18.04

DATE	CVE	VULNERABILITY TITLE	RISK
2018-02-01	CVE-2018-6484	In ZZIPlib 0.13.67, there is a memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c. network zziplib-project canonical	4.3
2018-01-30	CVE-2018-6405	Missing Release of Resource after Effective Lifetime vulnerability in multiple products In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. network imagemagick canonical CWE-772	4.3
2018-01-29	CVE-2018-6381	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In ZZIPlib 0.13.67, 0.13.66, 0.13.65, 0.13.64, 0.13.63, 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57 and 0.13.56 there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function (zzip/mmapped.c) because the size variable is not validated against the amount of file->stored data. network zziplib-project canonical CWE-119	4.3
2018-01-23	CVE-2017-15105	Improper Input Validation vulnerability in multiple products A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. network low complexity nlnetlabs debian canonical CWE-20	5.0
2018-01-21	CVE-2016-10708	NULL Pointer Dereference vulnerability in multiple products sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. network low complexity openbsd debian canonical netapp CWE-476	7.5
2018-01-19	CVE-2018-5785	Integer Overflow or Wraparound vulnerability in multiple products In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). network uclouvain debian canonical CWE-190	4.3
2018-01-16	CVE-2018-5711	Infinite Loop vulnerability in multiple products gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. local low complexity php debian canonical CWE-835	5.5
2018-01-12	CVE-2017-18029	Missing Release of Resource after Effective Lifetime vulnerability in multiple products In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file. network imagemagick canonical CWE-772	4.3
2018-01-12	CVE-2017-18028	Allocation of Resources Without Limits or Throttling vulnerability in multiple products In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allow remote attackers to cause a denial of service via a crafted file. network imagemagick canonical CWE-770	7.1
2018-01-12	CVE-2017-18027	Missing Release of Resource after Effective Lifetime vulnerability in multiple products In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file. network imagemagick canonical CWE-772	4.3