Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-06-28	CVE-2018-12928	NULL Pointer Dereference vulnerability in multiple products In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. local low complexity linux canonical CWE-476	5.5
2018-06-27	CVE-2018-12904	In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL. local high complexity linux canonical	4.9
2018-06-26	CVE-2018-1000204	Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. network high complexity linux debian canonical	5.3
2018-06-21	CVE-2018-3665	Information Exposure vulnerability in multiple products System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. local high complexity intel citrix freebsd redhat debian canonical CWE-200	5.6
2018-06-20	CVE-2018-1120	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A flaw was found affecting the Linux kernel before version 4.17. network high complexity linux redhat debian canonical CWE-119	5.3
2018-06-18	CVE-2018-1152	Divide By Zero vulnerability in multiple products libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image. network low complexity libjpeg-turbo canonical debian CWE-369	6.5
2018-06-13	CVE-2018-0495	Information Exposure Through Discrepancy vulnerability in multiple products Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. local high complexity gnupg canonical debian redhat oracle CWE-203	4.7
2018-06-11	CVE-2018-5185	Missing Encryption of Sensitive Data vulnerability in multiple products Plaintext of decrypted emails can leak through by user submitting an embedded form. network low complexity redhat debian canonical mozilla CWE-311	6.5
2018-06-11	CVE-2018-5176	Improper Input Validation vulnerability in multiple products The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including "javascript:" links. network low complexity canonical mozilla CWE-20	6.1
2018-06-11	CVE-2018-5175	Cross-site Scripting vulnerability in multiple products A mechanism to bypass Content Security Policy (CSP) protections on sites that have a "script-src" policy of "'strict-dynamic'". network low complexity canonical mozilla CWE-79	6.1