High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-06-11	CVE-2017-5378	Information Exposure vulnerability in multiple products Hashed codes of JavaScript objects are shared between pages. network low complexity debian redhat mozilla CWE-200	7.5
2018-06-11	CVE-2016-9902	Origin Validation Error vulnerability in multiple products The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. network low complexity redhat mozilla CWE-346	7.5
2018-06-11	CVE-2016-9900	7PK - Security Features vulnerability in multiple products External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. network low complexity debian redhat mozilla CWE-254	7.5
2018-06-11	CVE-2016-9079	Use After Free vulnerability in multiple products A use-after-free vulnerability in SVG Animation has been discovered. network low complexity debian redhat mozilla torproject CWE-416	7.5
2018-06-08	CVE-2018-12020	Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. network low complexity redhat canonical debian gnupg CWE-706	7.5
2018-05-15	CVE-2018-1087	kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. local low complexity linux canonical debian redhat	7.8
2018-05-02	CVE-2018-10675	Use After Free vulnerability in multiple products The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls. local low complexity linux redhat canonical CWE-416	7.8
2018-04-26	CVE-2018-10393	Out-of-bounds Read vulnerability in multiple products bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read. network low complexity xiph-org debian redhat CWE-125	7.5
2018-04-26	CVE-2018-10392	Out-of-bounds Write vulnerability in multiple products mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file. network low complexity xiph-org debian redhat CWE-787	8.8
2018-04-19	CVE-2018-2814	Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). network high complexity oracle redhat debian canonical schneider-electric hp	8.3