Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-01-18	CVE-2018-2588	Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: LDAP). network low complexity oracle redhat debian canonical schneider-electric hp	4.3
2018-01-18	CVE-2018-2582	Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). network low complexity oracle redhat debian canonical schneider-electric hp	6.5
2018-01-17	CVE-2018-5747	Use After Free vulnerability in multiple products In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ucompthread function (stream.c). local low complexity long-range-zip-project debian CWE-416	5.5
2018-01-16	CVE-2018-5712	Cross-site Scripting vulnerability in multiple products An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. network low complexity php debian canonical CWE-79	6.1
2018-01-16	CVE-2018-5711	Infinite Loop vulnerability in multiple products gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. local low complexity php debian canonical CWE-835	5.5
2018-01-14	CVE-2018-5686	Infinite Loop vulnerability in multiple products In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. local low complexity artifex debian CWE-835	5.5
2018-01-14	CVE-2018-5685	Infinite Loop vulnerability in multiple products In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c). network low complexity graphicsmagick debian CWE-835	6.5
2018-01-13	CVE-2018-0486	Improper Verification of Cryptographic Signature vulnerability in multiple products Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD. network low complexity shibboleth debian CWE-347	6.5
2018-01-11	CVE-2018-5335	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. network low complexity wireshark debian CWE-119	6.5
2018-01-11	CVE-2018-5334	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. network low complexity wireshark debian CWE-119	6.5