Total
13458 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-7587 | 1 Cimg | 1 Cimg | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h.
|
|||||
| CVE-2018-7584 | 3 Canonical, Debian, Php | 3 Ubuntu Linux, Debian Linux, Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string.
|
|||||
| CVE-2018-7573 | 1 Ftpshell | 1 Ftpshell Client | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
An issue was discovered in FTPShell Client 6.7. A remote FTP server can send 400 characters of 'F' in conjunction with the FTP 220 response code to crash the application; after this overflow, one can run arbitrary code on the victim machine. This is similar to CVE-2009-3364 and CVE-2017-6465.
|
|||||
| CVE-2018-7566 | 6 Canonical, Debian, Linux and 3 more | 12 Ubuntu Linux, Debian Linux, Linux Kernel and 9 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.
|
|||||
| CVE-2018-7552 | 2 Debian, Sam2p Project | 2 Debian Linux, Sam2p | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
There is an invalid free in Mapping::DoubleHash::clear in mapping.cpp that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.
|
|||||
| CVE-2018-7546 | 1 Kingsoft | 2 Jinshan Pdf, Wps Office | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
wpsmain.dll in Kingsoft WPS Office 2016 and Jinshan PDF 10.1.0.6621 allows remote attackers to cause a denial of service via a crafted pdf file.
|
|||||
| CVE-2018-7527 | 1 We-con | 3 Levistudio Hmi Editor, Levistudiou, Pi Studio Hmi Project Programmer | 2024-11-21 | 6.8 MEDIUM | 5.3 MEDIUM |
|
A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file.
|
|||||
| CVE-2018-7522 | 1 Schneider-electric | 2 Triconex Tricon Mp 3008, Triconex Tricon Mp 3008 Firmware | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
|
In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, when a system call is made, registers are stored to a fixed memory location. Modifying the data in this location could allow attackers to gain supervisor-level access and control system states.
|
|||||
| CVE-2018-7511 | 1 Eaton | 1 Elcsoft | 2024-11-21 | 6.8 MEDIUM | 5.3 MEDIUM |
|
In Eaton ELCSoft versions 2.04.02 and prior, there are multiple cases where specially crafted files could cause a buffer overflow which, in turn, may allow remote execution of arbitrary code.
|
|||||
| CVE-2018-7507 | 1 Deltaww | 1 Wplsoft | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length heap buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash.
|
|||||
| CVE-2018-7494 | 1 Deltaww | 1 Wplsoft | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length stack buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash.
|
|||||
| CVE-2018-7485 | 1 Unixodbc | 1 Unixodbc | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC 2.3.5 has strncpy arguments in the wrong order, which allows attackers to cause a denial of service or possibly have unspecified other impact.
|
|||||
| CVE-2018-7470 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLossless function in coders/webp.c allows attackers to cause a denial of service (segmentation violation) via a crafted file.
|
|||||
| CVE-2018-7409 | 1 Unixodbc | 1 Unixodbc | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In unixODBC before 2.3.5, there is a buffer overflow in the unicode_to_ansi_copy() function in DriverManager/__info.c.
|
|||||
| CVE-2018-7339 | 1 Mp4v2 Project | 1 Mp4v2 | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
The MP4Atom class in mp4atom.cpp in MP4v2 through 2.0.0 mishandles Entry Number validation for the MP4 Table Property, which allows remote attackers to cause a denial of service (overflow, insufficient memory allocation, and segmentation fault) or possibly have unspecified other impact via a crafted mp4 file.
|
|||||
| CVE-2018-7284 | 2 Debian, Digium | 3 Debian Linux, Asterisk, Certified Asterisk | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash.
|
|||||
| CVE-2018-7247 | 1 Leptonica | 1 Leptonica | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in Leptonica before 1.75.3. Unsanitized input (rootname) can overflow a buffer, leading potentially to arbitrary code execution or possibly unspecified other impact.
|
|||||
| CVE-2018-7167 | 1 Nodejs | 1 Node.js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc() and Buffer.fill() were updated so that they zero fill instead of hanging in these cases. All versions of Node.js 6.x (LTS "Boron"), 8.x (LTS "Carbon"), and 9.x are vulnerable. All versions of Node.js 10.x (Current) are NOT vulnerable.
|
|||||
| CVE-2018-7116 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote denial of service via dbman Opcode 10003 'Filename'. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.
|
|||||
| CVE-2018-7115 | 2 Hp, Microsoft | 2 Intelligent Management Center, Windows | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote buffer overflow in dbman.exe opcode 10001 on Windows. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.
|
|||||
| CVE-2018-7114 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to remote buffer overflow in dbman leading to code execution. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.
|
|||||
| CVE-2018-7039 | 1 Ccn-lite | 1 Ccn-lite | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
CCN-lite 2.0.0 Beta allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact because the ccnl_ndntlv_prependBlob function in ccnl-pkt-ndntlv.c can be called with wrong arguments. Specifically, there is an incorrect integer data type causing a negative third argument in some cases of crafted TLV data with inconsistent length information.
|
|||||
| CVE-2018-6953 | 1 Ccn-lite | 1 Ccn-lite | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In CCN-lite 2, the Parser of NDNTLV does not verify whether a certain component's length field matches the actual component length, which has a resultant buffer overflow and out-of-bounds memory accesses.
|
|||||
| CVE-2018-6948 | 1 Ccn-lite | 1 Ccn-lite | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In CCN-lite 2, the function ccnl_prefix_to_str_detailed can cause a buffer overflow, when writing a prefix to the buffer buf. The maximal size of the prefix is CCNL_MAX_PREFIX_SIZE; the buffer has the size CCNL_MAX_PREFIX_SIZE. However, when NFN is enabled, additional characters are written to the buffer (e.g., the "NFN" and "R2C" tags). Therefore, sending an NFN-R2C packet with a prefix of size CCNL_MAX_PREFIX_SIZE can cause an overflow of buf inside ccnl_prefix_to_str_detailed.
|
|||||
| CVE-2018-6892 | 1 Cloudme | 1 Sync | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the "CloudMe Sync" client application listening on port 8888 can send a malicious payload causing a buffer overflow condition. This will result in an attacker controlling the program's execution flow and allowing arbitrary code execution.
|
|||||
| CVE-2018-6876 | 2 Imagemagick, Libfpx Project | 2 Imagemagick, Libfpx | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
The OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as used in ImageMagick 7.0.7-22 Q16 and other products, allows remote attackers to cause a denial of service (stack-based buffer under-read) via a crafted bmp image.
|
|||||
| CVE-2018-6857 | 1 Sophos | 3 Safeguard Easy Device Encryption Client, Safeguard Enterprise Client, Safeguard Lan Crypt Client | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x802022E0. By crafting an input buffer we can control the execution path to the point where the constant 0x12 will be written to a user-controlled address. We can take advantage of this condition to modify the SEP_TOKEN_PRIVILEGES structure of the Token object belonging to the exploit process and grant SE_DEBUG_NAME privilege. This ...
Show More |
|||||
| CVE-2018-6856 | 1 Sophos | 3 Safeguard Easy Device Encryption Client, Safeguard Enterprise Client, Safeguard Lan Crypt Client | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x8020601C. By crafting an input buffer we can control the execution path to the point where a global variable will be written to a user controlled address. We can take advantage of this condition to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor itself ...
Show More |
|||||
| CVE-2018-6855 | 1 Sophos | 3 Safeguard Easy Device Encryption Client, Safeguard Enterprise Client, Safeguard Lan Crypt Client | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80202014. By crafting an input buffer we can control the execution path to the point where the constant 0xFFFFFFF will be written to a user-controlled address. We can take advantage of this condition to modify the SEP_TOKEN_PRIVILEGES structure of the Token object belonging to the exploit process and grant SE_DEBUG_NAME privilege. ...
Show More |
|||||
| CVE-2018-6854 | 1 Sophos | 3 Safeguard Easy Device Encryption Client, Safeguard Enterprise Client, Safeguard Lan Crypt Client | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via multiple IOCTLs, e.g., 0x8810200B, 0x8810200F, 0x8810201B, 0x8810201F, 0x8810202B, 0x8810202F, 0x8810203F, 0x8810204B, 0x88102003, 0x88102007, 0x88102013, 0x88102017, 0x88102027, 0x88102033, 0x88102037, 0x88102043, and 0x88102047. When some conditions in the user-controlled input buffer are not met, the driver writes an error code (0x2000 ...
Show More |
|||||
| CVE-2018-6853 | 1 Sophos | 3 Safeguard Easy Device Encryption Client, Safeguard Enterprise Client, Safeguard Lan Crypt Client | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80206024. By crafting an input buffer we can control the execution path to the point where a global variable will be written to a user controlled address. We can take advantage of this condition to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor itself ...
Show More |
|||||
| CVE-2018-6852 | 1 Sophos | 3 Safeguard Easy Device Encryption Client, Safeguard Enterprise Client, Safeguard Lan Crypt Client | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80202298. By crafting an input buffer we can control the execution path to the point where the nt!memset function is called to zero out contents of a user-controlled address. We can take advantage of this condition to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the securit ...
Show More |
|||||
| CVE-2018-6851 | 1 Sophos | 3 Safeguard Easy Device Encryption Client, Safeguard Enterprise Client, Safeguard Lan Crypt Client | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80206040. By crafting an input buffer we can control the execution path to the point where the constant DWORD 0 will be written to a user-controlled address. We can take advantage of this condition to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor itse ...
Show More |
|||||
| CVE-2018-6799 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 allows remote attackers to cause a denial of service (heap overwrite) or possibly have unspecified other impact via a crafted image file, because a pixel staging area is not used.
|
|||||
| CVE-2018-6537 | 1 Flexense | 1 Syncbreeze | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A buffer overflow vulnerability in the control protocol of Flexense SyncBreeze Enterprise v10.4.18 allows remote attackers to execute arbitrary code by sending a crafted packet to TCP port 9121.
|
|||||
| CVE-2018-6481 | 1 Flexense | 1 Disksavvy | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A buffer overflow vulnerability in the control protocol of Disk Savvy Enterprise v10.4.18 allows remote attackers to execute arbitrary code by sending a crafted packet to TCP port 9124.
|
|||||
| CVE-2018-6414 | 1 Hikvision | 1 Ip Cameras | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A buffer overflow vulnerability in the web server of some Hikvision IP Cameras allows an attacker to send a specially crafted message to affected devices. Due to the insufficient input validation, successful exploit can corrupt memory and lead to arbitrary code execution or crash the process.
|
|||||
| CVE-2018-6413 | 1 Hikvision | 2 Ds-2cd9111-s, Ds-2cd9111-s Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
There is a buffer overflow in the Hikvision Camera DS-2CD9111-S of V4.1.2 build 160203 and before, and this vulnerability allows remote attackers to launch a denial of service attack (service interruption) via a crafted network setting interface request.
|
|||||
| CVE-2018-6390 | 1 Wps | 1 Wps Office | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
The WStr::assign function in kso.dll in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 does not validate the size of the source memory block before an _copy call, which allows remote attackers to cause a denial of service (access violation and application crash) via a crafted (a) web page, (b) office document, or (c) .rtf file.
|
|||||
| CVE-2018-6297 | 1 Hanwha-security | 4 Snh-v6410pn, Snh-v6410pn Firmware, Snh-v6410pnw and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Buffer overflow in Hanwha Techwin Smartcams
|
|||||