CVE-2018-5685
In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c). Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value.
Source: CVE-2018-5685
CVE-2018-5684
In Libav 12.1, there is an invalid memcpy call in the ff_mov_read_stsd_entries function of libavformat/mov.c. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) and program failure with a crafted avi file.
Source: CVE-2018-5684
CVE-2018-5687
NewsBee allows XSS via the Company Name field in the Settings under admin/admin.php.
Source: CVE-2018-5687
CVE-2018-5686
In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file.
Source: CVE-2018-5686
CVE-2018-5360
LibTIFF 4.0.9 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27.
Source: CVE-2018-5360
CVE-2018-0486
Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD.
Source: CVE-2018-0486
CVE-2018-5682
PrestaShop 1.7.2.4 allow user enumeration via the Reset Password feature, by noticing which reset attempts do not produce a "This account does not exist" error message.
Source: CVE-2018-5682
CVE-2018-5681
PrestaShop 1.7.2.4 has XSS via source-code editing on the "Pages > Edit page" screen.
Source: CVE-2018-5681
CVE-2018-5673
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. CSRF exists via wp-admin/admin.php.
Source: CVE-2018-5673
CVE-2018-5672
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php form_field5[label] parameter.
Source: CVE-2018-5672