Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-01-08	CVE-2018-5268	Out-of-bounds Write vulnerability in multiple products In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted image file. local low complexity opencv debian CWE-787	5.5
2018-01-05	CVE-2018-5251	Incorrect Conversion between Numeric Types vulnerability in multiple products In libming 0.4.8, there is an integer signedness error vulnerability (left shift of a negative value) in the readSBits function (util/read.c). network low complexity libming debian CWE-681	6.5
2018-01-04	CVE-2017-1665	Inadequate Encryption Strength vulnerability in multiple products IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. network high complexity ibm debian CWE-326	5.9
2018-01-04	CVE-2017-5753	Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. local high complexity intel canonical debian oracle synology opensuse suse arm pepperl-fuchs netapp phoenixcontact siemens vmware CWE-203	5.6
2018-01-04	CVE-2017-5715	Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. local high complexity intel arm canonical netapp siemens debian oracle CWE-203	5.6
2018-01-03	CVE-2017-1000472	Path Traversal vulnerability in multiple products The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary files, via a crafted ZIP file, related to a "file path injection vulnerability". network low complexity pocoproject debian CWE-22	6.5
2018-01-03	CVE-2017-1000476	Resource Exhaustion vulnerability in multiple products ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service. network low complexity imagemagick debian canonical CWE-400	6.5
2018-01-02	CVE-2017-1000445	NULL Pointer Dereference vulnerability in multiple products ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of service network low complexity imagemagick debian canonical CWE-476	6.5
2017-12-31	CVE-2017-18005	NULL Pointer Dereference vulnerability in multiple products Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file. local low complexity exiv2 debian CWE-476	5.5
2017-12-29	CVE-2017-17760	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData function in grfmt_pxm.cpp, because an incorrect size value is used. network low complexity opencv debian CWE-119	6.5