Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-10-08	CVE-2018-1000808	Improper Resource Shutdown or Release vulnerability in multiple products Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. network high complexity pyopenssl-project canonical redhat CWE-404	5.9
2018-10-04	CVE-2018-11784	Open Redirect vulnerability in multiple products When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. network low complexity apache debian canonical netapp redhat oracle CWE-601	4.3
2018-10-03	CVE-2018-17972	Race Condition vulnerability in multiple products An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. local low complexity linux canonical redhat debian CWE-362	5.5
2018-09-28	CVE-2018-17581	Resource Exhaustion vulnerability in multiple products CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service. network low complexity exiv2 debian canonical redhat CWE-400	6.5
2018-09-27	CVE-2018-14650	It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. local low complexity sos-collector-project redhat	5.0
2018-09-25	CVE-2018-11763	In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. network high complexity apache canonical redhat oracle netapp	5.9
2018-09-25	CVE-2018-6052	Information Exposure vulnerability in multiple products Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data. network low complexity google redhat debian CWE-200	4.3
2018-09-25	CVE-2018-6051	Cross-site Scripting vulnerability in multiple products XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page. network low complexity google debian redhat CWE-79	4.3
2018-09-25	CVE-2018-6050	Improper Input Validation vulnerability in multiple products Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. network low complexity google debian redhat CWE-20	6.5
2018-09-25	CVE-2018-6049	Incorrect security UI in permissions prompt in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the origin to which permission is granted via a crafted HTML page. network low complexity google debian redhat	6.5