High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-01-24	CVE-2017-18075	Release of Invalid Pointer or Reference vulnerability in multiple products crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of system calls. local low complexity linux canonical CWE-763	7.8
2018-01-21	CVE-2016-10708	NULL Pointer Dereference vulnerability in multiple products sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. network low complexity openbsd debian canonical netapp CWE-476	7.5
2018-01-18	CVE-2018-2637	Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). network high complexity oracle redhat debian canonical schneider-electric hp	7.4
2018-01-18	CVE-2018-2633	Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). network high complexity oracle redhat debian canonical schneider-electric hp	8.3
2018-01-18	CVE-2018-2562	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). network low complexity oracle mariadb debian canonical netapp redhat	7.1
2018-01-17	CVE-2018-5764	The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism. network low complexity samba debian canonical	7.5
2018-01-12	CVE-2018-5344	Use After Free vulnerability in multiple products In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact. local low complexity linux canonical redhat CWE-416	7.8
2018-01-12	CVE-2018-5345	Out-of-bounds Write vulnerability in multiple products A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file. local low complexity fedoraproject gnome canonical debian redhat CWE-787	7.8
2018-01-11	CVE-2018-5332	Out-of-bounds Write vulnerability in multiple products In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c). local low complexity linux debian canonical CWE-787	7.8
2018-01-06	CVE-2018-5205	Use of Externally-Controlled Format String vulnerability in multiple products When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string. network low complexity irssi debian canonical CWE-134	7.5