Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-10-23	CVE-2018-18584	Out-of-bounds Write vulnerability in multiple products In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write. network low complexity libmspack-project cabextract-project debian redhat canonical suse starwindsoftware CWE-787	6.5
2018-10-19	CVE-2018-18521	Divide By Zero vulnerability in multiple products Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled. local low complexity elfutils-project debian redhat opensuse canonical CWE-369	5.5
2018-10-19	CVE-2018-18520	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. network low complexity elfutils-project debian canonical opensuse redhat CWE-119	6.5
2018-10-18	CVE-2018-12383	Insufficiently Protected Credentials vulnerability in multiple products If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. local low complexity redhat debian canonical mozilla CWE-522	5.5
2018-10-18	CVE-2018-12374	Information Exposure vulnerability in multiple products Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. network low complexity mozilla redhat debian canonical CWE-200	4.3
2018-10-18	CVE-2018-12373	Information Exposure vulnerability in multiple products dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. network low complexity mozilla redhat debian canonical CWE-200	6.5
2018-10-18	CVE-2018-12372	Information Exposure vulnerability in multiple products Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. network low complexity mozilla redhat debian canonical CWE-200	6.5
2018-10-18	CVE-2018-12367	Improper Input Validation vulnerability in multiple products In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. network low complexity debian canonical mozilla CWE-20	4.3
2018-10-18	CVE-2018-12366	Out-of-bounds Read vulnerability in multiple products An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. network low complexity redhat debian canonical mozilla CWE-125	6.5
2018-10-18	CVE-2018-12365	Information Exposure vulnerability in multiple products A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. network low complexity redhat debian canonical mozilla CWE-200	6.5