Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-08 | CVE-2018-5269 | Reachable Assertion vulnerability in multiple products In OpenCV 3.3.1, an assertion failure happens in cv::RBaseStream::setPos in modules/imgcodecs/src/bitstrm.cpp because of an incorrect integer cast. | 5.5 |
| 2018-01-08 | CVE-2018-5268 | Out-of-bounds Write vulnerability in multiple products In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted image file. | 5.5 |
| 2018-01-08 | CVE-2018-3815 | Improper Authentication vulnerability in Stalker Communigate PRO 6.2 The "XML Interface to Messaging, Scheduling, and Signaling" (XIMSS) protocol implementation in CommuniGate Pro (CGP) 6.2 suffers from a Missing XIMSS Protocol Validation attack that leads to an email spoofing attack, allowing a malicious authenticated attacker to send a message from any source email address. | 5.7 |
| 2018-01-08 | CVE-2018-5071 | Cross-site Scripting vulnerability in Cobham SEA TEL 116 Firmware 222429 Persistent XSS exists in the web server on Cobham Sea Tel 116 build 222429 satellite communication system devices: remote attackers can inject malicious JavaScript code using the device's TELNET shell built-in commands, as demonstrated by the "set ship name" command. | 5.4 |
| 2018-01-05 | CVE-2018-5252 | Excessive Iteration vulnerability in Entropymine Imageworsener 1.3.2 libimageworsener.a in ImageWorsener 1.3.2, when libjpeg 8d is used, has a large loop in the get_raw_sample_int function in imagew-main.c. | 5.3 |
| 2018-01-05 | CVE-2018-5251 | Incorrect Conversion between Numeric Types vulnerability in multiple products In libming 0.4.8, there is an integer signedness error vulnerability (left shift of a negative value) in the readSBits function (util/read.c). | 6.5 |
| 2018-01-05 | CVE-2018-5249 | Cross-site Scripting vulnerability in Shaarli Project Shaarli Cross-site scripting (XSS) vulnerability in Shaarli before 0.8.5 and 0.9.x before 0.9.3 allows remote attackers to inject arbitrary code via the login form's username field (aka the login parameter to the ban_canLogin function in index.php). | 6.1 |
| 2018-01-05 | CVE-2018-5247 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c. | 6.5 |
| 2018-01-05 | CVE-2018-5246 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c. | 6.5 |
| 2018-01-05 | CVE-2017-18022 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand in MagickWand/montage.c. | 6.5 |