Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-11 | CVE-2018-1127 | Session Fixation vulnerability in Redhat Gluster Storage Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. | 8.1 |
| 2018-09-11 | CVE-2018-10893 | Unspecified vulnerability in Spice Project Spice Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. | 8.8 |
| 2018-09-11 | CVE-2018-10853 | Improper Privilege Management vulnerability in multiple products A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. | 7.8 |
| 2018-09-11 | CVE-2016-7066 | Permission Issues vulnerability in Redhat Jboss Enterprise Application Platform It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations. | 7.8 |
| 2018-09-11 | CVE-2016-7070 | Permissions, Privileges, and Access Controls vulnerability in Redhat Ansible Tower A privilege escalation flaw was found in the Ansible Tower. | 8.0 |
| 2018-09-11 | CVE-2016-7069 | Improper Input Validation vulnerability in Powerdns Dnsdist 1.2.0 An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT records are handled when parsing responses from a backend. | 7.5 |
| 2018-09-11 | CVE-2016-7068 | Resource Exhaustion vulnerability in multiple products An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial of service if the system becomes overloaded. | 7.5 |
| 2018-09-11 | CVE-2016-0750 | Deserialization of Untrusted Data vulnerability in Infinispan The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. | 8.8 |
| 2018-09-11 | CVE-2018-1571 | Unspecified vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. | 8.8 |
| 2018-09-11 | CVE-2018-16807 | Missing Release of Resource after Effective Lifetime vulnerability in BRO In Bro through 2.5.5, there is a memory leak potentially leading to DoS in scripts/base/protocols/krb/main.bro in the Kerberos protocol parser. | 7.5 |