Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-09-25	CVE-2018-6032	Improper Input Validation vulnerability in multiple products Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted HTML page. network low complexity google redhat debian CWE-20	6.5
2018-09-19	CVE-2018-17206	Out-of-bounds Read vulnerability in multiple products An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. network low complexity openvswitch redhat canonical debian CWE-125	4.9
2018-09-19	CVE-2018-17204	Reachable Assertion vulnerability in multiple products An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. network low complexity openvswitch redhat canonical debian CWE-617	4.3
2018-09-17	CVE-2017-15705	Improper Input Validation vulnerability in multiple products A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. network low complexity apache redhat debian canonical CWE-20	5.3
2018-09-16	CVE-2018-17082	Cross-site Scripting vulnerability in multiple products The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c. network low complexity php debian netapp CWE-79	6.1
2018-09-13	CVE-2018-17000	NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c (called from TIFFWriteDirectoryTagTransferfunction) in LibTIFF 4.0.9 allows an attacker to cause a denial-of-service through a crafted tiff file. network low complexity libtiff debian canonical CWE-476	6.5
2018-09-11	CVE-2016-7074	Improper Input Validation vulnerability in multiple products An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. network high complexity powerdns debian CWE-20	5.9
2018-09-11	CVE-2016-7073	Improper Input Validation vulnerability in multiple products An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. network high complexity powerdns debian CWE-20	5.9
2018-09-10	CVE-2016-7056	A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys. local low complexity openssl debian redhat canonical	5.5
2018-09-09	CVE-2018-16749	NULL Pointer Dereference vulnerability in multiple products In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file. network low complexity imagemagick canonical debian CWE-476	6.5