Ubuntu Linux

DATE	CVE	VULNERABILITY TITLE	RISK
2018-06-21	CVE-2018-3665	Information Exposure vulnerability in multiple products System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. local high complexity intel citrix freebsd redhat debian canonical CWE-200	5.6
2018-06-21	CVE-2018-12617	Integer Overflow or Wraparound vulnerability in multiple products qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. network low complexity qemu canonical debian CWE-190	7.5
2018-06-20	CVE-2018-12600	Out-of-bounds Write vulnerability in multiple products In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file. network low complexity debian canonical imagemagick CWE-787	8.8
2018-06-20	CVE-2018-12599	Out-of-bounds Write vulnerability in multiple products In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file. network low complexity debian canonical imagemagick CWE-787	8.8
2018-06-20	CVE-2018-1120	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A flaw was found affecting the Linux kernel before version 4.17. network high complexity linux redhat debian canonical CWE-119	5.3
2018-06-19	CVE-2018-12293	Integer Overflow or Wraparound vulnerability in multiple products The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer overflow, which could be abused by crafted HTML content. network low complexity canonical webkitgtk wpewebkit CWE-190	8.8
2018-06-19	CVE-2018-10811	Missing Initialization of Resource vulnerability in multiple products strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable. network low complexity strongswan debian canonical fedoraproject CWE-909	7.5
2018-06-19	CVE-2018-1061	python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. network low complexity python debian redhat canonical fedoraproject	7.5
2018-06-18	CVE-2018-1333	Resource Exhaustion vulnerability in multiple products By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. network low complexity apache redhat canonical netapp CWE-400	7.5
2018-06-18	CVE-2018-1152	Divide By Zero vulnerability in multiple products libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image. network low complexity libjpeg-turbo canonical debian CWE-369	6.5