CWE:
 

Topic
Date
Author
Med.
Solarwinds LEM 6.3.1 Management Shell Arbitrary File Read
25.04.2017
Matt Bergin
Med.
SAP MII 15.0 Directory Traversal
17.05.2016
Dmitry Chastuhin
Med.
Infoware MapSuite Path Traversal
04.06.2014
Christian


CVEMAP Search Results

CVE
Details
Description
2018-07-27
Medium
CVE-2017-2616

Vendor: Util-linux project
Software: Util-linux
 

 
A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.

 
2018-07-19
Medium
CVE-2018-14423

Vendor: Openjpeg project
Software: Openjpeg
 

 
Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).

 
Low
CVE-2018-14395

Vendor: Ffmpeg
Software: Ffmpeg
 

 
libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted audio file when converting to the MOV audio format.

 
Low
CVE-2018-14394

Vendor: Ffmpeg
Software: Ffmpeg
 

 
libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted Waveform audio file.

 
2018-07-09
Low
CVE-2018-13785

Vendor: Libpng
Software: Libgpng
 

 
In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.

 
Low
CVE-2017-16890

Vendor: Swftools
Software: Swftools
 

 
SWFTools 0.9.2 has a divide-by-zero error in the wav_convert2mono function in lib/wav.c because the align value may be zero.

 
2018-07-05
Low
CVE-2018-12691

Vendor: Onosproject
Software: ONOS
 

 
Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data plane packet injection.

 
2018-07-03
Low
CVE-2018-13097

Vendor: Linux
Software: Linux kernel
 

 
An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3. There is an out-of-bounds read or a divide-by-zero error for an incorrect user_block_count in a corrupted f2fs image, leading to a denial of service (BUG).

 
Low
CVE-2018-13100

Vendor: Linux
Software: Linux kernel
 

 
An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3, which does not properly validate secs_per_zone in a corrupted f2fs image, as demonstrated by a divide-by-zero error.

 
2018-06-27
Medium
CVE-2018-8025

Vendor: Apache
Software: Hbase
 

 
CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an unauthenticated user would be treated as an authenticated user. https://issues.apache.org/jira/browse/HBASE-20664 implements a fix for this issue. It has been fixed in versions: 1.2.6.1, 1.3.2.1, 1.4.5, 2.0.1.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top