High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-04-16	CVE-2018-10119	Use After Free vulnerability in multiple products sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format. local low complexity libreoffice debian redhat canonical CWE-416	7.8
2018-04-12	CVE-2018-1084	Integer Overflow or Wraparound vulnerability in multiple products corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c. network low complexity corosync debian redhat canonical CWE-190	7.5
2018-04-11	CVE-2018-1100	Classic Buffer Overflow vulnerability in multiple products zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. local low complexity zsh canonical redhat CWE-120	7.8
2018-04-03	CVE-2018-9240	NULL Pointer Dereference vulnerability in multiple products ncmpc through 0.29 is prone to a NULL pointer dereference flaw. network low complexity ncmpc-project debian canonical CWE-476	7.5
2018-04-03	CVE-2018-8780	Path Traversal vulnerability in Ruby-Lang Ruby In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. network low complexity ruby-lang canonical debian CWE-22	7.5
2018-03-28	CVE-2018-1083	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. local low complexity zsh canonical debian redhat CWE-119	7.8
2018-03-26	CVE-2018-1303	Out-of-bounds Read vulnerability in multiple products A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. network low complexity apache debian canonical netapp CWE-125	7.5
2018-03-26	CVE-2017-15715	Improper Input Validation vulnerability in multiple products In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. network high complexity apache debian canonical netapp redhat CWE-20	8.1
2018-03-26	CVE-2017-15710	Out-of-bounds Write vulnerability in multiple products In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. network low complexity apache debian canonical netapp redhat CWE-787	7.5
2018-03-22	CVE-2018-8905	Out-of-bounds Write vulnerability in multiple products In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps. network low complexity libtiff debian canonical redhat CWE-787	8.8