High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-01-12	CVE-2018-5345	Out-of-bounds Write vulnerability in multiple products A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file. local low complexity fedoraproject gnome canonical debian redhat CWE-787	7.8
2018-01-11	CVE-2018-5336	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. network low complexity wireshark debian CWE-119	7.5
2018-01-11	CVE-2018-5332	Out-of-bounds Write vulnerability in multiple products In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c). local low complexity linux debian canonical CWE-787	7.8
2018-01-10	CVE-2017-18026	Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary commands (through the Mercurial adapter) via vectors involving a branch whose name begins with a --config= or --debugger= substring, a related issue to CVE-2017-17536. network low complexity redmine debian	8.8
2018-01-08	CVE-2015-2318	Improper Certificate Validation vulnerability in multiple products The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue. network high complexity mono-project debian CWE-295	8.1
2018-01-06	CVE-2018-5207	Use of Externally-Controlled Format String vulnerability in multiple products When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string. network low complexity irssi debian CWE-134	7.5
2018-01-06	CVE-2018-5205	Use of Externally-Controlled Format String vulnerability in multiple products When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string. network low complexity irssi debian canonical CWE-134	7.5
2018-01-05	CVE-2018-5248	Out-of-bounds Read vulnerability in multiple products In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function. network low complexity imagemagick debian canonical CWE-125	8.8
2018-01-02	CVE-2017-1000433	Improper Authentication vulnerability in multiple products pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. network high complexity pysaml2-project debian CWE-287	8.1
2018-01-02	CVE-2017-1000422	Integer Overflow or Wraparound vulnerability in multiple products Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution network low complexity gnome debian canonical CWE-190	8.8