CVE-2018-16097
LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate.
Source: CVE-2018-16097
CVE-2018-0716
Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could allow remote attackers to inject Javascript code in the compromised application.
Source: CVE-2018-0716
CVE-2018-16093
In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file.
Source: CVE-2018-16093
CVE-2018-9072
In versions prior to 5.5, LXCI for VMware allows an authenticated user to download any system file due to insufficient input sanitization during file downloads.
Source: CVE-2018-9072
CVE-2018-14637
The SAML broker consumer endpoint in Keycloak before version 4.6.0.Final ignores expiration conditions on SAML assertions. An attacker can exploit this vulnerability to perform a replay attack.
Source: CVE-2018-14637
CVE-2018-19777
In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool.
Source: CVE-2018-19777
CVE-2018-19761
There is an illegal address access at fromsixel.c (function: sixel_decode_raw_impl) in libsixel 1.8.2 that will cause a denial of service.
Source: CVE-2018-19761
CVE-2018-19762
There is a heap-based buffer overflow at fromsixel.c (function: image_buffer_resize) in libsixel 1.8.2 that will cause a denial of service or possibly unspecified other impact.
Source: CVE-2018-19762
CVE-2018-19755
There is an illegal address access at asm/preproc.c (function: is_mmacro) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service (out-of-bounds array access) because a certain conversion can result in a negative integer.
Source: CVE-2018-19755