High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-01-25	CVE-2017-15365	sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking. network low complexity fedoraproject mariadb percona	8.8
2018-01-22	CVE-2018-6003	Uncontrolled Recursion vulnerability in multiple products An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. network low complexity gnu fedoraproject debian CWE-674	7.5
2018-01-12	CVE-2018-5345	Out-of-bounds Write vulnerability in multiple products A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file. local low complexity fedoraproject gnome canonical debian redhat CWE-787	7.8
2017-12-29	CVE-2015-8008	Improper Access Control vulnerability in multiple products The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token. network low complexity mediawiki fedoraproject CWE-284	7.5
2017-12-29	CVE-2014-8119	Improper Input Validation vulnerability in multiple products The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions. network low complexity redhat fedoraproject netcf-project CWE-20	7.5
2017-12-05	CVE-2016-1254	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor. network low complexity torproject opensuse-project debian fedoraproject opensuse CWE-119	7.5
2017-10-03	CVE-2017-13704	Improper Input Validation vulnerability in multiple products In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. network low complexity redhat debian novell canonical fedoraproject thekelleys CWE-20	7.5
2017-09-25	CVE-2015-5704	Command Injection vulnerability in multiple products scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands. local low complexity devscripts-devel-team fedoraproject CWE-77	7.8
2017-09-20	CVE-2015-5607	Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery in the REST API in IPython 2 and 3. network low complexity ipython fedoraproject CWE-352	8.8
2017-09-19	CVE-2015-1854	Improper Access Control vulnerability in multiple products 389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call. network low complexity fedoraproject debian CWE-284	7.5