Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-03-30	CVE-2018-9132	NULL Pointer Dereference vulnerability in multiple products libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file. network low complexity libming debian CWE-476	6.5
2018-03-27	CVE-2018-0739	Uncontrolled Recursion vulnerability in multiple products Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. network low complexity openssl debian canonical CWE-674	6.5
2018-03-27	CVE-2018-8048	Cross-site Scripting vulnerability in multiple products In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment. network low complexity debian loofah-project CWE-79	6.1
2018-03-27	CVE-2018-8763	Cross-site Scripting vulnerability in multiple products Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS via the dn parameter to the templates/3rdParty/pla/htdocs/cmd.php URI or the template parameter to the templates/3rdParty/pla/htdocs/cmd.php?cmd=rename_form URI. network low complexity debian ldap-account-manager CWE-79	6.1
2018-03-27	CVE-2018-0202	Out-of-bounds Read vulnerability in multiple products clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. local low complexity clamav canonical debian CWE-125	5.5
2018-03-26	CVE-2018-1301	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. network high complexity apache debian canonical netapp redhat CWE-119	5.9
2018-03-26	CVE-2018-1283	In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. network high complexity apache debian canonical netapp redhat	5.3
2018-03-25	CVE-2018-9018	Divide By Zero vulnerability in multiple products In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. network low complexity graphicsmagick debian CWE-369	6.5
2018-03-25	CVE-2018-8976	Out-of-bounds Read vulnerability in multiple products In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file. network low complexity exiv2 debian redhat CWE-125	6.5
2018-03-21	CVE-2017-0917	Improper Input Validation vulnerability in multiple products Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting. network low complexity gitlab debian CWE-20	6.1