Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-04-03	CVE-2017-17742	HTTP Response Splitting vulnerability in multiple products Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. network low complexity ruby-lang debian CWE-113	5.3
2018-04-03	CVE-2018-4117	Information Exposure vulnerability in multiple products An issue was discovered in certain Apple products. network low complexity apple webkitgtk canonical redhat debian CWE-200	6.5
2018-03-30	CVE-2018-9132	NULL Pointer Dereference vulnerability in multiple products libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file. network low complexity libming debian CWE-476	6.5
2018-03-27	CVE-2018-0739	Uncontrolled Recursion vulnerability in multiple products Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. network low complexity openssl debian canonical CWE-674	6.5
2018-03-27	CVE-2018-8048	Cross-site Scripting vulnerability in multiple products In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment. network low complexity debian loofah-project CWE-79	6.1
2018-03-27	CVE-2018-8763	Cross-site Scripting vulnerability in multiple products Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS via the dn parameter to the templates/3rdParty/pla/htdocs/cmd.php URI or the template parameter to the templates/3rdParty/pla/htdocs/cmd.php?cmd=rename_form URI. network low complexity debian ldap-account-manager CWE-79	6.1
2018-03-27	CVE-2018-0202	Out-of-bounds Read vulnerability in multiple products clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. local low complexity clamav canonical debian CWE-125	5.5
2018-03-26	CVE-2018-1301	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. network high complexity apache debian canonical netapp redhat CWE-119	5.9
2018-03-26	CVE-2018-1283	In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. network high complexity apache debian canonical netapp redhat	5.3
2018-03-25	CVE-2018-9018	Divide By Zero vulnerability in multiple products In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. network low complexity graphicsmagick debian CWE-369	6.5