CVE-2018-5207

CVE: CVE-2018-5207
Published: 2018-01-06T16:29Z
Vendor: irssi
Products: irssi
Versions: 0.7.16, 0.7.17, 0.7.18, 0.7.19, 0.7.20, 0.7.20.1, 0.7.21, 0.7.22, 0.7.23, 0.7.24, 0.7.25, 0.7.26, 0.7.27, 0.7.28, 0.7.90, 0.7.91, 0.7.92, 0.7.93, 0.7.94, 0.7.95, 0.7.96, 0.7.97, 0.7.98, 0.7.98.2, 0.7.98.3, 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.8.4, 0.8.6, 0.8.7, 0.8.8, 0.8.9, 0.8.10, 0.8.11, 0.8.12, 0.8.13, 0.8.14, 0.8.15, 0.8.16, 0.8.17, 0.8.18, 0.8.19, 0.8.20, 0.8.21, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5,
Description Language: en
Description: When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string.
References:
https://irssi.org/security/irssi_sa_2018_01.txt

CVE-2018-5206

CVE: CVE-2018-5206
Published: 2018-01-06T16:29Z
Vendor: irssi
Products: irssi
Versions: 0.7.16, 0.7.17, 0.7.18, 0.7.19, 0.7.20, 0.7.20.1, 0.7.21, 0.7.22, 0.7.23, 0.7.24, 0.7.25, 0.7.26, 0.7.27, 0.7.28, 0.7.90, 0.7.91, 0.7.92, 0.7.93, 0.7.94, 0.7.95, 0.7.96, 0.7.97, 0.7.98, 0.7.98.2, 0.7.98.3, 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.8.4, 0.8.6, 0.8.7, 0.8.8, 0.8.9, 0.8.10, 0.8.11, 0.8.12, 0.8.13, 0.8.14, 0.8.15, 0.8.16, 0.8.17, 0.8.18, 0.8.19, 0.8.20, 0.8.21, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5,
Description Language: en
Description: When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer.
References:
https://irssi.org/security/irssi_sa_2018_01.txt

CVE-2018-5205

CVE: CVE-2018-5205
Published: 2018-01-06T16:29Z
Vendor: irssi
Products: irssi
Versions: 0.7.16, 0.7.17, 0.7.18, 0.7.19, 0.7.20, 0.7.20.1, 0.7.21, 0.7.22, 0.7.23, 0.7.24, 0.7.25, 0.7.26, 0.7.27, 0.7.28, 0.7.90, 0.7.91, 0.7.92, 0.7.93, 0.7.94, 0.7.95, 0.7.96, 0.7.97, 0.7.98, 0.7.98.2, 0.7.98.3, 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.8.4, 0.8.6, 0.8.7, 0.8.8, 0.8.9, 0.8.10, 0.8.11, 0.8.12, 0.8.13, 0.8.14, 0.8.15, 0.8.16, 0.8.17, 0.8.18, 0.8.19, 0.8.20, 0.8.21, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5,
Description Language: en
Description: When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string.
References:
https://irssi.org/security/irssi_sa_2018_01.txt

CVE-2018-5253

CVE: CVE-2018-5253
Published: 2018-01-05T21:29Z
Vendor: axiosys
Products: bento4
Versions: 1.5.1.0,
Description Language: en
Description: The AP4_FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4 1.5.1.0 has an Infinite loop via a crafted MP4 file that triggers size mishandling.
References:
https://github.com/axiomatic-systems/Bento4/issues/233

CVE-2018-5252

CVE: CVE-2018-5252
Published: 2018-01-05T21:29Z
Vendor: imageworsener_project
Products: imageworsener
Versions: 1.3.2,
Description Language: en
Description: libimageworsener.a in ImageWorsener 1.3.2, when libjpeg 8d is used, has a large loop in the get_raw_sample_int function in imagew-main.c.
References:
https://github.com/jsummers/imageworsener/issues/34

CVE-2018-5251

CVE: CVE-2018-5251
Published: 2018-01-05T20:29Z
Vendor: libming
Products: libming
Versions: 0.4.8,
Description Language: en
Description: In libming 0.4.8, there is an integer signedness error vulnerability (left shift of a negative value) in the readSBits function (util/read.c). Remote attackers can leverage this vulnerability to cause a denial of service via a crafted swf file.
References:
https://github.com/libming/libming/issues/97

CVE-2018-5249

CVE: CVE-2018-5249
Published: 2018-01-05T20:29Z
Vendor: shaarli_project
Products: shaarli
Versions: 0.0.40, 0.0.41, 0.0.42, 0.0.43, 0.0.44, 0.0.45, 0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.5.4, 0.6.0, 0.6.1, 0.6.2, 0.6.3, 0.6.4, 0.6.5, 0.7.0, 0.7.1, 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.8.4, 0.9.0, 0.9.1, 0.9.2,
Description Language: en
Description: Cross-site scripting (XSS) vulnerability in Shaarli before 0.8.5 and 0.9.x before 0.9.3 allows remote attackers to inject arbitrary code via the login form’s username field (aka the login parameter to the ban_canLogin function in index.php).
References:
https://github.com/shaarli/Shaarli/pull/1046
https://github.com/shaarli/Shaarli/releases/tag/v0.8.5
https://github.com/shaarli/Shaarli/releases/tag/v0.9.3

CVE-2018-5248

CVE: CVE-2018-5248
Published: 2018-01-05T19:29Z
Vendor: imagemagick
Products: imagemagick
Versions: 7.0.7-17,
Description Language: en
Description: In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function.
References:
http://www.securityfocus.com/bid/102431
https://github.com/ImageMagick/ImageMagick/issues/927

CVE-2018-5247

CVE: CVE-2018-5247
Published: 2018-01-05T19:29Z
Vendor: imagemagick
Products: imagemagick
Versions: 7.0.7-17,
Description Language: en
Description: In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c.
References:
https://github.com/ImageMagick/ImageMagick/issues/928

CVE-2018-5246

CVE: CVE-2018-5246
Published: 2018-01-05T19:29Z
Vendor: imagemagick
Products: imagemagick
Versions: 7.0.7-17,
Description Language: en
Description: In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c.
References:
http://www.securityfocus.com/bid/102469
https://github.com/ImageMagick/ImageMagick/issues/929

CVE-2018-5244

CVE: CVE-2018-5244
Published: 2018-01-05T18:29Z
Description Language: en
Description: In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn’t freed when a vcpu is destroyed. This allows guest OS administrators to cause a denial of service (host OS memory consumption) by rebooting many times.
References:
http://www.securityfocus.com/bid/102433
https://xenbits.xen.org/xsa/advisory-253.html

CVE-2018-5220

CVE: CVE-2018-5220
Published: 2018-01-04T19:29Z
Vendor: k7computing
Products: antivirus
Versions: 15.1.0306,
Description Language: en
Description: In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x95002610.
References:
https://github.com/rubyfly/K7AntiVirus_POC/tree/master/1_95002610

CVE-2018-5219

CVE: CVE-2018-5219
Published: 2018-01-04T19:29Z
Vendor: k7computing
Products: antivirus
Versions: 15.1.0306,
Description Language: en
Description: In K7 Antivirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002168.
References:
https://github.com/rubyfly/K7AntiVirus_POC/tree/master/1_83002168

CVE-2018-5218

CVE: CVE-2018-5218
Published: 2018-01-04T19:29Z
Vendor: k7computing
Products: antivirus
Versions: 15.1.0306,
Description Language: en
Description: In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x950025b0.
References:
https://github.com/rubyfly/K7AntiVirus_POC/tree/master/1_950025b0

CVE-2018-5217

CVE: CVE-2018-5217
Published: 2018-01-04T19:29Z
Vendor: k7computing
Products: antivirus
Versions: 15.1.0306,
Description Language: en
Description: In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x95002578.
References:
https://github.com/rubyfly/K7AntiVirus_POC/tree/master/1_95002578

CVE-2018-5216

CVE: CVE-2018-5216
Published: 2018-01-04T19:29Z
Vendor: radiantcms
Products: radiant_cms
Versions: 1.1.4,
Description Language: en
Description: Radiant CMS 1.1.4 has XSS via crafted Markdown input in the part_body_content parameter to an admin/pages/*/edit resource.
References:
https://github.com/imsebao/404team/blob/master/radiantcms.md

CVE-2018-5215

CVE: CVE-2018-5215
Published: 2018-01-04T19:29Z
Vendor: fork-cms
Products: fork_cms
Versions: 5.0.7,
Description Language: en
Description: Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title parameter.
References:
https://github.com/imsebao/404team/blob/master/forkcms.md

CVE-2018-5214

CVE: CVE-2018-5214
Published: 2018-01-04T18:29Z
Vendor: add_link_to_facebook_project
Products: add_link_to_facebook
Versions: 2.3,
Description Language: en
Description: The “Add Link to Facebook” plugin through 2.3 for WordPress has XSS via the al2fb_facebook_id parameter to wp-admin/profile.php.
References:
https://github.com/d4wner/Vulnerabilities-Report/blob/master/Add-Link-to-Facebook.md
https://wordpress.org/support/topic/stored-xss-bug-at-the-latest-version-of-add-link-to-facebook/

CVE-2018-5213

CVE: CVE-2018-5213
Published: 2018-01-04T18:29Z
Vendor: simple_download_monitor_project
Products: simple_download_monitor
Versions: 3.5.4,
Description Language: en
Description: The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload (aka Downloadable File) parameter in an edit action to wp-admin/post.php.
References:
https://github.com/Arsenal21/simple-download-monitor/commit/8ab8b9166bc87feba26a1573cf595af48eff7805
https://github.com/Arsenal21/simple-download-monitor/issues/27
https://github.com/d4wner/Vulnerabilities-Report/blob/master/simple-download-monitor.md
https://wordpress.org/support/topic/stored-xss-bug-at-the-latest-version-of-simple-download-monitor/

CVE-2018-5212

CVE: CVE-2018-5212
Published: 2018-01-04T18:29Z
Vendor: simple_download_monitor_project
Products: simple_download_monitor
Versions: 3.5.4,
Description Language: en
Description: The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload_thumbnail (aka File Thumbnail) parameter in an edit action to wp-admin/post.php.
References:
https://github.com/Arsenal21/simple-download-monitor/commit/8ab8b9166bc87feba26a1573cf595af48eff7805
https://github.com/Arsenal21/simple-download-monitor/issues/27
https://github.com/d4wner/Vulnerabilities-Report/blob/master/simple-download-monitor.md
https://wordpress.org/support/topic/stored-xss-bug-at-the-latest-version-of-simple-download-monitor/