High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-05-22	CVE-2018-11356	NULL Pointer Dereference vulnerability in multiple products In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. network low complexity wireshark debian CWE-476	7.5
2018-05-21	CVE-2018-8012	Missing Authorization vulnerability in multiple products No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. network low complexity apache debian oracle CWE-862	7.5
2018-05-20	CVE-2018-11319	Path Traversal vulnerability in multiple products Syntastic (aka vim-syntastic) through 3.9.0 does not properly handle searches for configuration files (it searches the current directory up to potentially the root). network high complexity syntastic-project debian CWE-22	7.5
2018-05-15	CVE-2018-1087	kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. local low complexity linux canonical debian redhat	7.8
2018-05-10	CVE-2018-10982	An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC mode, aka vHPET interrupt injection. local low complexity xen debian	8.8
2018-05-10	CVE-2017-18266	Injection vulnerability in multiple products The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable. network low complexity freedesktop debian canonical CWE-74	8.8
2018-05-09	CVE-2017-18265	Prosody before 0.10.0 allows remote attackers to cause a denial of service (application crash), related to an incompatibility with certain versions of the LuaSocket library, such as the lua-socket package from Debian stretch. network low complexity prosody debian	7.5
2018-05-09	CVE-2018-1089	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products 389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. network low complexity fedoraproject redhat debian CWE-119	7.5
2018-05-08	CVE-2018-8897	Race Condition vulnerability in multiple products A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. local low complexity debian canonical redhat citrix synology apple xen freebsd CWE-362	7.8
2018-05-08	CVE-2018-1000179	NULL Pointer Dereference vulnerability in multiple products A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle(const Login &msg) coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service. network low complexity quassel-irc debian CWE-476	7.5