14.04

DATE	CVE	VULNERABILITY TITLE	RISK
2018-08-17	CVE-2018-15473	Race Condition vulnerability in multiple products OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. network low complexity openbsd debian redhat canonical netapp oracle siemens CWE-362	5.3
2018-08-17	CVE-2018-15471	Out-of-bounds Read vulnerability in multiple products An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. local low complexity xen linux canonical CWE-125	7.8
2018-08-17	CVE-2018-10873	Improper Input Validation vulnerability in multiple products A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. network low complexity spice-project debian canonical redhat CWE-20	6.5
2018-08-16	CVE-2018-14567	Infinite Loop vulnerability in multiple products libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251. network xmlsoft canonical debian CWE-835	4.3
2018-08-10	CVE-2018-6553	The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. local low complexity cups canonical debian	4.6
2018-08-09	CVE-2018-10925	Incorrect Authorization vulnerability in multiple products It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... network low complexity canonical debian postgresql CWE-863	8.1
2018-08-09	CVE-2018-10915	SQL Injection vulnerability in multiple products A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. network redhat canonical debian postgresql CWE-89	6.0
2018-08-08	CVE-2018-14526	Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in multiple products An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. low complexity canonical debian w1-fi CWE-924	3.3
2018-08-06	CVE-2018-7073	Exposure of Resource to Wrong Sphere vulnerability in multiple products A local arbitrary file modification vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24. local low complexity hp canonical CWE-668	2.1
2018-08-06	CVE-2018-5390	Resource Exhaustion vulnerability in multiple products Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. network low complexity redhat linux canonical debian hp hpe f5 a10networks cisco CWE-400	7.5