Ubuntu Linux

DATE	CVE	VULNERABILITY TITLE	RISK
2018-02-09	CVE-2018-1053	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. local high complexity postgresql debian canonical redhat CWE-732	7.0
2018-02-09	CVE-2018-6871	LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function. network low complexity libreoffice debian canonical redhat critical	9.8
2018-02-09	CVE-2018-6869	Allocation of Resources Without Limits or Throttling vulnerability in multiple products In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function of zzip/zip.c. network low complexity zziplib-project debian canonical CWE-770	6.5
2018-02-09	CVE-2016-10712	Improper Input Validation vulnerability in multiple products In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). network low complexity php canonical CWE-20	7.5
2018-02-08	CVE-2018-6789	Classic Buffer Overflow vulnerability in multiple products An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. network low complexity exim debian canonical CWE-120 critical	9.8
2018-02-08	CVE-2018-1000030	Use After Free vulnerability in multiple products Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. local high complexity python canonical CWE-416	3.6
2018-02-06	CVE-2018-6767	Out-of-bounds Read vulnerability in multiple products A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file. local low complexity wavpack debian canonical CWE-125	7.8
2018-02-05	CVE-2018-6188	Information Exposure vulnerability in multiple products django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive. network low complexity djangoproject canonical CWE-200	7.5
2018-02-04	CVE-2018-6616	Resource Exhaustion vulnerability in multiple products In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. local low complexity uclouvain debian canonical oracle CWE-400	5.5
2018-02-03	CVE-2018-6594	Inadequate Encryption Strength vulnerability in multiple products lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). network low complexity dlitz debian canonical CWE-326	7.5