18.04

DATE	CVE	VULNERABILITY TITLE	RISK
2018-10-15	CVE-2017-5934	Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network moinmo canonical debian opensuse CWE-79	4.3
2018-10-15	CVE-2018-15378	Out-of-bounds Read vulnerability in multiple products A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. network clamav debian canonical CWE-125	4.3
2018-10-15	CVE-2018-18073	Information Exposure vulnerability in multiple products Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object. local low complexity artifex debian canonical redhat CWE-200	6.3
2018-10-15	CVE-2018-17961	Information Exposure Through an Error Message vulnerability in multiple products Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. local low complexity artifex debian canonical redhat CWE-209	8.6
2018-10-15	CVE-2018-18310	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. network elfutils-project debian redhat opensuse canonical CWE-119	4.3
2018-10-09	CVE-2018-17963	Integer Overflow or Wraparound vulnerability in multiple products qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. network low complexity qemu debian canonical redhat CWE-190	7.5
2018-10-09	CVE-2018-17962	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used. network low complexity qemu canonical debian oracle redhat suse CWE-119	5.0
2018-10-09	CVE-2018-17958	Integer Overflow or Wraparound vulnerability in multiple products Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used. network low complexity qemu canonical debian redhat CWE-190	5.0
2018-10-09	CVE-2018-18074	Insufficiently Protected Credentials vulnerability in multiple products The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. network low complexity python canonical opensuse redhat CWE-522	5.0
2018-10-08	CVE-2018-18065	NULL Pointer Dereference vulnerability in multiple products _set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. network low complexity net-snmp debian canonical netapp paloaltonetworks CWE-476	4.0