High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-04-17	CVE-2018-6798	Out-of-bounds Read vulnerability in multiple products An issue was discovered in Perl 5.22 through 5.26. network low complexity debian perl canonical redhat CWE-125	7.5
2018-04-16	CVE-2018-10120	Improper Validation of Array Index vulnerability in multiple products The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecified other impact via a crafted document that contains a certain Microsoft Word record. local low complexity debian libreoffice redhat canonical CWE-129	7.8
2018-04-16	CVE-2018-10119	Use After Free vulnerability in multiple products sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format. local low complexity libreoffice debian redhat canonical CWE-416	7.8
2018-04-13	CVE-2017-0367	Exposure of Resource to Wrong Sphere vulnerability in multiple products Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure. network low complexity mediawiki debian CWE-668	8.8
2018-04-13	CVE-2017-0362	Cross-Site Request Forgery (CSRF) vulnerability in multiple products Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token. network low complexity mediawiki debian CWE-352	8.8
2018-04-13	CVE-2017-0361	Information Exposure vulnerability in multiple products Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext. local low complexity mediawiki debian CWE-200	7.8
2018-04-13	CVE-2017-0358	Improper Privilege Management vulnerability in multiple products Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. local low complexity tuxera debian CWE-269	7.8
2018-04-12	CVE-2018-1084	corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c. network low complexity corosync debian redhat canonical	7.5
2018-04-12	CVE-2018-1086	Information Exposure vulnerability in multiple products pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. network low complexity clusterlabs debian redhat CWE-200	7.5
2018-04-10	CVE-2018-3839	Out-of-bounds Write vulnerability in multiple products An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. network low complexity libsdl debian starwindsoftware CWE-787	8.8