10.12.6

DATE	CVE	VULNERABILITY TITLE	RISK
2019-10-03	CVE-2018-14464	Out-of-bounds Read vulnerability in multiple products The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs(). network low complexity tcpdump redhat debian opensuse fedoraproject apple CWE-125	7.5
2019-10-03	CVE-2018-14463	Out-of-bounds Read vulnerability in multiple products The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 2, a different vulnerability than CVE-2019-15167. network low complexity tcpdump redhat debian opensuse fedoraproject f5 apple CWE-125	7.5
2019-10-03	CVE-2018-14462	Out-of-bounds Read vulnerability in multiple products The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print(). network low complexity tcpdump redhat debian opensuse fedoraproject f5 apple CWE-125	7.5
2019-10-03	CVE-2018-14461	Out-of-bounds Read vulnerability in multiple products The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print(). network low complexity tcpdump redhat debian opensuse fedoraproject apple CWE-125	7.5
2019-08-14	CVE-2019-9506	Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. low complexity google apple canonical debian opensuse redhat huawei CWE-327	4.8
2019-08-09	CVE-2019-11042	Out-of-bounds Read vulnerability in multiple products When PHP EXIF extension is parsing EXIF information from an image, e.g. network low complexity php debian canonical apple opensuse redhat tenable CWE-125	7.1
2019-08-09	CVE-2019-11041	Out-of-bounds Read vulnerability in multiple products When PHP EXIF extension is parsing EXIF information from an image, e.g. network low complexity php debian canonical apple opensuse redhat tenable CWE-125	7.1
2019-07-01	CVE-2019-13118	Type Confusion vulnerability in multiple products In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. network low complexity xmlsoft opensuse netapp oracle fedoraproject canonical apple CWE-843	5.3
2019-04-03	CVE-2018-4470	Unspecified vulnerability in Apple mac OS X A privacy issue in the handling of Open Directory records was addressed with improved indexing. network apple	4.3
2019-04-03	CVE-2018-4465	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X A memory corruption issue was addressed with improved memory handling. network apple CWE-119 critical	9.3