Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-07-02	CVE-2018-12891	An issue was discovered in Xen through 4.10.x. local low complexity debian xen	6.5
2018-06-26	CVE-2018-1000528	Cross-site Scripting vulnerability in multiple products GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting (XSS) vulnerability in change password form (html/password.php, #308) that can result in injection of arbitrary web script or HTML. network low complexity debian gonicus CWE-79	6.1
2018-06-26	CVE-2018-1000204	Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. network high complexity linux debian canonical	5.3
2018-06-25	CVE-2018-11039	Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. network high complexity vmware oracle debian	5.9
2018-06-21	CVE-2018-3665	Information Exposure vulnerability in multiple products System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. local high complexity intel citrix freebsd redhat debian canonical CWE-200	5.6
2018-06-20	CVE-2018-1120	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A flaw was found affecting the Linux kernel before version 4.17. network high complexity linux redhat debian canonical CWE-119	5.3
2018-06-19	CVE-2018-12564	Improper Input Validation vulnerability in multiple products An issue was discovered in Linaro LAVA before 2018.5.post1. network low complexity linaro debian CWE-20	6.5
2018-06-18	CVE-2018-1152	Divide By Zero vulnerability in multiple products libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image. network low complexity libjpeg-turbo canonical debian CWE-369	6.5
2018-06-15	CVE-2018-12495	Out-of-bounds Read vulnerability in multiple products The quoteblock function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. local low complexity discount-project debian CWE-125	5.5
2018-06-15	CVE-2018-12458	Improper Input Validation vulnerability in multiple products An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in FFmpeg 2.8 and 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service. network low complexity ffmpeg debian CWE-20	6.5