Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-08-28	CVE-2017-15417	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Inappropriate implementation in Skia canvas composite operations in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak cross-origin data via a crafted HTML page. network high complexity google redhat debian CWE-119	5.3
2018-08-28	CVE-2017-15416	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka a Blink out-of-bounds read. network low complexity redhat debian google CWE-119	6.5
2018-08-28	CVE-2017-15415	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the value of a pointer via a crafted HTML page. network low complexity debian redhat google CWE-119	6.5
2018-08-22	CVE-2017-2635	NULL Pointer Dereference vulnerability in Redhat Libvirt 2.5.0/3.0.0 A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives. network low complexity redhat CWE-476	6.5
2018-08-22	CVE-2017-7528	CRLF Injection vulnerability in Redhat Ansible Tower and Cloudforms Management Engine Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection. low complexity redhat CWE-93	6.5
2018-08-22	CVE-2017-7513	Improper Certificate Validation vulnerability in Redhat Satellite It was found that Satellite 5 configured with SSL/TLS for the PostgreSQL backend failed to correctly validate X.509 server certificate host name fields. network low complexity redhat CWE-295	5.4
2018-08-22	CVE-2018-10846	Covert Timing Channel vulnerability in multiple products A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. local high complexity gnu redhat canonical fedoraproject debian CWE-385	5.6
2018-08-22	CVE-2018-10845	Covert Timing Channel vulnerability in multiple products It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. network high complexity gnu redhat canonical fedoraproject debian CWE-385	5.9
2018-08-22	CVE-2018-10844	It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. network high complexity gnu redhat canonical fedoraproject debian	5.9
2018-08-20	CVE-2018-1656	Path Traversal vulnerability in multiple products The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. network low complexity ibm redhat oracle CWE-22	6.5