Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-10-19	CVE-2018-18521	Divide By Zero vulnerability in multiple products Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled. local low complexity elfutils-project debian redhat opensuse canonical CWE-369	5.5
2018-10-19	CVE-2018-18520	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. network low complexity elfutils-project debian canonical opensuse redhat CWE-119	6.5
2018-10-18	CVE-2018-12383	Insufficiently Protected Credentials vulnerability in multiple products If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. local low complexity redhat debian canonical mozilla CWE-522	5.5
2018-10-18	CVE-2018-12374	Information Exposure vulnerability in multiple products Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. network low complexity mozilla redhat debian canonical CWE-200	4.3
2018-10-18	CVE-2018-12373	Information Exposure vulnerability in multiple products dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. network low complexity mozilla redhat debian canonical CWE-200	6.5
2018-10-18	CVE-2018-12372	Information Exposure vulnerability in multiple products Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. network low complexity mozilla redhat debian canonical CWE-200	6.5
2018-10-18	CVE-2018-12366	Out-of-bounds Read vulnerability in multiple products An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. network low complexity redhat debian canonical mozilla CWE-125	6.5
2018-10-18	CVE-2018-12365	Information Exposure vulnerability in multiple products A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. network low complexity redhat debian canonical mozilla CWE-200	6.5
2018-10-17	CVE-2018-3282	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). network low complexity oracle netapp canonical debian mariadb redhat	4.9
2018-10-17	CVE-2018-3214	Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). network low complexity oracle redhat debian canonical hp	5.3