14.04

DATE	CVE	VULNERABILITY TITLE	RISK
2018-05-12	CVE-2018-10998	An issue was discovered in Exiv2 0.26. network low complexity exiv2 canonical debian redhat	6.5
2018-05-10	CVE-2017-18267	Infinite Loop vulnerability in multiple products The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops. network freedesktop canonical redhat debian CWE-835	4.3
2018-05-10	CVE-2017-18266	Injection vulnerability in multiple products The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable. network freedesktop debian canonical CWE-74	6.8
2018-05-10	CVE-2018-1130	NULL Pointer Dereference vulnerability in Linux Kernel Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls. local low complexity linux debian canonical redhat CWE-476	4.9
2018-05-10	CVE-2018-10963	Reachable Assertion vulnerability in multiple products The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726. network libtiff debian canonical CWE-617	4.3
2018-05-10	CVE-2018-10958	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call. network exiv2 debian canonical CWE-119	4.3
2018-05-08	CVE-2018-8897	Race Condition vulnerability in multiple products A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. local low complexity debian canonical redhat citrix synology apple xen freebsd CWE-362	7.2
2018-05-08	CVE-2018-10805	Missing Release of Resource after Effective Lifetime vulnerability in multiple products ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. network imagemagick canonical CWE-772	4.3
2018-05-08	CVE-2018-10804	Missing Release of Resource after Effective Lifetime vulnerability in multiple products ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c. network imagemagick canonical CWE-772	4.3
2018-05-07	CVE-2018-10779	Out-of-bounds Read vulnerability in multiple products TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff. network libtiff canonical CWE-125	4.3