Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2018-06-11	CVE-2017-7826	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. network low complexity debian redhat canonical mozilla CWE-119 critical	10.0
2018-03-26	CVE-2018-1312	Improper Authentication vulnerability in multiple products In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. network low complexity apache canonical debian netapp redhat CWE-287 critical	9.8
2018-03-23	CVE-2018-1000140	Out-of-bounds Write vulnerability in multiple products rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. network low complexity rsyslog debian canonical redhat CWE-787 critical	9.8
2018-03-20	CVE-2018-8088	org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. network low complexity qos redhat oracle critical	9.8
2018-01-03	CVE-2017-18017	Use After Free vulnerability in multiple products The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. network low complexity linux debian arista f5 suse opensuse openstack canonical redhat CWE-416 critical	9.8
2017-12-15	CVE-2017-17405	OS Command Injection vulnerability in multiple products Ruby before 2.4.3 allows Net::FTP command injection. network ruby-lang debian redhat CWE-78 critical	9.3
2017-10-19	CVE-2017-10285	Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). network low complexity oracle debian redhat netapp critical	9.6
2017-10-05	CVE-2017-1000116	OS Command Injection vulnerability in multiple products Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks. network low complexity mercurial debian redhat CWE-78 critical	10.0
2017-08-10	CVE-2016-5018	In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. network low complexity apache netapp canonical debian redhat oracle critical	9.1
2017-08-08	CVE-2017-10087	Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). network low complexity oracle debian redhat netapp critical	9.6