Search
Total
1243 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-11865 | 1 Qualcomm | 48 Mdm9206, Mdm9206 Firmware, Mdm9607 and 45 more | 2018-12-07 | 7.2 HIGH | 7.8 HIGH |
| Integer overflow may happen when calculating an internal structure size due to lack of validation of the input length in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016. | |||||
| CVE-2018-11866 | 1 Qualcomm | 50 Ipq8074, Ipq8074 Firmware, Mdm9206 and 47 more | 2018-12-07 | 7.2 HIGH | 7.8 HIGH |
| Integer overflow may happen in WLAN when calculating an internal structure size due to lack of validation of the input length in Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016. | |||||
| CVE-2018-12361 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2018-12-06 | 6.8 MEDIUM | 8.8 HIGH |
| An integer overflow can occur in the SwizzleData code while calculating buffer sizes. The overflowed value is used for subsequent graphics computations when their inputs are not sanitized which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61. | |||||
| CVE-2018-12362 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2018-12-03 | 6.8 MEDIUM | 8.8 HIGH |
| An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. | |||||
| CVE-2017-16831 | 1 Gnu | 1 Binutils | 2018-11-27 | 6.8 MEDIUM | 7.8 HIGH |
| coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file. | |||||
| CVE-2017-16828 | 1 Gnu | 1 Binutils | 2018-11-27 | 6.8 MEDIUM | 7.8 HIGH |
| The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_debug_frame. | |||||
| CVE-2017-16832 | 1 Gnu | 1 Binutils | 2018-11-27 | 6.8 MEDIUM | 7.8 HIGH |
| The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file. | |||||
| CVE-2017-16830 | 1 Gnu | 1 Binutils | 2018-11-27 | 6.8 MEDIUM | 7.8 HIGH |
| The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file. | |||||
| CVE-2017-15587 | 1 Artifex | 1 Mupdf | 2018-11-27 | 6.8 MEDIUM | 7.8 HIGH |
| An integer overflow was discovered in pdf_read_new_xref_section in pdf/pdf-xref.c in Artifex MuPDF 1.11. | |||||
| CVE-2018-9498 | 1 Google | 1 Android | 2018-11-20 | 9.3 HIGH | 7.8 HIGH |
| In SkSampler::Fill of SkSampler.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78354855 | |||||
| CVE-2017-15818 | 1 Google | 1 Android | 2018-11-12 | 7.2 HIGH | 7.8 HIGH |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while loading a user application in qseecom, an integer overflow could potentially occur if the application partition size is rounded up to page_size. | |||||
| CVE-2018-12511 | 1 Substratum | 1 Substratum | 2018-11-09 | 5.0 MEDIUM | 7.5 HIGH |
| In the mintToken function of a smart contract implementation for Substratum (SUB), an Ethereum ERC20 token, the administrator can control mintedAmount, leverage an integer overflow, and modify a user account's balance arbitrarily. | |||||
| CVE-2018-17050 | 1 Polyai Project | 1 Polyai | 2018-11-09 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for PolyAi (AI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2017-15828 | 1 Google | 1 Android | 2018-11-09 | 4.6 MEDIUM | 7.8 HIGH |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while accessing the keystore in LK, an integer overflow vulnerability exists which may potentially lead to a buffer overflow. | |||||
| CVE-2018-11886 | 1 Google | 1 Android | 2018-11-09 | 7.2 HIGH | 7.8 HIGH |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check while calculating the MPDU data length will cause an integer overflow and then to buffer overflow in WLAN function. | |||||
| CVE-2017-2777 | 1 Iceni | 1 Argus | 2018-11-06 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable heap overflow vulnerability exists in the ipStringCreate function of Iceni Argus Version 6.6.05. A specially crafted pdf file can cause an integer overflow resulting in heap overflow. An attacker can send file to trigger this vulnerability. | |||||
| CVE-2018-8441 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2018-11-02 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka "Windows Subsystem for Linux Elevation of Privilege Vulnerability." This affects Windows 10, Windows 10 Servers. | |||||
| CVE-2017-0104 | 1 Microsoft | 3 Windows Server 2008, Windows Server 2012, Windows Server 2016 | 2018-10-30 | 9.3 HIGH | 8.1 HIGH |
| The iSNS Server service in Microsoft Windows Server 2008 SP2 and R2, Windows Server 2012 Gold and R2, and Windows Server 2016 allows remote attackers to issue malicious requests via an integer overflow, aka "iSNS Server Memory Corruption Vulnerability." | |||||
| CVE-2016-5158 | 2 Google, Opensuse | 2 Chrome, Leap | 2018-10-30 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data. | |||||
| CVE-2016-5152 | 2 Google, Opensuse | 2 Chrome, Leap | 2018-10-30 | 6.8 MEDIUM | 8.8 HIGH |
| Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data. | |||||
| CVE-2016-5159 | 2 Google, Opensuse | 2 Chrome, Leap | 2018-10-30 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data that is mishandled during opj_aligned_malloc calls in dwt.c and t1.c. | |||||
| CVE-2016-2347 | 3 Debian, Lhasa Project, Opensuse | 4 Debian Linux, Lhasa, Leap and 1 more | 2018-10-30 | 6.8 MEDIUM | 7.8 HIGH |
| Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive. | |||||
| CVE-2016-3945 | 2 Libtiff, Oracle | 2 Libtiff, Vm Server | 2018-10-30 | 6.8 MEDIUM | 7.8 HIGH |
| Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write. | |||||
| CVE-2018-11687 | 1 Bitcoin Red Project | 1 Bitcoin Red | 2018-10-15 | 5.0 MEDIUM | 7.5 HIGH |
| An integer overflow in the distributeBTR function of a smart contract implementation for Bitcoin Red (BTCR), an Ethereum ERC20 token, allows the owner to accomplish an unauthorized increase of digital assets by providing a large address[] array, as exploited in the wild in May 2018, aka the "ownerUnderflow" issue. | |||||
| CVE-2018-14295 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2018-09-27 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF Phantom PDF 9.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF documents. When parsing shading patterns, the process does not properly validate user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6223. | |||||
| CVE-2018-14444 | 1 Libdxfrw Project | 1 Libdxfrw | 2018-09-17 | 5.0 MEDIUM | 7.5 HIGH |
| libdxfrw 0.6.3 has an Integer Overflow in dwgCompressor::decompress18 in dwgutil.cpp, leading to an out-of-bounds read and application crash. | |||||
| CVE-2018-11304 | 1 Google | 1 Android | 2018-09-07 | 4.6 MEDIUM | 7.8 HIGH |
| Possible buffer overflow in msm_adsp_stream_callback_put due to lack of input validation of user-provided data that leads to integer overflow in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. | |||||
| CVE-2018-13617 | 1 Captoz Project | 1 Captoz | 2018-09-06 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for CAPTOZ, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13503 | 1 South Park Token Token Project | 1 South Park Token Token | 2018-09-06 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for South Park Token Token (SPTKN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13325 | 1 Boodskap | 1 Growchain | 2018-09-05 | 5.0 MEDIUM | 7.5 HIGH |
| The _sell function of a smart contract implementation for GROWCHAIN (GROW), an Ethereum token, has an integer overflow. | |||||
| CVE-2018-5875 | 1 Qualcomm | 48 Mdm9206, Mdm9206 Firmware, Mdm9607 and 45 more | 2018-09-05 | 6.8 MEDIUM | 8.8 HIGH |
| While parsing an mp4 file, an integer overflow leading to a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. | |||||
| CVE-2018-13545 | 1 Hashshield Project | 1 Hashshield | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for HashShield, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13546 | 1 Ccash Project | 1 Ccash | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for CCASH, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13547 | 1 Pve Project | 1 Pve | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Providence Crypto Casino (PVE) (Contract Name: ProvidenceCasinoToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13550 | 1 Coquinhoerc20 Project | 1 Coquinhoerc20 | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Coquinho Coin (CQNC) (Contract Name: CoquinhoERC20), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13551 | 1 Bgamecoin Project | 1 Bgamecoin | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Bgamecoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13549 | 1 Neurotoken | 1 Neurotoken | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for NeuroToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13560 | 1 Kelvintoken Project | 1 Kelvintoken | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for KelvinToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13562 | 1 Bmvcoin | 1 Bmvcoin | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for BMVCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13561 | 1 Eth033 Project | 1 Eth033 | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for YourCoin (ICO) (Contract Name: ETH033), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13567 | 1 Sdr22 Project | 1 Sdr22 | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for SDR, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13568 | 1 Mktcoin | 1 Mktcoin | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for MktCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13566 | 1 Retainly | 1 Retntoken | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for RETNToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13569 | 1 Yaofache | 1 Hittoken | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for HitToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13570 | 1 Kktestcoin1 Project | 1 Kktestcoin1 | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mint function of a smart contract implementation for kkTestCoin1 (KTC1), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13579 | 1 Forevercoin Project | 1 Forevercoin | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for ForeverCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13580 | 1 Providencecasino Project | 1 Providencecasino | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for ProvidenceCasino (PVE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13575 | 1 Yestoken Project | 1 Yestoken | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for YESToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13582 | 1 My2token Project | 1 My2token | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for My2Token, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13583 | 1 Shmoo Project | 1 Shmoo | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Shmoo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||