High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-04-18	CVE-2018-10194	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. local low complexity artifex canonical debian redhat CWE-119	7.8
2018-04-18	CVE-2018-1088	Incorrect Privilege Assignment vulnerability in multiple products A privilege escalation flaw was found in gluster 3.x snapshot scheduler. network high complexity redhat opensuse debian CWE-266	8.1
2018-04-17	CVE-2018-6797	Out-of-bounds Write vulnerability in multiple products An issue was discovered in Perl 5.18 through 5.26. network low complexity debian perl canonical redhat CWE-787	7.5
2018-04-16	CVE-2016-9593	Credentials Management vulnerability in multiple products foreman-debug before version 1.15.0 is vulnerable to a flaw in foreman-debug's logging. network low complexity theforeman redhat CWE-255	8.8
2018-04-16	CVE-2018-10120	Improper Validation of Array Index vulnerability in multiple products The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecified other impact via a crafted document that contains a certain Microsoft Word record. local low complexity debian libreoffice redhat canonical CWE-129	7.8
2018-04-16	CVE-2018-10119	Use After Free vulnerability in multiple products sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format. local low complexity libreoffice debian redhat canonical CWE-416	7.8
2018-04-12	CVE-2018-1084	Integer Overflow or Wraparound vulnerability in multiple products corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c. network low complexity corosync debian redhat canonical CWE-190	7.5
2018-04-11	CVE-2018-1100	Classic Buffer Overflow vulnerability in multiple products zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. local low complexity zsh canonical redhat CWE-120	7.8
2018-04-04	CVE-2018-1097	Information Exposure vulnerability in multiple products A flaw was found in foreman before 1.16.1. network low complexity theforeman redhat CWE-200	8.8
2018-04-03	CVE-2018-1098	Cross-Site Request Forgery (CSRF) vulnerability in multiple products A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. network low complexity redhat fedoraproject CWE-352	8.8