CVE-2018-9070
For the Lenovo Smart Assistant Android app versions earlier than 12.1.82, an attacker with physical access to the smart speaker can, by pressing a specific button sequence, enter factory test mode and enable a web service intended for testing the device. As with most test modes, this provides extra privileges, including changing settings and running code. Lenovo Smart Assistant is an Amazon Alexa-enabled smart speaker developed by Lenovo.
Source: CVE-2018-9070
CVE-2018-9067
The Lenovo Help Android app versions earlier than 6.1.2.0327 had insufficient access control for some functions which, if exploited, could have led to exposure of approximately 400 email addresses and 8,500 IMEI.
Source: CVE-2018-9067
CVE-2018-14044
The RateTransposer::setChannels function in RateTransposer.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch.
Source: CVE-2018-14044
CVE-2018-14046
Exiv2 0.26 has a heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp.
Source: CVE-2018-14046
CVE-2018-14045
The FIRFilter::evaluateFilterMulti function in FIRFilter.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch.
Source: CVE-2018-14045
CVE-2018-14041
In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.
Source: CVE-2018-14041
CVE-2018-14043
mstdlib (aka the M Standard Library for C) 1.2.0 has incorrect file access control in situations where M_fs_perms_can_access attempts to delete an existing file (that lacks public read/write access) during a copy operation, related to fs/m_fs.c and fs/m_fs_path.c. An attacker could create the file and then would have access to the data.
Source: CVE-2018-14043
CVE-2018-14040
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
Source: CVE-2018-14040
CVE-2018-14042
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
Source: CVE-2018-14042
CVE-2018-6969
VMware Tools (10.x and prior before 10.3.0) contains an out-of-bounds read vulnerability in HGFS. Successful exploitation of this issue may lead to information disclosure or may allow attackers to escalate their privileges on the guest VMs. In order to be able to exploit this issue, file sharing must be enabled.
Source: CVE-2018-6969