High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-03-28	CVE-2018-1083	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. local low complexity zsh canonical debian redhat CWE-119	7.8
2018-03-26	CVE-2017-15715	Improper Input Validation vulnerability in multiple products In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. network high complexity apache debian canonical netapp redhat CWE-20	8.1
2018-03-26	CVE-2017-15710	Out-of-bounds Write vulnerability in multiple products In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. network low complexity apache debian canonical netapp redhat CWE-787	7.5
2018-03-22	CVE-2018-8905	Out-of-bounds Write vulnerability in multiple products In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps. network low complexity libtiff debian canonical redhat CWE-787	8.8
2018-03-19	CVE-2018-7262	NULL Pointer Dereference vulnerability in multiple products In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service. network low complexity redhat fedoraproject CWE-476	7.5
2018-03-14	CVE-2018-1077	XXE vulnerability in Redhat Satellite and Spacewalk Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server. network low complexity redhat CWE-611	7.5
2018-03-14	CVE-2018-1000121	NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service network low complexity debian canonical haxx redhat oracle CWE-476	7.5
2018-03-13	CVE-2018-1000127	Improper Locking vulnerability in multiple products memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. network low complexity memcached debian canonical redhat CWE-667	7.5
2018-03-12	CVE-2017-2667	Improper Certificate Validation vulnerability in multiple products Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. network high complexity theforeman redhat CWE-295	8.1
2018-03-12	CVE-2017-2619	Link Following vulnerability in multiple products Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition. network high complexity samba redhat debian CWE-59	7.5