Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-10-26	CVE-2018-15688	Classic Buffer Overflow vulnerability in multiple products A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. low complexity systemd-project debian canonical redhat CWE-120	5.8
2018-10-23	CVE-2018-18585	NULL Pointer Dereference vulnerability in multiple products chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name). network low complexity kyzer debian redhat canonical suse starwindsoftware CWE-476	4.3
2018-10-23	CVE-2018-18584	Out-of-bounds Write vulnerability in multiple products In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write. network low complexity libmspack-project cabextract-project debian redhat canonical suse starwindsoftware CWE-787	6.5
2018-10-22	CVE-2018-18557	Out-of-bounds Write vulnerability in multiple products LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write. network libtiff debian canonical CWE-787	6.8
2018-10-19	CVE-2018-18521	Divide By Zero vulnerability in multiple products Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled. network elfutils-project debian redhat opensuse canonical CWE-369	4.3
2018-10-19	CVE-2018-18520	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. network elfutils-project debian canonical opensuse redhat CWE-119	4.3
2018-10-18	CVE-2018-12387	Improper Input Validation vulnerability in multiple products A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. network low complexity redhat debian canonical mozilla CWE-20	6.4
2018-10-18	CVE-2018-12386	Incorrect Type Conversion or Cast vulnerability in multiple products A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. network redhat debian canonical mozilla CWE-704	5.8
2018-10-18	CVE-2018-12385	Improper Input Validation vulnerability in multiple products A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. local redhat debian canonical mozilla CWE-20	4.4
2018-10-18	CVE-2018-12375	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs present in Firefox 61. network mozilla canonical CWE-119	6.8