Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-06-11	CVE-2018-5185	Missing Encryption of Sensitive Data vulnerability in multiple products Plaintext of decrypted emails can leak through by user submitting an embedded form. network low complexity redhat debian canonical mozilla CWE-311	6.5
2018-06-11	CVE-2018-5170	Improper Input Validation vulnerability in multiple products It is possible to spoof the filename of an attachment and display an arbitrary attachment name. network low complexity redhat mozilla debian canonical CWE-20	4.3
2018-06-11	CVE-2018-5168	Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. network low complexity debian mozilla canonical redhat	5.3
2018-06-11	CVE-2018-5161	Improper Input Validation vulnerability in multiple products Crafted message headers can cause a Thunderbird process to hang on receiving the message. network low complexity redhat debian canonical mozilla CWE-20	4.3
2018-05-24	CVE-2018-1000199	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. local low complexity debian linux canonical redhat CWE-119	5.5
2018-05-22	CVE-2018-3639	Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. local low complexity intel arm redhat debian canonical siemens oracle mitel sonicwall schneider-electric nvidia microsoft CWE-203	5.5
2018-04-23	CVE-2018-1106	Improper Authentication vulnerability in multiple products An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. local low complexity packagekit-project redhat canonical debian CWE-287	5.5
2018-04-19	CVE-2018-2819	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). network low complexity oracle mariadb canonical debian redhat netapp	6.5
2018-04-19	CVE-2018-2817	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). network low complexity oracle canonical debian redhat mariadb netapp	6.5
2018-04-19	CVE-2018-2815	Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). network low complexity oracle redhat debian canonical schneider-electric hp	5.3