High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-03-12	CVE-2014-8129	Out-of-bounds Write vulnerability in multiple products LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c. network low complexity libtiff debian redhat apple CWE-787	8.8
2018-03-01	CVE-2018-7550	Out-of-bounds Write vulnerability in multiple products The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access. local low complexity qemu debian canonical redhat CWE-787	8.8
2018-02-19	CVE-2018-7225	Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in LibVNCServer through 0.9.11. network low complexity libvncserver-project debian canonical redhat CWE-190	7.5
2018-02-19	CVE-2018-5379	Double Free vulnerability in multiple products The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. network low complexity quagga debian canonical redhat siemens CWE-415	7.5
2018-02-07	CVE-2018-6574	Code Injection vulnerability in multiple products Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked. local low complexity golang debian redhat CWE-94	7.8
2018-01-31	CVE-2018-1000001	Out-of-bounds Write vulnerability in multiple products In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. local low complexity gnu canonical redhat CWE-787	7.2
2018-01-18	CVE-2018-2637	Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). network high complexity oracle redhat debian canonical schneider-electric hp	7.4
2018-01-18	CVE-2018-2633	Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). network high complexity oracle redhat debian canonical schneider-electric hp	8.3
2018-01-18	CVE-2018-2562	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). network low complexity oracle mariadb debian canonical netapp redhat	7.5
2017-11-13	CVE-2016-8610	Resource Exhaustion vulnerability in multiple products A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. network low complexity openssl debian redhat netapp paloaltonetworks oracle fujitsu CWE-400	7.5