Debian Linux

DATE	CVE	VULNERABILITY TITLE	RISK
2018-05-16	CVE-2018-11212	Divide By Zero vulnerability in multiple products An issue was discovered in libjpeg 9a and 9d. network ijg debian canonical netapp oracle redhat opensuse CWE-369	4.3
2018-05-16	CVE-2018-8014	Insecure Default Initialization of Resource vulnerability in multiple products The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. network low complexity apache canonical debian netapp CWE-1188 critical	9.8
2018-05-15	CVE-2018-1087	kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. local low complexity linux canonical debian redhat	4.6
2018-05-12	CVE-2018-10999	Out-of-bounds Read vulnerability in multiple products An issue was discovered in Exiv2 0.26. network exiv2 debian canonical CWE-125	4.3
2018-05-12	CVE-2018-10998	An issue was discovered in Exiv2 0.26. network low complexity exiv2 canonical debian redhat	6.5
2018-05-10	CVE-2018-10982	An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC mode, aka vHPET interrupt injection. local low complexity xen debian	7.2
2018-05-10	CVE-2018-1118	Improper Initialization vulnerability in multiple products Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. local low complexity linux debian canonical redhat CWE-665	5.5
2018-05-10	CVE-2018-10981	Infinite Loop vulnerability in multiple products An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request. local low complexity debian xen CWE-835	4.9
2018-05-10	CVE-2017-18267	Infinite Loop vulnerability in multiple products The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops. network freedesktop canonical redhat debian CWE-835	4.3
2018-05-10	CVE-2017-18266	Injection vulnerability in multiple products The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable. network freedesktop debian canonical CWE-74	6.8