High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-01-31	CVE-2018-1000001	Out-of-bounds Write vulnerability in multiple products In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. local low complexity gnu canonical redhat CWE-787	7.2
2018-01-18	CVE-2018-2637	Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). network high complexity oracle redhat debian canonical schneider-electric hp	7.4
2018-01-18	CVE-2018-2633	Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). network high complexity oracle redhat debian canonical schneider-electric hp	8.3
2017-11-13	CVE-2016-8610	Resource Exhaustion vulnerability in multiple products A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. network low complexity openssl debian redhat netapp paloaltonetworks oracle fujitsu CWE-400	7.5
2017-11-06	CVE-2015-7529	Link Following vulnerability in multiple products sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date. local low complexity sos-project canonical redhat CWE-59	7.8
2017-10-18	CVE-2015-5740	HTTP Request Smuggling vulnerability in multiple products The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers. network low complexity golang fedoraproject redhat CWE-444	7.5
2017-10-18	CVE-2015-5739	HTTP Request Smuggling vulnerability in multiple products The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length." network low complexity golang fedoraproject redhat CWE-444	7.5
2017-10-11	CVE-2017-0903	Deserialization of Untrusted Data vulnerability in multiple products RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. network low complexity rubygems debian canonical redhat CWE-502	7.5
2017-10-05	CVE-2017-1000111	Out-of-bounds Write vulnerability in multiple products Linux kernel: heap out-of-bounds in AF_PACKET sockets. local low complexity linux redhat debian CWE-787	7.8
2017-09-12	CVE-2017-1000251	Out-of-bounds Write vulnerability in multiple products The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space. low complexity linux debian nvidia redhat CWE-787	8.0