Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-01-15	CVE-2018-14662	It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. low complexity redhat debian opensuse canonical	5.7
2019-01-15	CVE-2018-16846	It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices. network low complexity redhat debian opensuse canonical	6.5
2019-01-15	CVE-2019-3811	A vulnerability was found in sssd. low complexity fedoraproject debian opensuse redhat	5.2
2019-01-14	CVE-2018-16888	Improper Privilege Management vulnerability in multiple products It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. local high complexity systemd-project redhat canonical netapp CWE-269	4.7
2019-01-13	CVE-2018-16887	Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) flaw was found in the katello component of Satellite. network low complexity redhat theforeman CWE-79	5.4
2019-01-12	CVE-2018-20699	Resource Exhaustion vulnerability in multiple products Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go. network low complexity docker redhat CWE-400	4.9
2019-01-11	CVE-2019-6133	Race Condition vulnerability in multiple products In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. local high complexity polkit-project debian redhat canonical CWE-362	6.7
2019-01-10	CVE-2018-20685	Incorrect Authorization vulnerability in multiple products In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . network high complexity openbsd winscp netapp debian canonical redhat oracle fujitsu siemens CWE-863	5.3
2019-01-10	CVE-2017-1002152	Cross-site Scripting vulnerability in Redhat Bodhi Bodhi 2.9.0 and lower is vulnerable to cross-site scripting resulting in code injection caused by incorrect validation of bug titles. network low complexity redhat CWE-79	6.1
2019-01-09	CVE-2018-6179	Information Exposure vulnerability in multiple products Insufficient enforcement of file access permission in the activeTab case in Extensions in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension. network low complexity google debian redhat CWE-200	6.5