Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-04-03	CVE-2018-1099	Improper Input Validation vulnerability in multiple products DNS rebinding vulnerability found in etcd 3.3.1 and earlier. local low complexity redhat fedoraproject CWE-20	5.5
2018-04-03	CVE-2018-4117	Information Exposure vulnerability in multiple products An issue was discovered in certain Apple products. network low complexity apple webkitgtk canonical redhat debian CWE-200	6.5
2018-04-02	CVE-2018-1094	NULL Pointer Dereference vulnerability in multiple products The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image. local low complexity linux redhat canonical CWE-476	5.5
2018-03-26	CVE-2018-1301	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. network high complexity apache debian canonical netapp redhat CWE-119	5.9
2018-03-26	CVE-2018-1283	In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. network high complexity apache debian canonical netapp redhat	5.3
2018-03-25	CVE-2018-8976	Out-of-bounds Read vulnerability in multiple products In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file. network low complexity exiv2 debian redhat CWE-125	6.5
2018-03-22	CVE-2018-8945	Improper Input Validation vulnerability in multiple products The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section. local low complexity gnu redhat CWE-20	5.5
2018-03-16	CVE-2018-1199	Improper Input Validation vulnerability in multiple products Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints. network low complexity vmware redhat oracle CWE-20	5.3
2018-03-16	CVE-2018-1068	Out-of-bounds Write vulnerability in multiple products A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. local low complexity linux canonical debian redhat CWE-787	6.7
2018-03-13	CVE-2018-1050	NULL Pointer Dereference vulnerability in multiple products All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. low complexity canonical samba debian redhat CWE-476	4.3