Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-03-27	CVE-2018-0202	Out-of-bounds Read vulnerability in multiple products clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. local low complexity clamav canonical debian CWE-125	5.5
2018-03-26	CVE-2018-1301	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. network high complexity apache debian canonical netapp redhat CWE-119	5.9
2018-03-26	CVE-2018-1283	In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. network high complexity apache debian canonical netapp redhat	5.3
2018-03-25	CVE-2018-9018	Divide By Zero vulnerability in multiple products In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. network low complexity graphicsmagick debian CWE-369	6.5
2018-03-25	CVE-2018-8976	Out-of-bounds Read vulnerability in multiple products In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file. network low complexity exiv2 debian redhat CWE-125	6.5
2018-03-21	CVE-2017-0917	Improper Input Validation vulnerability in multiple products Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting. network low complexity gitlab debian CWE-20	6.1
2018-03-21	CVE-2017-18241	NULL Pointer Dereference vulnerability in multiple products fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure. local low complexity linux debian canonical CWE-476	5.5
2018-03-18	CVE-2018-8754	Out-of-bounds Read vulnerability in multiple products The libevt_record_values_read_event() function in libevt_record_values.c in libevt before 2018-03-17 does not properly check for out-of-bounds values of user SID data size, strings size, or data size. local low complexity libevt-project debian CWE-125	5.5
2018-03-16	CVE-2018-1068	Out-of-bounds Write vulnerability in multiple products A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. local low complexity linux canonical debian redhat CWE-787	6.7
2018-03-15	CVE-2017-18238	Infinite Loop vulnerability in multiple products An issue was discovered in Exempi before 2.4.4. local low complexity exempi-project debian CWE-835	5.5