High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-06-11	CVE-2018-5146	Out-of-bounds Write vulnerability in multiple products An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. network low complexity redhat debian canonical mozilla CWE-787	8.8
2018-06-08	CVE-2018-12020	Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. network low complexity redhat canonical debian gnupg CWE-706	7.5
2018-05-15	CVE-2018-1087	kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. local low complexity linux canonical debian redhat	7.8
2018-05-02	CVE-2018-10675	Use After Free vulnerability in multiple products The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls. local low complexity linux redhat canonical CWE-416	7.8
2018-04-26	CVE-2018-10393	Out-of-bounds Read vulnerability in multiple products bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read. network low complexity xiph-org debian redhat CWE-125	7.5
2018-04-26	CVE-2018-10392	Out-of-bounds Write vulnerability in multiple products mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file. network low complexity xiph-org debian redhat CWE-787	8.8
2018-04-19	CVE-2018-2814	Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). network high complexity oracle redhat debian canonical schneider-electric hp	8.3
2018-04-19	CVE-2018-2794	Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). local high complexity oracle redhat debian canonical hp schneider-electric	7.7
2018-04-19	CVE-2018-2755	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). local high complexity oracle debian canonical mariadb netapp redhat	7.7
2018-04-18	CVE-2018-10194	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. local low complexity artifex canonical debian redhat CWE-119	7.8