Security Vulnerabilities - CVEs Published In September 2018
Global Search in Zoho ManageEngine OpManager before 12.3 123205 allows SQL Injection.
CVSS Score
9.8
EPSS Score
0.074
Published
2018-09-20
SQL injection vulnerability in archivebot.py in docmarionum1 Slack ArchiveBot (aka slack-archive-bot) before 2018-09-19 allows remote attackers to execute arbitrary SQL commands via the text parameter to cursor.execute().
CVSS Score
9.8
EPSS Score
0.004
Published
2018-09-20
A SIGFPE signal is raised in the function H5D__create_chunk_file_map_hyper() of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.
CVSS Score
6.5
EPSS Score
0.004
Published
2018-09-20
Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-09-20
The function mp4v2::impl::MP4Track::FinishSdtp() in mp4track.cpp in libmp4v2 2.1.0 mishandles compatibleBrand while processing a crafted mp4 file, which leads to a heap-based buffer over-read, causing denial of service.
CVSS Score
6.5
EPSS Score
0.004
Published
2018-09-20
The function MP4Free() in mp4property.cpp in libmp4v2 2.1.0 internally calls free() on a invalid pointer, raising a SIGABRT signal.
CVSS Score
6.5
EPSS Score
0.004
Published
2018-09-20
A SIGFPE signal is raised in the function H5D__chunk_set_info_real() of H5Dchunk.c in the HDF HDF5 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. This issue is different from CVE-2018-11207.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-09-20
Exiv2::d2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file.
CVSS Score
6.5
EPSS Score
0.005
Published
2018-09-19
Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file.
CVSS Score
6.5
EPSS Score
0.005
Published
2018-09-19
Telegram Desktop (aka tdesktop) 1.3.14 might allow attackers to cause a denial of service (assertion failure and application exit) via an "Edit color palette" search that triggers an "index out of range" condition. NOTE: this issue is disputed by multiple third parties because the described attack scenario does not cross a privilege boundary
CVSS Score
7.5
EPSS Score
0.003
Published
2018-09-19