12.04

DATE	CVE	VULNERABILITY TITLE	RISK
2018-06-18	CVE-2018-1060	python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. network low complexity python fedoraproject canonical redhat debian	7.5
2018-06-13	CVE-2018-0495	Information Exposure Through Discrepancy vulnerability in multiple products Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. local high complexity gnupg canonical debian redhat oracle CWE-203	4.7
2018-06-12	CVE-2018-0732	Key Management Errors vulnerability in multiple products During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. network low complexity openssl debian canonical nodejs CWE-320	7.5
2018-06-11	CVE-2018-10360	Out-of-bounds Read vulnerability in multiple products The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. network low complexity file-project canonical opensuse CWE-125	6.5
2018-06-08	CVE-2018-12020	Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. network low complexity redhat canonical debian gnupg CWE-706	7.5
2018-06-07	CVE-2018-12015	Link Following vulnerability in multiple products In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name. network low complexity canonical debian perl archive apple netapp CWE-59	7.5
2018-05-24	CVE-2018-1000301	Out-of-bounds Read vulnerability in multiple products curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. network low complexity debian canonical haxx redhat oracle CWE-125 critical	9.1
2018-05-24	CVE-2018-1000199	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. local low complexity debian linux canonical redhat CWE-119	5.5
2018-05-23	CVE-2018-1125	Out-of-bounds Write vulnerability in multiple products procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. network low complexity procps-ng-project canonical debian opensuse CWE-787	7.5
2018-05-23	CVE-2018-1123	procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. network low complexity procps-ng-project canonical debian	7.5