High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-08-27	CVE-2018-15909	Incorrect Type Conversion or Cast vulnerability in multiple products In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code. local low complexity debian canonical artifex redhat pulsesecure CWE-704	7.8
2018-08-27	CVE-2018-15908	In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files. local low complexity artifex debian canonical redhat	7.8
2018-08-27	CVE-2017-15139	Information Exposure vulnerability in multiple products A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. network low complexity openstack redhat CWE-200	7.5
2018-08-22	CVE-2018-10858	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. network low complexity debian canonical samba redhat CWE-119	8.8
2018-08-22	CVE-2017-2627	Path Traversal vulnerability in multiple products A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. local low complexity redhat openstack CWE-22	8.2
2018-08-22	CVE-2018-1139	Insufficiently Protected Credentials vulnerability in multiple products A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. network high complexity samba redhat canonical CWE-522	8.1
2018-08-22	CVE-2018-10884	Cross-Site Request Forgery (CSRF) vulnerability in Redhat Ansible Tower Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py. network low complexity redhat CWE-352	8.8
2018-08-21	CVE-2018-10902	It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. local low complexity debian canonical linux redhat	7.8
2018-08-21	CVE-2018-12115	Out-of-bounds Write vulnerability in multiple products In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. network low complexity nodejs redhat CWE-787	7.5
2018-08-20	CVE-2018-1517	Improper Input Validation vulnerability in multiple products A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. network low complexity ibm redhat CWE-20	7.5