Ubuntu Linux

DATE	CVE	VULNERABILITY TITLE	RISK
2018-05-16	CVE-2018-11212	Divide By Zero vulnerability in multiple products An issue was discovered in libjpeg 9a and 9d. network low complexity ijg debian canonical netapp oracle redhat opensuse CWE-369	6.5
2018-05-16	CVE-2018-8014	Insecure Default Initialization of Resource vulnerability in multiple products The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. network low complexity apache canonical debian netapp CWE-1188 critical	9.8
2018-05-15	CVE-2018-1087	kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. local low complexity linux canonical debian redhat	7.8
2018-05-12	CVE-2018-10999	Out-of-bounds Read vulnerability in multiple products An issue was discovered in Exiv2 0.26. network low complexity exiv2 debian canonical CWE-125	6.5
2018-05-12	CVE-2018-10998	An issue was discovered in Exiv2 0.26. network low complexity exiv2 canonical debian redhat	6.5
2018-05-10	CVE-2018-1118	Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. local low complexity linux debian canonical redhat	5.5
2018-05-10	CVE-2017-18267	Infinite Loop vulnerability in multiple products The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops. local low complexity freedesktop canonical redhat debian CWE-835	5.5
2018-05-10	CVE-2017-18266	Injection vulnerability in multiple products The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable. network low complexity freedesktop debian canonical CWE-74	8.8
2018-05-10	CVE-2018-1130	NULL Pointer Dereference vulnerability in multiple products Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls. local low complexity linux debian canonical redhat CWE-476	5.5
2018-05-10	CVE-2018-10963	Reachable Assertion vulnerability in multiple products The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726. network low complexity libtiff debian canonical CWE-617	6.5