High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-08-22	CVE-2017-2627	Path Traversal vulnerability in multiple products A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. local low complexity redhat openstack CWE-22	8.2
2018-08-22	CVE-2018-1139	Insufficiently Protected Credentials vulnerability in multiple products A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. network high complexity samba redhat canonical CWE-522	8.1
2018-08-22	CVE-2018-10884	Cross-Site Request Forgery (CSRF) vulnerability in Redhat Ansible Tower Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py. network low complexity redhat CWE-352	8.8
2018-08-21	CVE-2018-10902	It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. local low complexity debian canonical linux redhat	7.8
2018-08-21	CVE-2018-12115	Out-of-bounds Write vulnerability in multiple products In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. network low complexity nodejs redhat CWE-787	7.5
2018-08-20	CVE-2018-1517	Improper Input Validation vulnerability in multiple products A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. network low complexity ibm redhat CWE-20	7.5
2018-08-20	CVE-2018-1000632	XML Injection (aka Blind XPath Injection) vulnerability in multiple products dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. network low complexity dom4j-project debian oracle redhat netapp CWE-91	7.5
2018-08-17	CVE-2018-10873	Improper Input Validation vulnerability in multiple products A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. network low complexity spice-project debian canonical redhat CWE-20	8.8
2018-08-09	CVE-2018-10915	SQL Injection vulnerability in multiple products A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. network high complexity redhat canonical debian postgresql CWE-89	7.5
2018-08-06	CVE-2018-5390	Resource Exhaustion vulnerability in multiple products Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. network low complexity redhat linux canonical debian hp f5 a10networks cisco CWE-400	7.5