Security Vulnerabilities - CVEs Published In June 2018
In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yr_execute_code in libyara/exec.c.
CVSS Score
7.8
EPSS Score
0.002
Published
2018-06-15
addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes this because "the code had computed the required string length first, and then allocated a large-enough buffer on the heap.
CVSS Score
9.8
EPSS Score
0.005
Published
2018-06-15
The Olive Tree Ftp Server application 1.32 for Android has a "Sensitive Data on the Clipboard" vulnerability, as demonstrated by reading the "User password" field with the Drozer post.capture.clipboard module.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-06-15
An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in FFmpeg 2.8 and 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service.
CVSS Score
6.5
EPSS Score
0.01
Published
2018-06-15
An inconsistent bits-per-sample value in the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service.
CVSS Score
6.5
EPSS Score
0.004
Published
2018-06-15
libavcodec in FFmpeg 4.0 may trigger a NULL pointer dereference if the studio profile is incorrectly detected while converting a crafted AVI file to MPEG4, leading to a denial of service, related to idctdsp.c and mpegvideo.c.
CVSS Score
6.5
EPSS Score
0.004
Published
2018-06-15
A stack-based buffer overflow can occur in fastboot from all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-06-15
In the WCD CPE codec, a Use After Free condition can occur in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-06-15
expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer header.
CVSS Score
8.8
EPSS Score
0.006
Published
2018-06-15
IBM WebSphere MQ 8.0 and 9.0, when configured to use a PAM module for authentication, could allow a user to cause a deadlock in the IBM MQ PAM code which could result in a denial of service. IBM X-Force ID: 138949.
CVSS Score
3.7
EPSS Score
0.009
Published
2018-06-15