# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2019-6250 |
190 |
|
Exec Code Overflow |
2019-01-13 |
2019-01-24 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
A pointer overflow, with code execution, was discovered in ZeroMQ libzmq (aka 0MQ) 4.2.x and 4.3.x before 4.3.1. A v2_decoder.cpp zmq::v2_decoder_t::size_ready integer overflow allows an authenticated attacker to overwrite an arbitrary amount of bytes beyond the bounds of a buffer, which can be leveraged to run arbitrary code on the target system. The memory layout allows the attacker to inject OS commands into a data structure located immediately after the problematic buffer (i.e., it is not necessary to use a typical buffer-overflow exploitation technique that changes the flow of control). |
2 |
CVE-2018-1002200 |
22 |
|
Dir. Trav. |
2018-07-25 |
2018-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. |
3 |
CVE-2018-1000878 |
416 |
|
|
2018-12-20 |
2019-01-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive. |
4 |
CVE-2018-1000877 |
415 |
|
|
2018-12-20 |
2019-01-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted RAR archive. |
5 |
CVE-2018-1000805 |
284 |
|
|
2018-10-08 |
2019-01-08 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity. |
6 |
CVE-2018-1000802 |
77 |
|
DoS |
2018-09-18 |
2018-12-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace. |
7 |
CVE-2018-1000801 |
22 |
|
Dir. Trav. |
2018-09-06 |
2018-11-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. This issue appears to have been corrected in version 18.08.1 |
8 |
CVE-2018-1000671 |
601 |
|
XSS |
2018-09-06 |
2018-11-02 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim's browser must follow a URL supplied by the attacker. This vulnerability appears to have been fixed in none available. |
9 |
CVE-2018-1000637 |
119 |
|
DoS Exec Code Overflow |
2018-08-20 |
2018-11-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential denial of service or arbitrary code execution. This attack appear to be exploitable via the victim openning a crafted compressed file. This vulnerability appears to have been fixed in 1.8-pre2. |
10 |
CVE-2018-1000632 |
91 |
|
|
2018-08-20 |
2019-01-16 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later. |
11 |
CVE-2018-1000550 |
22 |
|
Dir. Trav. |
2018-06-26 |
2018-09-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. This attack appear to be exploitable via HTTP GET/POST request. This vulnerability appears to have been fixed in 6.2.32. |
12 |
CVE-2018-1000544 |
434 |
|
Dir. Trav. |
2018-06-26 |
2018-11-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file that contains symlinks or files with absolute pathnames "../" to write arbitrary files to the filesystem.. |
13 |
CVE-2018-1000528 |
79 |
|
XSS |
2018-06-26 |
2018-08-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting (XSS) vulnerability in change password form (html/password.php, #308) that can result in injection of arbitrary web script or HTML. This attack appear to be exploitable via the victim must open a specially crafted web page. This vulnerability appears to have been fixed in after commit 56070d6289d47ba3f5918885954dcceb75606001. |
14 |
CVE-2018-1000517 |
119 |
|
Overflow |
2018-06-26 |
2018-08-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in after commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e. |
15 |
CVE-2018-1000301 |
119 |
|
DoS Overflow |
2018-05-24 |
2019-01-16 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0. |
16 |
CVE-2018-1000204 |
264 |
|
|
2018-06-26 |
2018-10-31 |
6.3 |
None |
Remote |
Medium |
Single system |
Complete |
None |
None |
** DISPUTED ** Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fixed upstream in https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824 already. The problem has limited scope, as users don't usually have permissions to access SCSI devices. On the other hand, e.g. the Nero user manual suggests doing `chmod o+r+w /dev/sg*` to make the devices accessible. NOTE: third parties dispute the relevance of this report, noting that the requirement for an attacker to have both the CAP_SYS_ADMIN and CAP_SYS_RAWIO capabilities makes it "virtually impossible to exploit." |
17 |
CVE-2018-1000199 |
388 |
|
Exec Code Mem. Corr. |
2018-05-24 |
2018-06-27 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f. |
18 |
CVE-2018-1000180 |
310 |
|
|
2018-06-05 |
2019-01-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later. |
19 |
CVE-2018-1000179 |
476 |
|
DoS |
2018-05-08 |
2018-10-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle(const Login &msg) coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service. |
20 |
CVE-2018-1000178 |
119 |
|
Exec Code Overflow |
2018-05-08 |
2018-10-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage(const QByteArray &msg) datastreampeer.cpp line 62 that allows an attacker to execute code remotely. |
21 |
CVE-2018-1000164 |
93 |
|
|
2018-04-18 |
2018-05-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "process_headers" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been fixed in 19.5.0. |
22 |
CVE-2018-1000156 |
20 |
|
Exec Code |
2018-04-06 |
2018-06-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time. |
23 |
CVE-2018-1000140 |
119 |
|
Exec Code Overflow |
2018-03-23 |
2018-10-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate. |
24 |
CVE-2018-1000132 |
284 |
|
|
2018-03-14 |
2018-07-06 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1. |
25 |
CVE-2018-1000127 |
190 |
|
Overflow |
2018-03-13 |
2018-07-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to the memcached service. This vulnerability appears to have been fixed in 1.4.37 and later. |
26 |
CVE-2018-1000122 |
119 |
|
DoS Overflow +Info |
2018-03-14 |
2019-01-16 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage |
27 |
CVE-2018-1000121 |
476 |
|
DoS |
2018-03-14 |
2019-01-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service |
28 |
CVE-2018-1000120 |
787 |
|
DoS Overflow |
2018-03-14 |
2019-01-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse. |
29 |
CVE-2018-1000116 |
119 |
|
Exec Code Overflow |
2018-03-07 |
2018-03-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution. |
30 |
CVE-2018-1000097 |
119 |
|
Exec Code Overflow |
2018-03-12 |
2018-04-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Failure to perform checking of the buffer containing input line. that can result in Could lead to code execution. This attack appear to be exploitable via Victim have to run unshar command on a specially crafted file.. |
31 |
CVE-2018-1000085 |
125 |
|
|
2018-03-13 |
2018-10-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR file. This vulnerability appears to have been fixed in after commit d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6. |
32 |
CVE-2018-1000078 |
79 |
|
XSS |
2018-03-13 |
2018-11-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appear to be exploitable via the victim must browse to a malicious gem on a vulnerable gem server. This vulnerability appears to have been fixed in 2.7.6. |
33 |
CVE-2018-1000077 |
20 |
|
|
2018-03-13 |
2018-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem could set an invalid homepage URL. This vulnerability appears to have been fixed in 2.7.6. |
34 |
CVE-2018-1000076 |
347 |
|
|
2018-03-13 |
2018-11-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures.. This vulnerability appears to have been fixed in 2.7.6. |
35 |
CVE-2018-1000075 |
400 |
|
|
2018-03-13 |
2018-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6. |
36 |
CVE-2018-1000041 |
255 |
|
|
2018-02-09 |
2018-03-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable via The victim must process a specially crafted SVG file containing an UNC path on Windows. |
37 |
CVE-2018-1000027 |
476 |
|
DoS |
2018-02-09 |
2018-03-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later. |
38 |
CVE-2018-1000024 |
19 |
|
DoS |
2018-02-09 |
2018-03-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.. This vulnerability appears to have been fixed in 4.0.23 and later. |
39 |
CVE-2018-1000007 |
200 |
|
+Info |
2018-01-24 |
2018-11-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request. |
40 |
CVE-2018-1000005 |
125 |
|
|
2018-01-24 |
2018-03-20 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer data once appended a string like `:` to the target buffer, while this was recently changed to `: ` (a space was added after the colon) but the following math wasn't updated correspondingly. When accessed, the data is read out of bounds and causes either a crash or that the (too large) data gets passed to client write. This could lead to a denial-of-service situation or an information disclosure if someone has a service that echoes back or uses the trailers for something. |
41 |
CVE-2018-20622 |
399 |
|
|
2018-12-31 |
2019-01-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when "--output-format jp2" is used. |
42 |
CVE-2018-20584 |
119 |
|
DoS Overflow |
2018-12-30 |
2019-01-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format, as demonstrated by 00 00 00 0c 6a 50 20 20 0d 0a 87 0a 00 00 00 14 66 74 79 70 6a 70 32 20 00 00 00 00 6a 70 32 20 00 00 00 2d 6a 70 32 68 00 00 00 16 69 68 64 72 00 00 00 20 00 00 00 20 00 03 07 07 00 00 00 00 00 0f 63 6f 6c 72 01 00 00 00 00 00 10 00 00 00 d8 6a 70 32 63 ff 4f ff 51 00 2f 00 00 00 08 00 20 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 20 00 00 00 00 00 00 00 00 00 03 07 01 01 07 01 01 07 01 01 ff 52 00 0c 00 00 00 01 01 00 04 04 00 01 ff 5c 00 04 40 40 ff 64 00 25 00 01 43 72 65 61 74 65 64 20 62 79 20 4f 70 65 6e 4a 50 45 47 20 76 65 72 73 69 6f 6e 20 32 2e 31 2e 30 ff 90 00 0a 00 00 00 00 00 60 00 01 ff 93 dc d7 00 18 80 0e 21 bf fc 2e ea b2 37 ce db f3 05 52 3f 43 2d 2b dd d7 64 c4 3d 67 ff 72 ab 35 2b f8 43 ca b3 5f ca d9 24 85 b4 59 5c 8d 25 fd 77 80 cb 78 1d 87 60 d6 f8 28 6e 8f 65 45 25 ea ff 5d bf 1a 71 13 10 a9 de e4 dd 6b 41 f7 38 dc 66 4f ff d9. |
43 |
CVE-2018-20570 |
125 |
|
|
2018-12-28 |
2019-01-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read. |
44 |
CVE-2018-20549 |
190 |
|
|
2018-12-28 |
2019-01-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca 0.99.beta19. |
45 |
CVE-2018-20547 |
190 |
|
|
2018-12-28 |
2019-01-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for 24bpp data. |
46 |
CVE-2018-20546 |
190 |
|
|
2018-12-28 |
2019-01-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case. |
47 |
CVE-2018-20544 |
369 |
|
|
2018-12-28 |
2019-01-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
There is floating point exception at caca/dither.c (function caca_dither_bitmap) in libcaca 0.99.beta19. |
48 |
CVE-2018-20431 |
476 |
|
|
2018-12-24 |
2019-01-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata() in plugins/ole2_extractor.c. |
49 |
CVE-2018-20430 |
125 |
|
|
2018-12-24 |
2019-01-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c. |
50 |
CVE-2018-20189 |
20 |
|
DoS |
2018-12-17 |
2019-01-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization. |