Search
Total
3632 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-4350 | 1 Apple | 1 Mac Os X | 2019-04-05 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14. | |||||
| CVE-2018-12208 | 1 Intel | 3 Converged Security Management Engine Firmware, Server Platform Services Firmware, Trusted Execution Engine Firmware | 2019-04-04 | 4.6 MEDIUM | 7.6 HIGH |
| Buffer overflow in HECI subsystem in Intel(R) CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 and Intel(R) TXE version before 3.1.60 or 4.0.10, or Intel(R) Server Platform Services before version 5.00.04.012 may allow an unauthenticated user to potentially execute arbitrary code via physical access. | |||||
| CVE-2018-4191 | 2 Apple, Microsoft | 7 Icloud, Iphone Os, Itunes and 4 more | 2019-04-04 | 6.8 MEDIUM | 8.8 HIGH |
| A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | |||||
| CVE-2018-4275 | 1 Apple | 1 Iphone Os | 2019-04-04 | 6.8 MEDIUM | 8.6 HIGH |
| A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1. | |||||
| CVE-2018-12214 | 1 Intel | 1 Graphics Driver | 2019-04-04 | 7.2 HIGH | 8.2 HIGH |
| Potential memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to execute arbitrary code via local access. | |||||
| CVE-2018-4328 | 2 Apple, Microsoft | 6 Icloud, Iphone Os, Itunes and 3 more | 2019-04-04 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | |||||
| CVE-2018-4269 | 2 Apple, Microsoft | 7 Icloud, Iphone Os, Itunes and 4 more | 2019-04-04 | 6.8 MEDIUM | 8.6 HIGH |
| A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. | |||||
| CVE-2018-4316 | 2 Apple, Microsoft | 6 Icloud, Iphone Os, Itunes and 3 more | 2019-04-04 | 6.8 MEDIUM | 8.8 HIGH |
| A memory corruption issue was addressed with improved state management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | |||||
| CVE-2018-4323 | 2 Apple, Microsoft | 6 Icloud, Iphone Os, Itunes and 3 more | 2019-04-04 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | |||||
| CVE-2018-4145 | 2 Apple, Microsoft | 7 Icloud, Iphone Os, Itunes and 4 more | 2019-04-04 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.3, tvOS 11.3, watchOS 4.3, Safari 11.1, iTunes 12.7.4 for Windows, iCloud for Windows 7.4. | |||||
| CVE-2018-4299 | 2 Apple, Microsoft | 7 Icloud, Iphone Os, Itunes and 4 more | 2019-04-04 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | |||||
| CVE-2018-4263 | 2 Apple, Microsoft | 6 Icloud, Iphone Os, Itunes and 3 more | 2019-04-04 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. | |||||
| CVE-2018-4264 | 2 Apple, Microsoft | 7 Icloud, Iphone Os, Itunes and 4 more | 2019-04-04 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. | |||||
| CVE-2018-4265 | 2 Apple, Microsoft | 6 Icloud, Iphone Os, Itunes and 3 more | 2019-04-04 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. | |||||
| CVE-2018-4267 | 2 Apple, Microsoft | 6 Icloud, Iphone Os, Itunes and 3 more | 2019-04-04 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. | |||||
| CVE-2018-4272 | 2 Apple, Microsoft | 7 Icloud, Iphone Os, Itunes and 4 more | 2019-04-04 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. | |||||
| CVE-2017-1000409 | 1 Gnu | 1 Glibc | 2019-04-04 | 6.9 MEDIUM | 7.0 HIGH |
| A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366. | |||||
| CVE-2018-1000100 | 2 Canonical, Gpac Project | 2 Ubuntu Linux, Gpac | 2019-04-03 | 6.8 MEDIUM | 7.8 HIGH |
| GPAC MP4Box version 0.7.1 and earlier contains a Buffer Overflow vulnerability in src/isomedia/avc_ext.c lines 2417 to 2420 that can result in Heap chunks being modified, this could lead to RCE. This attack appear to be exploitable via an attacker supplied MP4 file that when run by the victim may result in RCE. | |||||
| CVE-2018-9128 | 1 Dvd-x-player | 1 Dvd X Player | 2019-04-03 | 6.8 MEDIUM | 7.8 HIGH |
| DVD X Player Standard 5.5.3.9 has a Buffer Overflow via a crafted .plf file, a related issue to CVE-2007-3068. | |||||
| CVE-2018-11880 | 1 Qualcomm | 8 Sd 835, Sd 835 Firmware, Sd 845 and 5 more | 2019-04-03 | 7.2 HIGH | 7.8 HIGH |
| Incorrect bound check can lead to potential buffer overwrite in WLAN function in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660. | |||||
| CVE-2018-11874 | 1 Qualcomm | 8 Sd 835, Sd 835 Firmware, Sd 845 and 5 more | 2019-04-03 | 7.2 HIGH | 7.8 HIGH |
| Buffer overflow if the length of passphrase is more than 32 when setting up secure NDP connection in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660. | |||||
| CVE-2018-11882 | 1 Qualcomm | 8 Sd 835, Sd 835 Firmware, Sd 845 and 5 more | 2019-04-03 | 7.2 HIGH | 7.8 HIGH |
| Incorrect bound check can lead to potential buffer overwrite in WLAN controller in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660. | |||||
| CVE-2018-11871 | 1 Qualcomm | 98 Ipq4019, Ipq4019 Firmware, Ipq8064 and 95 more | 2019-04-03 | 7.2 HIGH | 7.8 HIGH |
| Buffer overwrite can happen in WLAN function while processing set pdev parameter command due to lack of input validation in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, QCA9531, QCA9558, QCA9563, QCA9880, QCA9886, QCA9980, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016. | |||||
| CVE-2018-11870 | 1 Qualcomm | 60 Mdm9206, Mdm9206 Firmware, Mdm9607 and 57 more | 2019-04-03 | 7.2 HIGH | 7.8 HIGH |
| Buffer overwrite can occur when the legacy rates count received from the host is not checked against the maximum number of legacy rates in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20. | |||||
| CVE-2018-11876 | 1 Qualcomm | 8 Sd 835, Sd 835 Firmware, Sd 845 and 5 more | 2019-04-03 | 7.2 HIGH | 7.8 HIGH |
| Lack of input validation while copying to buffer in WLAN will lead to a buffer overflow in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660. | |||||
| CVE-2018-11884 | 1 Qualcomm | 8 Sd 835, Sd 835 Firmware, Sd 845 and 5 more | 2019-04-03 | 7.2 HIGH | 7.8 HIGH |
| Improper input validation leads to buffer overflow while processing network list offload command in WLAN function in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660 | |||||
| CVE-2018-11875 | 1 Qualcomm | 4 Sd 845, Sd 845 Firmware, Sd 850 and 1 more | 2019-04-03 | 7.2 HIGH | 7.8 HIGH |
| Lack of check of buffer size before copying in a WLAN function can lead to a buffer overflow in Snapdragon Mobile in version SD 845, SD 850. | |||||
| CVE-2018-11877 | 1 Qualcomm | 8 Sd 835, Sd 835 Firmware, Sd 845 and 5 more | 2019-04-03 | 7.2 HIGH | 7.8 HIGH |
| When the buffer length passed is very large in WLAN, bounds check could be bypassed leading to potential buffer overwrite in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660. | |||||
| CVE-2018-15840 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2019-04-02 | 5.0 MEDIUM | 7.5 HIGH |
| TP-Link TL-WR840N devices allow remote attackers to cause a denial of service (networking outage) via fragmented packets, as demonstrated by an "nmap -f" command. | |||||
| CVE-2018-14745 | 1 Samsung | 2 Galaxy S6, Galaxy S6 Firmware | 2019-04-01 | 5.8 MEDIUM | 8.8 HIGH |
| Buffer overflow in prot_get_ring_space in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to overwrite kernel memory due to improper validation of the ring buffer read pointer. The Samsung ID is SVE-2018-12029. | |||||
| CVE-2019-8381 | 2 Appneta, Fedoraproject | 2 Tcpreplay, Fedora | 2019-03-30 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in do_checksum in checksum.c. It can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. | |||||
| CVE-2019-10060 | 1 Verifone | 1 Verix Multi-app Conductor | 2019-03-28 | 6.8 MEDIUM | 8.1 HIGH |
| The Verix Multi-app Conductor application 2.7 for Verifone Verix suffers from a buffer overflow vulnerability that allows attackers to execute arbitrary code via a long configuration key value. An attacker must be able to download files to the device in order to exploit this vulnerability. | |||||
| CVE-2017-11111 | 2 Canonical, Nasm | 2 Ubuntu Linux, Netwide Assembler | 2019-03-28 | 6.8 MEDIUM | 7.8 HIGH |
| In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. | |||||
| CVE-2018-12233 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2019-03-27 | 6.8 MEDIUM | 7.8 HIGH |
| In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr. | |||||
| CVE-2017-8594 | 1 Microsoft | 4 Internet Explorer, Windows 8.1, Windows Rt 8.1 and 1 more | 2019-03-26 | 7.6 HIGH | 7.5 HIGH |
| Internet Explorer on Microsoft Windows 8.1 and Windows RT 8.1, and Windows Server 2012 R2 allows an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". | |||||
| CVE-2016-4447 | 8 Apple, Canonical, Debian and 5 more | 12 Iphone Os, Itunes, Mac Os X and 9 more | 2019-03-26 | 5.0 MEDIUM | 7.5 HIGH |
| The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName. | |||||
| CVE-2016-1762 | 6 Apple, Canonical, Debian and 3 more | 15 Iphone Os, Mac Os X, Safari and 12 more | 2019-03-26 | 5.8 MEDIUM | 8.1 HIGH |
| The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. | |||||
| CVE-2019-9969 | 2 Microsoft, Xnview | 2 Windows, Xnview Classic | 2019-03-25 | 6.8 MEDIUM | 7.8 HIGH |
| XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to xnview+0x385399. | |||||
| CVE-2019-9968 | 2 Microsoft, Xnview | 2 Windows, Xnview Classic | 2019-03-25 | 6.8 MEDIUM | 7.8 HIGH |
| XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlQueueWorkItem. | |||||
| CVE-2019-9967 | 2 Microsoft, Xnview | 2 Windows, Xnview Classic | 2019-03-25 | 6.8 MEDIUM | 7.8 HIGH |
| XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlPrefixUnicodeString. | |||||
| CVE-2019-9966 | 2 Microsoft, Xnview | 2 Windows, Xnview Classic | 2019-03-25 | 6.8 MEDIUM | 7.8 HIGH |
| XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to xnview+0x38536c. | |||||
| CVE-2019-9964 | 2 Microsoft, Xnview | 2 Windows, Xnview Mp | 2019-03-25 | 6.8 MEDIUM | 7.8 HIGH |
| XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlpNtMakeTemporaryKey. | |||||
| CVE-2019-9962 | 2 Microsoft, Xnview | 2 Windows, Xnview Mp | 2019-03-25 | 6.8 MEDIUM | 7.8 HIGH |
| XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to VCRUNTIME140!memcpy. | |||||
| CVE-2019-9963 | 2 Microsoft, Xnview | 2 Windows, Xnview Mp | 2019-03-25 | 6.8 MEDIUM | 7.8 HIGH |
| XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlFreeHeap. | |||||
| CVE-2019-9965 | 2 Microsoft, Xnview | 2 Windows, Xnview Mp | 2019-03-25 | 6.8 MEDIUM | 7.8 HIGH |
| XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlReAllocateHeap. | |||||
| CVE-2016-1740 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-03-25 | 9.3 HIGH | 7.8 HIGH |
| FontParser in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document. | |||||
| CVE-2016-1817 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-03-25 | 9.3 HIGH | 7.8 HIGH |
| IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1818 and CVE-2016-1819. | |||||
| CVE-2016-1808 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-03-25 | 9.3 HIGH | 7.8 HIGH |
| The Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2016-1755 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-03-25 | 9.3 HIGH | 7.8 HIGH |
| The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1754. | |||||
| CVE-2016-1754 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-03-25 | 9.3 HIGH | 7.8 HIGH |
| The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1755. | |||||