Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-02-23	CVE-2018-1305	Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. network low complexity apache debian canonical oracle	6.5
2018-02-23	CVE-2018-7443	Allocation of Resources Without Limits or Throttling vulnerability in multiple products The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c). network low complexity imagemagick debian canonical CWE-770	6.5
2018-02-19	CVE-2018-5380	Out-of-bounds Read vulnerability in multiple products The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input. network low complexity quagga debian canonical siemens CWE-125	4.3
2018-02-19	CVE-2018-5378	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. network high complexity quagga debian canonical CWE-119	5.9
2018-02-16	CVE-2018-1049	Race Condition vulnerability in multiple products In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. network high complexity systemd-project redhat canonical debian CWE-362	5.9
2018-02-13	CVE-2018-6942	NULL Pointer Dereference vulnerability in multiple products An issue was discovered in FreeType 2 through 2.9. network low complexity freetype canonical CWE-476	6.5
2018-02-09	CVE-2017-10689	Improper Privilege Management vulnerability in multiple products In previous versions of Puppet Agent it was possible to install a module with world writable permissions. local low complexity puppet canonical redhat CWE-269	5.5
2018-02-09	CVE-2018-6869	Allocation of Resources Without Limits or Throttling vulnerability in multiple products In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function of zzip/zip.c. network low complexity zziplib-project debian canonical CWE-770	6.5
2018-02-04	CVE-2018-6616	Resource Exhaustion vulnerability in multiple products In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. local low complexity uclouvain debian canonical oracle CWE-400	5.5
2018-02-02	CVE-2018-6541	In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_trailer (zzip/zip.c). network low complexity zziplib-project canonical	6.5