High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-01-20	CVE-2017-15108	OS Command Injection vulnerability in multiple products spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed. local low complexity spice-space debian CWE-78	7.8
2018-01-18	CVE-2018-2637	Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). network high complexity oracle redhat debian canonical schneider-electric hp	7.4
2018-01-18	CVE-2018-2633	Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). network high complexity oracle redhat debian canonical schneider-electric hp	8.3
2018-01-18	CVE-2018-2612	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). network low complexity oracle mariadb netapp canonical debian	7.5
2018-01-18	CVE-2018-2562	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). network low complexity oracle mariadb debian canonical netapp redhat	7.5
2018-01-17	CVE-2018-5764	The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism. network low complexity samba debian canonical	7.5
2018-01-12	CVE-2017-13194	Improper Input Validation vulnerability in multiple products A vulnerability in the Android media framework (libvpx) related to odd frame width. network low complexity google debian CWE-20	7.8
2018-01-11	CVE-2018-5336	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. network low complexity wireshark debian CWE-119	7.5
2018-01-11	CVE-2018-5332	Out-of-bounds Write vulnerability in multiple products In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c). local low complexity linux debian canonical CWE-787	7.8
2018-01-08	CVE-2015-2320	Improper Certificate Validation vulnerability in multiple products The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback. network low complexity mono-project debian CWE-295	7.5