18.04

DATE	CVE	VULNERABILITY TITLE	RISK
2018-05-16	CVE-2018-11213	An issue was discovered in libjpeg 9a. network ijg debian canonical	4.3
2018-05-16	CVE-2018-11212	Divide By Zero vulnerability in multiple products An issue was discovered in libjpeg 9a and 9d. network ijg debian canonical netapp oracle redhat opensuse CWE-369	4.3
2018-05-16	CVE-2018-8014	Insecure Default Initialization of Resource vulnerability in multiple products The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. network low complexity apache canonical debian netapp CWE-1188 critical	9.8
2018-05-12	CVE-2018-10999	Out-of-bounds Read vulnerability in multiple products An issue was discovered in Exiv2 0.26. network exiv2 debian canonical CWE-125	4.3
2018-05-12	CVE-2018-10998	An issue was discovered in Exiv2 0.26. network low complexity exiv2 canonical debian redhat	6.5
2018-05-10	CVE-2018-1118	Improper Initialization vulnerability in multiple products Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. local low complexity linux debian canonical redhat CWE-665	5.5
2018-05-10	CVE-2017-18267	Infinite Loop vulnerability in multiple products The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops. network freedesktop canonical redhat debian CWE-835	4.3
2018-05-10	CVE-2017-18266	Injection vulnerability in multiple products The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable. network freedesktop debian canonical CWE-74	6.8
2018-05-10	CVE-2018-10963	Reachable Assertion vulnerability in multiple products The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726. network libtiff debian canonical CWE-617	4.3
2018-05-10	CVE-2018-10958	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call. network exiv2 debian canonical CWE-119	4.3