NVD

CVE-2018-5808

NVD Vulnerabilities - Fri, 12/07/2018 - 17:29
An error within the "find_green()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.
Categories: NVD

CVE-2018-5809

NVD Vulnerabilities - Fri, 12/07/2018 - 17:29
An error within the "LibRaw::parse_exif()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.
Categories: NVD

CVE-2018-5810

NVD Vulnerabilities - Fri, 12/07/2018 - 17:29
An error within the "rollei_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.
Categories: NVD

CVE-2018-5811

NVD Vulnerabilities - Fri, 12/07/2018 - 17:29
An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.
Categories: NVD

CVE-2018-5812

NVD Vulnerabilities - Fri, 12/07/2018 - 17:29
An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to trigger a NULL pointer dereference.
Categories: NVD

CVE-2018-5813

NVD Vulnerabilities - Fri, 12/07/2018 - 17:29
An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file.
Categories: NVD

CVE-2018-5815

NVD Vulnerabilities - Fri, 12/07/2018 - 17:29
An integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file.
Categories: NVD

CVE-2018-5816

NVD Vulnerabilities - Fri, 12/07/2018 - 17:29
An integer overflow error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger a division by zero via specially crafted NOKIARAW file (Note: This vulnerability is caused due to an incomplete fix of CVE-2018-5804).
Categories: NVD

CVE-2017-16909

NVD Vulnerabilities - Fri, 12/07/2018 - 17:29
An error related to the "LibRaw::panasonic_load_raw()" function (dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image.
Categories: NVD

CVE-2017-16910

NVD Vulnerabilities - Fri, 12/07/2018 - 17:29
An error within the "LibRaw::xtrans_interpolate()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of Service condition.
Categories: NVD

CVE-2018-5800

NVD Vulnerabilities - Fri, 12/07/2018 - 17:29
An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.
Categories: NVD

CVE-2018-5801

NVD Vulnerabilities - Fri, 12/07/2018 - 17:29
An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.
Categories: NVD

CVE-2018-5802

NVD Vulnerabilities - Fri, 12/07/2018 - 17:29
An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.
Categories: NVD

CVE-2018-5804

NVD Vulnerabilities - Fri, 12/07/2018 - 17:29
A type confusion error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero.
Categories: NVD

CVE-2018-5805

NVD Vulnerabilities - Fri, 12/07/2018 - 17:29
A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash.
Categories: NVD

CVE-2018-5806

NVD Vulnerabilities - Fri, 12/07/2018 - 17:29
An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference.
Categories: NVD

CVE-2018-5807

NVD Vulnerabilities - Fri, 12/07/2018 - 17:29
An error within the "samsung_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.
Categories: NVD

CVE-2018-7063

NVD Vulnerabilities - Fri, 12/07/2018 - 16:29
In Aruba ClearPass, disabled API admins can still perform read/write operations. In certain circumstances, API admins in ClearPass which have been disabled may still be able to perform read/write operations on parts of the XML API. This can lead to unauthorized access to the API and complete compromise of the ClearPass instance if an attacker knows of the existence of these accounts.
Categories: NVD

CVE-2018-7065

NVD Vulnerabilities - Fri, 12/07/2018 - 16:29
An authenticated SQL injection vulnerability in Aruba ClearPass Policy Manager can lead to privilege escalation. All versions of ClearPass are affected by multiple authenticated SQL injection vulnerabilities. In each case, an authenticated administrative user of any type could exploit this vulnerability to gain access to "appadmin" credentials, leading to complete cluster compromise. Resolution: Fixed in 6.7.6 and 6.6.10-hotfix.
Categories: NVD

CVE-2018-7066

NVD Vulnerabilities - Fri, 12/07/2018 - 16:29
An unauthenticated remote command execution exists in Aruba ClearPass Policy Manager on linked devices. The ClearPass OnConnect feature permits administrators to link other network devices into ClearPass for the purpose of collecting enhanced information about connected endpoints. A defect in the API could allow a remote attacker to execute arbitrary commands on one of the linked devices. This vulnerability is only applicable if credentials for devices have been supplied to ClearPass under Configuration -> Network -> Devices -> CLI Settings. Resolution: Fixed in 6.7.5 and 6.6.10-hotfix.
Categories: NVD