High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-03-28	CVE-2017-11509	SQL Injection vulnerability in multiple products An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement. network low complexity firebirdsql debian CWE-89	8.8
2018-03-28	CVE-2018-1083	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. local low complexity zsh canonical debian redhat CWE-119	7.8
2018-03-27	CVE-2018-8764	Cross-Site Request Forgery (CSRF) vulnerability in multiple products Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 places a CSRF token in the sec_token parameter of a URI, which makes it easier for remote attackers to defeat a CSRF protection mechanism by leveraging logging. network low complexity debian ldap-account-manager CWE-352	8.8
2018-03-26	CVE-2017-18249	Race Condition vulnerability in multiple products The add_free_nid function in fs/f2fs/node.c in the Linux kernel before 4.12 does not properly track an allocated nid, which allows local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads. local high complexity linux debian CWE-362	7.0
2018-03-26	CVE-2018-1303	Out-of-bounds Read vulnerability in multiple products A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. network low complexity apache debian canonical netapp CWE-125	7.5
2018-03-26	CVE-2017-15715	Improper Input Validation vulnerability in multiple products In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. network high complexity apache debian canonical netapp redhat CWE-20	8.1
2018-03-26	CVE-2017-15710	Out-of-bounds Write vulnerability in multiple products In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. network low complexity apache debian canonical netapp redhat CWE-787	7.5
2018-03-25	CVE-2018-9009	Use After Free vulnerability in multiple products In libming 0.4.8, there is a use-after-free in the decompileJUMP function of the decompile.c file. network low complexity libming debian CWE-416	8.8
2018-03-22	CVE-2018-8905	Out-of-bounds Write vulnerability in multiple products In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps. network low complexity libtiff debian canonical redhat CWE-787	8.8
2018-03-21	CVE-2018-3710	Path Traversal vulnerability in multiple products Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution. local low complexity gitlab debian CWE-22	7.8