10.13

DATE	CVE	VULNERABILITY TITLE	RISK
2017-07-13	CVE-2017-9788	Improper Input Validation vulnerability in multiple products In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. network low complexity apache debian apple netapp redhat oracle CWE-20 critical	9.1
2017-07-13	CVE-2017-11103	Insufficient Verification of Data Authenticity vulnerability in multiple products Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. network high complexity heimdal-project freebsd samba apple debian CWE-345	8.1
2017-06-20	CVE-2017-7668	Out-of-bounds Read vulnerability in multiple products The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. network low complexity apache netapp redhat debian oracle apple CWE-125	7.5
2017-06-20	CVE-2017-3167	Improper Authentication vulnerability in multiple products In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. network low complexity apache netapp redhat apple debian oracle CWE-287 critical	9.8
2017-05-23	CVE-2016-9843	The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. network low complexity zlib opensuse debian canonical oracle redhat apple netapp mariadb nodejs critical	9.8
2017-05-23	CVE-2016-9842	The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. network low complexity zlib opensuse debian canonical oracle redhat apple nodejs	8.8
2017-05-23	CVE-2016-9841	inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. network low complexity zlib opensuse debian canonical oracle redhat apple netapp nodejs critical	9.8
2017-05-23	CVE-2016-9840	inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. network low complexity zlib opensuse debian canonical oracle redhat apple nodejs	8.8
2016-09-25	CVE-2016-4778	Permissions, Privileges, and Access Controls vulnerability in Apple products The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. local low complexity apple CWE-264	7.8
2016-09-25	CVE-2016-4773	Out-of-bounds Read vulnerability in Apple products The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4774 and CVE-2016-4776. local low complexity apple CWE-125	7.1