| 2018-08-22 | CVE-2018-5238 | Uncontrolled Search Path Element vulnerability in Symantec Norton Power Eraser and Symdiag
Norton Power Eraser (prior to 5.3.0.24) and SymDiag (prior to 2.1.242) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. | 7.8 |
| 2018-08-22 | CVE-2018-10858 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. | 8.8 |
| 2018-08-22 | CVE-2017-2627 | Path Traversal vulnerability in multiple products
A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. | 8.2 |
| 2018-08-22 | CVE-2018-1139 | Insufficiently Protected Credentials vulnerability in multiple products
A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. | 8.1 |
| 2018-08-22 | CVE-2018-10884 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Ansible Tower
Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py. | 8.8 |
| 2018-08-22 | CVE-2018-11776 | Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace. | 8.1 |
| 2018-08-21 | CVE-2018-15667 | Improper Authentication vulnerability in Airmailapp Airmail 3.3.5.9
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. | 7.5 |
| 2018-08-21 | CVE-2018-10902 | It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. | 7.8 |
| 2018-08-21 | CVE-2018-15661 | Information Exposure vulnerability in Olacabs OLA Money 1.9.0
An issue was discovered in the Ola Money (aka com.olacabs.olamoney) application 1.9.0 for Android. | 7.5 |
| 2018-08-21 | CVE-2018-6557 | Link Following vulnerability in multiple products
The MOTD update script in the base-files package in Ubuntu 18.04 LTS before 10.1ubuntu2.2, and Ubuntu 18.10 before 10.1ubuntu6 incorrectly handled temporary files. | 7.0 |