Security Vulnerabilities - CVEs Published In 2018
There is floating point exception at caca/dither.c (function caca_dither_bitmap) in libcaca 0.99.beta19.
CVSS Score
6.5
EPSS Score
0.01
Published
2018-12-28
There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 4bpp data.
CVSS Score
8.8
EPSS Score
0.02
Published
2018-12-28
There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case.
CVSS Score
8.1
EPSS Score
0.02
Published
2018-12-28
There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for 24bpp data.
CVSS Score
8.1
EPSS Score
0.009
Published
2018-12-28
There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 1bpp data.
CVSS Score
8.8
EPSS Score
0.007
Published
2018-12-28
Logisim Evolution version 2.14.3 and earlier contains an XML External Entity (XXE) vulnerability in Circuit file loading functionality (loadXmlFrom in src/com/cburch/logisim/file/XmlReader.java) that can result in information leak, possible RCE depending on system configuration. This attack appears to be exploitable via the victim opening a specially crafted circuit file. This vulnerability appears to have been fixed in 2.14.4.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-12-28
FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter "filterType" in /attachments.php that can allow the attacker to grab the entire database of the application.
CVSS Score
7.5
EPSS Score
0.007
Published
2018-12-28
The BGP daemon (bgpd) in all IP Infusion ZebOS versions to 7.10.6 and all OcNOS versions to 1.3.3.145 allow remote attackers to cause a denial of service attack via an autonomous system (AS) path containing 8 or more autonomous system number (ASN) elements.
CVSS Score
7.5
EPSS Score
0.011
Published
2018-12-28
Battelle V2I Hub 2.5.1 is vulnerable to a denial of service, caused by the failure to restrict access to a sensitive functionality. By visiting http://V2I_HUB/UI/powerdown.php, a remote attacker could exploit this vulnerability to shut down the system.
CVSS Score
7.5
EPSS Score
0.005
Published
2018-12-28
Battelle V2I Hub 2.5.1 contains hard-coded credentials for the administrative account. An attacker could exploit this vulnerability to log in as an admin on any installation and gain unauthorized access to the system.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-12-28