CVE-2018-12108

An issue was discovered in Dropbox Lepton 1.2.1. The validateAndCompress function in validation.cc allows remote attackers to cause a denial of service (SIGFPE and application crash) via a malformed file.

Source: CVE-2018-12108

CVE-2018-12111

Cross-site scripting (XSS) vulnerability in the Canon PrintMe EFI webinterface allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the /wt3/mydocs.php URI.

Source: CVE-2018-12111

CVE-2018-12109

An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The TransformPaletteC<FileIO>::process function in transform/palette_C.hpp allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PAM image file.

Source: CVE-2018-12109

CVE-2018-12100

Sonatype Nexus Repository Manager before 3.12.0 has XSS in multiple areas in the Administration UI.

Source: CVE-2018-12100

CVE-2018-12099

Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links.

Source: CVE-2018-12099

CVE-2018-12094

Cross-site scripting (XSS) vulnerability in news.php in Dimofinf CMS Version 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

Source: CVE-2018-12094

CVE-2018-12095

A Reflected Cross-Site Scripting web vulnerability has been discovered in the OEcms v3.1 web-application. The vulnerability is located in the mod parameter of info.php.

Source: CVE-2018-12095

CVE-2018-12092

tinyexr 0.9.5 has a heap-based buffer over-read in tinyexr::DecodePixelData in tinyexr.h, related to OpenEXR code.

Source: CVE-2018-12092

CVE-2018-12093

tinyexr 0.9.5 has a memory leak in ParseEXRHeaderFromMemory in tinyexr.h.

Source: CVE-2018-12093

CVE-2018-10360

The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.

Source: CVE-2018-10360