18.04

DATE	CVE	VULNERABILITY TITLE	RISK
2018-02-23	CVE-2018-7443	Allocation of Resources Without Limits or Throttling vulnerability in multiple products The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c). network imagemagick debian canonical CWE-770	4.3
2018-02-13	CVE-2018-6954	Link Following vulnerability in multiple products systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. local low complexity systemd-project canonical opensuse CWE-59	7.8
2018-02-09	CVE-2018-6869	Allocation of Resources Without Limits or Throttling vulnerability in multiple products In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function of zzip/zip.c. network zziplib-project debian canonical CWE-770	4.3
2018-02-08	CVE-2018-1000030	Use After Free vulnerability in multiple products Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. local python canonical CWE-416	3.3
2018-02-04	CVE-2018-6616	Resource Exhaustion vulnerability in multiple products In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. network uclouvain debian canonical oracle CWE-400	4.3
2018-02-02	CVE-2017-14180	Resource Exhaustion vulnerability in multiple products Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179. local low complexity apport-project canonical CWE-400	7.2
2018-02-02	CVE-2017-14179	Resource Exhaustion vulnerability in multiple products Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. local low complexity apport-project canonical CWE-400	7.2
2018-02-02	CVE-2017-14177	Resource Exhaustion vulnerability in multiple products Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. local low complexity apport-project canonical CWE-400	7.2
2018-02-02	CVE-2018-6541	In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_trailer (zzip/zip.c). network zziplib-project canonical	4.3
2018-02-02	CVE-2018-6540	In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. network zziplib-project canonical	4.3