Vulnerabilities > Canonical > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-18 | CVE-2018-1152 | Divide By Zero vulnerability in multiple products libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image. | 4.3 |
| 2018-06-13 | CVE-2018-0495 | Information Exposure Through Discrepancy vulnerability in multiple products Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. | 4.7 |
| 2018-06-13 | CVE-2018-12265 | Out-of-bounds Read vulnerability in multiple products Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp. | 6.8 |
| 2018-06-13 | CVE-2018-12264 | Out-of-bounds Read vulnerability in multiple products Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp. | 6.8 |
| 2018-06-12 | CVE-2018-5814 | Race Condition vulnerability in Linux Kernel In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets. | 6.9 |
| 2018-06-11 | CVE-2018-5185 | Missing Encryption of Sensitive Data vulnerability in multiple products Plaintext of decrypted emails can leak through by user submitting an embedded form. | 4.3 |
| 2018-06-11 | CVE-2018-5184 | Inadequate Encryption Strength vulnerability in multiple products Using remote content in encrypted messages can lead to the disclosure of plaintext. | 5.0 |
| 2018-06-11 | CVE-2018-5182 | Information Exposure vulnerability in multiple products If a text string that happens to be a filename in the operating system's native format is dragged and dropped onto the addressbar the specified local file will be opened. | 5.0 |
| 2018-06-11 | CVE-2018-5181 | Information Exposure vulnerability in multiple products If a URL using the "file:" protocol is dragged and dropped onto an open tab that is running in a different child process the tab will open a local file corresponding to the dropped URL, contrary to policy. | 5.0 |
| 2018-06-11 | CVE-2018-5180 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur during WebGL operations. | 5.0 |