Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-04-03	CVE-2018-8777	Resource Exhaustion vulnerability in multiple products In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption). network low complexity ruby-lang debian canonical redhat CWE-400	5.0
2018-04-03	CVE-2018-6914	Path Traversal vulnerability in multiple products Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. network low complexity ruby-lang canonical debian redhat CWE-22	5.0
2018-04-03	CVE-2017-17742	HTTP Response Splitting vulnerability in multiple products Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. network low complexity ruby-lang debian CWE-113	5.3
2018-04-03	CVE-2018-0492	Race Condition vulnerability in multiple products Johnathan Nightingale beep through 1.3.4, if setuid, has a race condition that allows local privilege escalation. local beep-project debian CWE-362	4.4
2018-04-03	CVE-2018-4117	Information Exposure vulnerability in Apple products An issue was discovered in certain Apple products. network apple microsoft webkitgtk canonical debian redhat CWE-200	4.3
2018-04-03	CVE-2017-7000	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in certain Apple products. network apple chromium debian redhat CWE-119	6.8
2018-03-30	CVE-2018-7566	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user. local low complexity linux suse canonical debian redhat oracle CWE-119	4.6
2018-03-30	CVE-2018-9132	NULL Pointer Dereference vulnerability in multiple products libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file. network low complexity libming debian CWE-476	6.5
2018-03-27	CVE-2018-0739	Uncontrolled Recursion vulnerability in multiple products Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. network low complexity openssl debian canonical CWE-674	6.5
2018-03-27	CVE-2018-8048	Cross-site Scripting vulnerability in multiple products In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment. network debian loofah-project CWE-79	4.3