Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-11-01	CVE-2018-14660	Resource Exhaustion vulnerability in multiple products A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. network low complexity gluster redhat debian CWE-400	6.5
2018-10-31	CVE-2018-14661	Improper Input Validation vulnerability in multiple products It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. network low complexity gluster debian redhat CWE-20	6.5
2018-10-31	CVE-2018-14659	Resource Exhaustion vulnerability in multiple products The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. network low complexity redhat debian CWE-400	6.5
2018-10-31	CVE-2018-14654	Path Traversal vulnerability in multiple products The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. network low complexity redhat debian CWE-22	6.5
2018-10-09	CVE-2018-17958	Integer Overflow or Wraparound vulnerability in multiple products Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used. network low complexity qemu canonical debian redhat CWE-190	5.0
2018-09-11	CVE-2018-1114	Resource Exhaustion vulnerability in Redhat Undertow, Virtualization and Virtualization Host It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. network low complexity redhat CWE-400	4.0
2018-09-04	CVE-2018-10930	Improper Input Validation vulnerability in multiple products A flaw was found in RPC request using gfs3_rename_req in glusterfs server. network low complexity gluster redhat debian opensuse CWE-20	4.0
2018-08-22	CVE-2018-10858	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. network low complexity debian canonical samba redhat CWE-119	6.5
2018-08-17	CVE-2018-10873	Improper Input Validation vulnerability in multiple products A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. network low complexity spice-project debian canonical redhat CWE-20	6.5
2018-08-09	CVE-2018-10915	SQL Injection vulnerability in multiple products A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. network redhat canonical debian postgresql CWE-89	6.0