High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-03-01	CVE-2018-7550	Out-of-bounds Write vulnerability in multiple products The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access. local low complexity qemu debian canonical redhat CWE-787	8.8
2018-02-27	CVE-2018-7548	NULL Pointer Dereference vulnerability in multiple products In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result. network low complexity zsh canonical CWE-476	7.5
2018-02-27	CVE-2017-18206	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In utils.c in zsh before 5.4, symlink expansion had a buffer overflow. network low complexity zsh canonical CWE-119	7.5
2018-02-27	CVE-2016-10714	Numeric Errors vulnerability in multiple products In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters. network low complexity zsh canonical CWE-189	7.5
2018-02-27	CVE-2014-10071	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the ">& fd" syntax. network low complexity zsh canonical CWE-119	7.5
2018-02-25	CVE-2018-7480	Double Free vulnerability in multiple products The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure. local low complexity linux canonical debian CWE-415	7.8
2018-02-19	CVE-2018-7225	Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in LibVNCServer through 0.9.11. network low complexity libvncserver-project debian canonical redhat CWE-190	7.5
2018-02-19	CVE-2018-5379	Double Free vulnerability in multiple products The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. network low complexity quagga debian canonical redhat siemens CWE-415	7.5
2018-02-15	CVE-2018-7054	Use After Free vulnerability in multiple products An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. network low complexity irssi canonical debian CWE-416	7.5
2018-02-15	CVE-2018-7053	Use After Free vulnerability in multiple products An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. network low complexity irssi debian canonical CWE-416	7.5