Skip to main content
CVE-2018-19932 MEDIUM POC PATCH This Month

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Binutils Vasa Provider
NVD
CVSS 3.0
5.5
EPSS
2.0%
CVE-2018-9517 MEDIUM PATCH This Month

In pppol2tp_connect, there is possible memory corruption due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Buffer Overflow Use After Free Privilege Escalation Denial Of Service Google +2
NVD
CVSS 3.0
6.7
EPSS
0.4%
CVE-2018-5816 MEDIUM PATCH This Month

An integer overflow error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger a division by zero via specially crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libraw Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
2.1%
CVE-2018-5815 MEDIUM PATCH This Month

An integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service Apple Libraw Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
2.2%
CVE-2018-5813 MEDIUM PATCH This Month

An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libraw Ubuntu Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
2.1%
CVE-2018-5812 MEDIUM PATCH This Month

An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to trigger a NULL pointer dereference. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Libraw Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
1.8%
CVE-2018-5811 MEDIUM PATCH This Month

An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Buffer Overflow Libraw Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
1.8%
CVE-2018-5806 MEDIUM PATCH This Month

An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Libraw Enterprise Linux Desktop Enterprise Linux Server +1
NVD GitHub
CVSS 3.0
6.5
EPSS
1.7%
CVE-2018-5804 MEDIUM PATCH This Month

A type confusion error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libraw
NVD GitHub
CVSS 3.0
6.5
EPSS
1.7%
CVE-2018-5801 MEDIUM PATCH This Month

An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Libraw Enterprise Linux Desktop Enterprise Linux Server +3
NVD GitHub
CVSS 3.0
6.5
EPSS
2.0%
CVE-2018-5800 MEDIUM PATCH This Month

An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Libraw Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Workstation +2
NVD GitHub
CVSS 3.1
6.5
EPSS
2.5%
CVE-2018-9519 MEDIUM This Month

In easelcomm_hw_build_scatterlist, there is a possible out of bounds write due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Race Condition Privilege Escalation Buffer Overflow Google Android
NVD
CVSS 3.0
6.4
EPSS
0.1%
CVE-2018-1663 MEDIUM PATCH This Month

IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, 7.6, and 2018.4 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Datapower Gateway
NVD
CVSS 3.0
5.9
EPSS
2.3%
CVE-2018-1896 MEDIUM PATCH This Month

IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Code Injection IBM Connections
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-16861 MEDIUM PATCH This Month

A cross-site scripting (XSS) flaw was found in the foreman component of satellite. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

CSRF XSS RCE Foreman
NVD
CVSS 3.0
4.8
EPSS
0.9%
CVE-2018-19001 MEDIUM This Month

Philips HealthSuite Health Android App, all versions. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Healthsuite Health
NVD
CVSS 3.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy