Search
Total
1326 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20177 | 1 Rdesktop | 1 Rdesktop | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution. | |||||
| CVE-2018-20056 | 1 D-link | 4 Dir-605l, Dir-605l Firmware, Dir-619l and 1 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. There is a stack-based buffer overflow allowing remote attackers to execute arbitrary code without authentication via the goform/formLanguageChange currTime parameter. | |||||
| CVE-2018-19716 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2018-19185 | 1 Mz-automation | 1 Libiec61850 | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c. This is exploitable even after CVE-2018-18834 has been patched, with a different dataSetValue sequence than the CVE-2018-18834 attack vector. | |||||
| CVE-2018-19115 | 3 Debian, Keepalived, Redhat | 7 Debian Linux, Keepalived, Enterprise Linux Server and 4 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap. | |||||
| CVE-2018-19082 | 2 Foscam, Opticam | 6 C2, C2 Application Firmware, C2 System Firmware and 3 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetDNS method allows remote attackers to conduct stack-based buffer overflow attacks via the IPv4Address field. | |||||
| CVE-2018-18957 | 1 Mz-automation | 1 Libiec61850 | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue has been found in libIEC61850 v1.3. It is a stack-based buffer overflow in prepareGooseBuffer in goose/goose_publisher.c. | |||||
| CVE-2018-18912 | 1 Sharing-file | 1 Easy File Sharing Web Server | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Easy File Sharing (EFS) Web Server 7.2. A stack-based buffer overflow vulnerability occurs when a malicious POST request has been made to forum.ghp upon creating a new topic in the forums, which allows remote attackers to execute arbitrary code. | |||||
| CVE-2018-18834 | 1 Mz-automation | 1 Libiec61850 | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c. | |||||
| CVE-2018-12785 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
| CVE-2018-18498 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. | |||||
| CVE-2018-18311 | 8 Apple, Canonical, Debian and 5 more | 18 Mac Os X, Ubuntu Linux, Debian Linux and 15 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. | |||||
| CVE-2018-17334 | 1 Libsvg2 Project | 1 Libsvg2 | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in libsvg2 through 2012-10-19. A stack-based buffer overflow in the svgGetNextPathField function in svg_string.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because a strncpy copy limit is miscalculated. | |||||
| CVE-2018-17333 | 1 Libsvg2 Project | 1 Libsvg2 | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in libsvg2 through 2012-10-19. A stack-based buffer overflow in svgStringToLength in svg_types.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because sscanf is misused. | |||||
| CVE-2018-17174 | 1 Nmealib Project | 1 Nmealib | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| A stack-based buffer overflow was discovered in the xtimor NMEA library (aka nmealib) 0.5.3. nmea_parse() in parser.c allows an attacker to trigger denial of service (even arbitrary code execution in a certain context) in a product using this library via malformed data. | |||||
| CVE-2018-17141 | 2 Debian, Hylafax | 3 Debian Linux, Hylafax, Hylafax\+ | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled, which is mishandled in FaxModem::writeECMData() in the faxd/CopyQuality.c++ file. | |||||
| CVE-2018-17160 | 1 Freebsd | 1 Freebsd | 2020-08-24 | 10.0 HIGH | 10.0 CRITICAL |
| In FreeBSD before 11.2-STABLE(r341486) and 11.2-RELEASE-p6, insufficient bounds checking in one of the device models provided by bhyve can permit a guest operating system to overwrite memory in the bhyve host possibly permitting arbitrary code execution. A guest OS using a firmware image can cause the bhyve process to crash, or possibly execute arbitrary code on the host as root. | |||||
| CVE-2018-17067 | 1 D-link | 2 Dir-816 A2, Dir-816 A2 Firmware | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. A very long password to /goform/formLogin could lead to a stack-based buffer overflow and overwrite the return address. | |||||
| CVE-2018-17065 | 1 D-link | 2 Dir-816 A2, Dir-816 A2 Firmware | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/DDNS route, a very long password could lead to a stack-based buffer overflow and overwrite the return address. | |||||
| CVE-2018-16717 | 1 Nih | 1 Ncbi Toolbox | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| A heap-based buffer overflow exists in nph-viewgif.cgi in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox. | |||||
| CVE-2018-16530 | 1 Forcepoint | 1 Email Security | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| A stack-based buffer overflow in Forcepoint Email Security version 8.5 allows an attacker to craft malicious input and potentially crash a process creating a denial-of-service. While no known Remote Code Execution (RCE) vulnerabilities exist, as with all buffer overflows, the possibility of RCE cannot be completely ruled out. Data Execution Protection (DEP) is already enabled on the Email appliance as a risk mitigation. | |||||
| CVE-2018-12798 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
| CVE-2018-12813 | 1 Adobe | 1 Digital Editions | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2018-14551 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory corruption. | |||||
| CVE-2018-14496 | 1 Vivotek | 2 Fd8136, Fd8136 Firmware | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** Vivotek FD8136 devices allow remote memory corruption and remote code execution because of a stack-based buffer overflow, related to sprintf, vlocal_buff_4326, and set_getparam.cgi. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other affect on it's performance. | |||||
| CVE-2018-13924 | 1 Qualcomm | 112 Ipq8074, Ipq8074 Firmware, Mdm9150 and 109 more | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Lack of check to prevent the buffer length taking negative values can lead to stack overflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA6174A, QCA8081, QCS404, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130 | |||||
| CVE-2018-13876 | 1 Hdfgroup | 1 Hdf5 | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer overflow in the function H5FD_sec2_read in H5FDsec2.c, related to HDread. | |||||
| CVE-2018-13874 | 1 Hdfgroup | 1 Hdf5 | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer overflow in the function H5FD_sec2_read in H5FDsec2.c, related to HDmemset. | |||||
| CVE-2018-13872 | 1 Hdfgroup | 1 Hdf5 | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer overflow in the function H5G_ent_decode in H5Gent.c. | |||||
| CVE-2018-13871 | 1 Hdfgroup | 1 Hdf5 | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer overflow in the function H5FL_blk_malloc in H5FL.c. | |||||
| CVE-2018-12814 | 1 Adobe | 1 Digital Editions | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2018-12823 | 1 Adobe | 1 Digital Editions | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2018-12932 | 1 Winehq | 1 Wine | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by triggering a large pAlphaBlend->cbBitsSrc value. | |||||
| CVE-2019-2007 | 1 Google | 1 Android | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| In getReadIndex and getWriteIndex of FifoControllerBase.cpp, there is a possible out-of-bounds write due to an integer overflow. This could lead to local escalation of privilege in the audio server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9Android ID: A-120789744 | |||||
| CVE-2019-19307 | 1 Cesanta | 1 Mongoose | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An integer overflow in parse_mqtt in mongoose.c in Cesanta Mongoose 6.16 allows an attacker to achieve remote DoS (infinite loop), or possibly cause an out-of-bounds write, by sending a crafted MQTT protocol packet. | |||||
| CVE-2019-18801 | 1 Envoyproxy | 1 Envoy | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Envoy 1.12.0. An untrusted remote client may send HTTP/2 requests that write to the heap outside of the request buffers when the upstream is HTTP/1. This may be used to corrupt nearby heap contents (leading to a query-of-death scenario) or may be used to bypass Envoy's access control mechanisms such as path based routing. An attacker can also modify requests from other users that happen to be proximal temporally and spatially. | |||||
| CVE-2019-17601 | 1 Minishare Project | 1 Minishare | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| In MiniShare 1.4.1, there is a stack-based buffer overflow via an HTTP CONNECT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19862 and CVE-2018-19861. NOTE: this product is discontinued. | |||||
| CVE-2019-17212 | 1 Mbed | 1 Mbed | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Buffer overflows were discovered in the CoAP library in Arm Mbed OS 5.14.0. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses CoAP input linearly using a while loop. Once an option is parsed in a loop, the current point (*packet_data_pptr) is increased correspondingly. The pointer is restricted by the size of the received buffer, as well as by the 0xFF delimiter byte. Inside each while loop, the check of the value of *packet_data_pptr is not strictly enforced. More specifically, inside a loop, *packet_data_pptr could be increased and then dereferenced without checking. Moreover, there are many other functions in the format of sn_coap_parser_****() that do not check whether the pointer is within the bounds of the allocated buffer. All of these lead to heap-based or stack-based buffer overflows, depending on how the CoAP packet buffer is allocated. | |||||
| CVE-2019-15938 | 1 Pengutronix | 1 Barebox | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_req in fs/nfs.c because a length field is directly used for a memcpy. | |||||
| CVE-2019-15937 | 1 Pengutronix | 1 Barebox | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_reply in net/nfs.c because a length field is directly used for a memcpy. | |||||
| CVE-2019-15554 | 1 Servo | 1 Smallvec | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is memory corruption for certain grow attempts with less than the current capacity. | |||||
| CVE-2019-15543 | 1 Slice-deque Project | 1 Slice-deque | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the slice-deque crate before 0.2.0 for Rust. There is memory corruption in certain allocation cases. | |||||
| CVE-2019-1580 | 1 Paloaltonetworks | 1 Pan-os | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to craft a message to Secure Shell Daemon (SSHD) and corrupt arbitrary memory. | |||||
| CVE-2019-14431 | 1 Matrixssl | 1 Matrixssl | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution in parseSSLHandshake in sslDecode.c. During processing of a crafted packet, the server mishandles the fragment length value provided in the DTLS message. | |||||
| CVE-2019-14363 | 1 Netgear | 2 Wndr3400v3, Wndr3400v3 Firmware | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| A stack-based buffer overflow in the upnpd binary running on NETGEAR WNDR3400v3 routers with firmware version 1.0.1.18_1.0.63 allows an attacker to remotely execute arbitrary code via a crafted UPnP SSDP packet. | |||||
| CVE-2019-14310 | 1 Ricoh | 8 Sp C250dn, Sp C250dn Firmware, Sp C250sf and 5 more | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Ricoh SP C250DN 1.05 devices allow denial of service (issue 2 of 3). Unauthenticated crafted packets to the IPP service will cause a vulnerable device to crash. A memory corruption has been identified in the way of how the embedded device parsed the IPP packets | |||||
| CVE-2019-14209 | 2 Foxitsoftware, Microsoft | 2 Phantompdf, Windows | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to Heap Corruption due to data desynchrony when adding AcroForm. | |||||
| CVE-2019-14204 | 1 Denx | 1 U-boot | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_umountall_reply. | |||||
| CVE-2019-14203 | 1 Denx | 1 U-boot | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply. | |||||
| CVE-2019-14202 | 1 Denx | 1 U-boot | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_readlink_reply. | |||||