Recent vulnerabilities and exploits

NA
CVE-2018-14038

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7642. Reason: This candidate is a reservation duplicate of CVE-2018-7642. Notes: All CVE users should reference CVE-2018-7642 instead of this candidate. All references and descriptions in this candidate have...

4.3
CVSSv2
CVE-2018-17360

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfd_getl32 in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be...

GnuBinutils
4.3
CVSSv2
CVE-2018-17359

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in bfd_zalloc in opncls.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a...

GnuBinutils
4.3
CVSSv2
CVE-2018-17358

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in _bfd_stab_section_find_nearest_line in syms.c. Attackers could leverage this vulnerability to cause a denial of service...

GnuBinutils
4.6
CVSSv2
CVE-2018-1000876

binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This...

GnuBinutils
7.5
CVSSv2
CVE-2015-2059

The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read....

GnuLibidnFedoraprojectFedoraOpensuse
7.5
CVSSv2
CVE-2019-8457

SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables....

Sqlite
6.8
CVSSv2
CVE-2019-5827

Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page....

5
CVSSv2
CVE-2018-16429

GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str()....

GnomeGlibCanonicalUbuntu Linux
7.5
CVSSv2
CVE-2018-16428

In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference....

GnomeGlibCanonicalUbuntu Linux