18.04

DATE	CVE	VULNERABILITY TITLE	RISK
2017-07-27	CVE-2017-11683	Reachable Assertion vulnerability in multiple products There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. network low complexity exiv2 canonical debian CWE-617	6.5
2017-07-24	CVE-2017-11591	There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. network low complexity exiv2 canonical debian	7.5
2017-07-17	CVE-2017-11352	In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. network imagemagick debian canonical	4.3
2017-05-26	CVE-2017-9239	Divide By Zero vulnerability in multiple products An issue was discovered in Exiv2 0.26. network low complexity exiv2 canonical CWE-369	6.5
2017-05-23	CVE-2016-9843	The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. network low complexity zlib opensuse debian canonical oracle redhat apple netapp mariadb nodejs critical	9.8
2017-05-23	CVE-2016-9842	The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. network low complexity gnu opensuse debian canonical oracle redhat apple nodejs	8.8
2017-05-23	CVE-2016-9841	inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. network low complexity zlib opensuse debian canonical oracle redhat apple netapp nodejs critical	9.8
2017-05-23	CVE-2016-9840	inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. network low complexity zlib opensuse debian canonical oracle redhat apple nodejs	8.8
2017-05-01	CVE-2017-6519	Origin Validation Error vulnerability in multiple products avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. network low complexity avahi canonical CWE-346 critical	9.1
2017-02-13	CVE-2016-3616	NULL Pointer Dereference vulnerability in multiple products The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file. network libjpeg-turbo redhat debian canonical CWE-476	6.8