Total
13458 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-15816 | 1 Faststone | 1 Image Viewer | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
FastStone Image Viewer 6.5 has a Read Access Violation on Block Data Move starting at image00400000+0x0000000000002d7d via a crafted image file.
|
|||||
| CVE-2018-15814 | 1 Faststone | 1 Image Viewer | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
FastStone Image Viewer 6.5 has a User Mode Write AV starting at image00400000+0x00000000001cb509 via a crafted image file.
|
|||||
| CVE-2018-15813 | 1 Faststone | 1 Image Viewer | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
FastStone Image Viewer 6.5 has a User Mode Write AV starting at image00400000+0x00000000000e1237 via a crafted image file.
|
|||||
| CVE-2018-15520 | 1 Lexmark | 68 Cx421, Cx421 Firmware, Cx522 and 65 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Various Lexmark devices have a Buffer Overflow (issue 2 of 2).
|
|||||
| CVE-2018-15519 | 1 Lexmark | 64 6500, 6500 Firmware, Cx310 and 61 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Various Lexmark devices have a Buffer Overflow (issue 1 of 2).
|
|||||
| CVE-2018-15497 | 1 Mitel | 2 Mivoice 5330e, Mivoice 5330e Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
The Mitel MiVoice 5330e VoIP device is affected by memory corruption flaws in the SIP/SDP packet handling functionality. An attacker can exploit this issue remotely, by sending a particular pattern of SIP/SDP packets, to cause a denial of service state in the affected devices and probably remote code execution.
|
|||||
| CVE-2018-15354 | 1 Kraftway | 2 24f2xg Router, 24f2xg Router Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A Buffer Overflow exploited through web interface by remote attacker can cause denial of service in Kraftway 24F2XG Router firmware 3.5.30.1118.
|
|||||
| CVE-2018-15353 | 1 Kraftway | 2 24f2xg Router, 24f2xg Router Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A Buffer Overflow exploited through web interface by remote attacker can cause remote code execution in Kraftway 24F2XG Router firmware 3.5.30.1118.
|
|||||
| CVE-2018-15191 | 1 Hotel Booking Script Project | 1 Hotel Booking Script | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
PHP Scripts Mall hotel-booking-script 2.0.4 allows remote attackers to cause a denial of service via crafted JavaScript code in the First Name, Last Name, or Address field.
|
|||||
| CVE-2018-15188 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
|
PHP Scripts Mall advanced-real-estate-script 4.0.9 allows remote attackers to cause a denial of service (page structure loss) via crafted JavaScript code in the Name field of a profile.
|
|||||
| CVE-2018-15176 | 1 Xnview | 1 Xnview | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at MSVCR120!memcpy+0x0000000000000074 and application crash) or possibly have unspecified other impact via a crafted RLE file.
|
|||||
| CVE-2018-15175 | 1 Xnview | 1 Xnview | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at Qt5Core!QVariant::~QVariant+0x0000000000000014 and application crash) or possibly have unspecified other impact via a crafted RLE file.
|
|||||
| CVE-2018-15174 | 1 Xnview | 1 Xnview | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
XnView 2.45 allows remote attackers to cause a denial of service (Read Access Violation at the Instruction Pointer and application crash) or possibly have unspecified other impact via a crafted ICO file.
|
|||||
| CVE-2018-15172 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
TP-Link WR840N devices have a buffer overflow via a long Authorization HTTP header.
|
|||||
| CVE-2018-15128 | 1 Polycom | 3 Group Series, Hdx, Pano | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, HDX 3.1.12 and earlier, and Pano 1.1.1 and earlier. A remote code execution vulnerability exists in the content sharing functionality because of a Buffer Overflow via crafted packets.
|
|||||
| CVE-2018-15120 | 2 Canonical, Gnome | 2 Ubuntu Linux, Pango | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.
|
|||||
| CVE-2018-14948 | 1 Sound Project | 1 Sound | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
An issue has been found in dilawar sound through 2017-11-27. The end of openWavFile in wav-file.cc has Mismatched Memory Management Routines (operator new [] versus operator delete).
|
|||||
| CVE-2018-14947 | 1 Flowpaper | 1 Pdf2json | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue has been found in PDF2JSON 0.69. XmlFontAccu::CSStyle in XmlFonts.cc has Mismatched Memory Management Routines (operator new [] versus operator delete).
|
|||||
| CVE-2018-14946 | 1 Flowpaper | 1 Pdf2json | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue has been found in PDF2JSON 0.69. The HtmlString class in ImgOutputDev.cc has Mismatched Memory Management Routines (malloc versus operator delete).
|
|||||
| CVE-2018-14939 | 1 Libreoffice | 1 Libreoffice | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact if LibreOffice is automatically launched during web browsing with pathnames controlled by a remote web site.
|
|||||
| CVE-2018-14856 | 1 Samsung | 2 Galaxy S6, Galaxy S6 Firmware | 2024-11-21 | 5.8 MEDIUM | 6.3 MEDIUM |
|
Buffer overflow in dhd_bus_flow_ring_create_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allow an attacker (who has obtained code execution on the Wi-Fi) chip to cause the device driver to perform invalid memory accesses. The Samsung ID is SVE-2018-11785.
|
|||||
| CVE-2018-14855 | 1 Samsung | 2 Galaxy S6, Galaxy S6 Firmware | 2024-11-21 | 5.8 MEDIUM | 6.3 MEDIUM |
|
Buffer overflow in dhd_bus_flow_ring_flush_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 allow an attacker (who has obtained code execution on the Wi-Fi chip) to cause the device driver to perform invalid memory accesses. The Samsung ID is SVE-2018-11785.
|
|||||
| CVE-2018-14854 | 1 Samsung | 2 Galaxy S6, Galaxy S6 Firmware | 2024-11-21 | 5.8 MEDIUM | 6.3 MEDIUM |
|
Buffer overflow in dhd_bus_flow_ring_delete_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allow an attacker (who has obtained code execution on the Wi-Fi chip) to cause the device driver to perform invalid memory accesses. The Samsung ID is SVE-2018-11785.
|
|||||
| CVE-2018-14852 | 1 Samsung | 2 Galaxy S6, Galaxy S6 Firmware | 2024-11-21 | 5.8 MEDIUM | 6.3 MEDIUM |
|
Out-of-bounds array access in dhd_rx_frame in drivers/net/wireless/bcmdhd4358/dhd_linux.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to cause invalid accesses to operating system memory due to improper validation of the network interface index provided by the Wi-Fi chip's firmware.
|
|||||
| CVE-2018-14829 | 1 Rockwellautomation | 1 Rslinx | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote threat actor to intentionally send a malformed CIP packet to Port 44818, causing the software application to stop responding and crash. This vulnerability also has the potential to exploit a buffer overflow condition, which may allow the threat actor to remotely execute arbitrary code.
|
|||||
| CVE-2018-14821 | 1 Rockwellautomation | 1 Rslinx | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote, unauthenticated threat actor to intentionally send a malformed CIP packet to Port 44818, causing the RSLinx Classic application to terminate. The user will need to manually restart the software to regain functionality.
|
|||||
| CVE-2018-14802 | 1 Fujielectric | 7 Frenic-ace, Frenic-eco, Frenic-mega and 4 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly check user-supplied comments which may allow for arbitrary remote code execution.
|
|||||
| CVE-2018-14799 | 1 Philips | 10 Pagewriter Tc10, Pagewriter Tc10 Firmware, Pagewriter Tc20 and 7 more | 2024-11-21 | 4.6 MEDIUM | 3.7 LOW |
|
In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user. This can lead to buffer overflow or format string vulnerabilities.
|
|||||
| CVE-2018-14794 | 1 Fujielectric | 2 Alpha5 Smart Loader, Alpha5 Smart Loader Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. The device does not perform a check on the length/size of a project file before copying the entire contents of the file to a heap-based buffer.
|
|||||
| CVE-2018-14793 | 1 Emerson | 1 Deltav | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
|
DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable to a buffer overflow exploit through an open communication port to allow arbitrary code execution.
|
|||||
| CVE-2018-14792 | 1 We-con | 1 Plc Editor | 2024-11-21 | 6.8 MEDIUM | 6.3 MEDIUM |
|
WECON PLC Editor version 1.3.3U may allow an attacker to execute code under the current process when processing project files.
|
|||||
| CVE-2018-14779 | 1 Yubico | 3 Piv Manager, Piv Tool, Smart Card Minidriver | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
|
A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `ykpiv_transfer_data()`: {% highlight c %} if(*out_len + recv_len - 2 > max_out) { fprintf(stderr, "Output buffer to small, wanted to write %lu, max was %lu.", *out_len + recv_len - 2, max_out); } if(out_data) { memcpy(out_data, data, recv_len - 2); out_data += recv_len - 2; *out_len += recv_len - 2; } {% endhighlight %} -- it is clearly checked whethe ...
Show More |
|||||
| CVE-2018-14749 | 1 Qnap | 1 Qts | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Buffer Overflow vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could have unspecified impact on the NAS.
|
|||||
| CVE-2018-14745 | 1 Samsung | 2 Galaxy S6, Galaxy S6 Firmware | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
|
Buffer overflow in prot_get_ring_space in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to overwrite kernel memory due to improper validation of the ring buffer read pointer. The Samsung ID is SVE-2018-12029.
|
|||||
| CVE-2018-14743 | 1 Pbc Project | 1 Pbc | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in wiretype_decode in context.c.
|
|||||
| CVE-2018-14742 | 1 Pbc Project | 1 Pbc | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in set_field_one in bootstrap.c during a memcpy.
|
|||||
| CVE-2018-14741 | 1 Pbc Project | 1 Pbc | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_pattern_pack in pattern.c.
|
|||||
| CVE-2018-14740 | 1 Pbc Project | 1 Pbc | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in set_field_one in bootstrap.c while making a query.
|
|||||
| CVE-2018-14739 | 1 Pbc Project | 1 Pbc | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_pattern_set_default in pattern.c.
|
|||||
| CVE-2018-14738 | 1 Pbc Project | 1 Pbc | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_rmessage_message in rmessage.c.
|
|||||