complexity paramiko redhat debian canonical CWE-863	8.8
2018-09-28	CVE-2018-14648	Resource Exhaustion vulnerability in multiple products A flaw was found in 389 Directory Server. network low complexity fedoraproject redhat debian CWE-400	7.5