Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-07-28	CVE-2018-0497	ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuite) via a timing-based side-channel attack. network arm debian	4.3
2018-07-27	CVE-2017-2618	Off-by-one Error vulnerability in multiple products A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. local low complexity linux redhat debian CWE-193	5.5
2018-07-27	CVE-2017-2616	Race Condition vulnerability in multiple products A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. local util-linux-project debian redhat CWE-362	4.7
2018-07-27	CVE-2018-10882	Out-of-bounds Write vulnerability in multiple products A flaw was found in the Linux kernel's ext4 filesystem. local low complexity linux debian canonical redhat CWE-787	5.5
2018-07-27	CVE-2018-1056	Out-of-bounds Read vulnerability in multiple products An out-of-bounds heap buffer read flaw was found in the way advancecomp before 2.1-2018/02 handled processing of ZIP files. network advancemame canonical debian CWE-125	6.8
2018-07-27	CVE-2017-2670	Infinite Loop vulnerability in multiple products It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS. network low complexity redhat debian CWE-835	5.0
2018-07-27	CVE-2017-15120	NULL Pointer Dereference vulnerability in multiple products An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN. network low complexity powerdns debian CWE-476	5.0
2018-07-27	CVE-2017-2666	HTTP Request Smuggling vulnerability in multiple products It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. network low complexity redhat debian CWE-444	6.4
2018-07-27	CVE-2017-12151	Cryptographic Issues vulnerability in multiple products A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. network samba debian redhat hp CWE-310	5.8
2018-07-26	CVE-2015-9261	NULL Pointer Dereference vulnerability in multiple products huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file. local low complexity busybox debian canonical CWE-476	5.5