Search
Total
3972 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-9264 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-adb.c by checking for a length inconsistency. | |||||
| CVE-2018-8905 | 3 Canonical, Debian, Libtiff | 3 Ubuntu Linux, Debian Linux, Libtiff | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps. | |||||
| CVE-2018-12086 | 2 Debian, Opcfoundation | 5 Debian Linux, Unified Architecture-.net-legacy, Unified Architecture-java and 2 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests. | |||||
| CVE-2018-12109 | 1 Flif | 1 Flif | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The TransformPaletteC<FileIO>::process function in transform/palette_C.hpp allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PAM image file. | |||||
| CVE-2018-12085 | 3 Canonical, Liblouis, Opensuse | 3 Ubuntu Linux, Liblouis, Leap | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440. | |||||
| CVE-2018-8643 | 1 Microsoft | 9 Internet Explorer, Windows 10, Windows 7 and 6 more | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. | |||||
| CVE-2018-8629 | 1 Microsoft | 5 Chakracore, Edge, Windows 10 and 2 more | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8617, CVE-2018-8618, CVE-2018-8624. | |||||
| CVE-2018-8624 | 1 Microsoft | 5 Chakracore, Edge, Windows 10 and 2 more | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8617, CVE-2018-8618, CVE-2018-8629. | |||||
| CVE-2018-12010 | 1 Google | 1 Android | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Absence of length sanity check may lead to possible stack overflow resulting in memory corruption in trustzone region. | |||||
| CVE-2018-8618 | 1 Microsoft | 5 Chakracore, Edge, Windows 10 and 2 more | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8617, CVE-2018-8624, CVE-2018-8629. | |||||
| CVE-2018-8617 | 1 Microsoft | 5 Chakracore, Edge, Windows 10 and 2 more | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8618, CVE-2018-8624, CVE-2018-8629. | |||||
| CVE-2018-8588 | 1 Microsoft | 5 Chakracore, Edge, Windows 10 and 2 more | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557. | |||||
| CVE-2018-8583 | 1 Microsoft | 4 Chakracore, Edge, Windows 10 and 1 more | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8617, CVE-2018-8618, CVE-2018-8624, CVE-2018-8629. | |||||
| CVE-2018-11929 | 1 Qualcomm | 58 Mdm9150, Mdm9150 Firmware, Mdm9206 and 55 more | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| Lack of input validation in WLAN function can lead to potential heap overflow in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM630, SDM660, SDX20, SDX24 | |||||
| CVE-2018-8557 | 1 Microsoft | 5 Chakracore, Edge, Windows 10 and 2 more | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8588. | |||||
| CVE-2018-8556 | 1 Microsoft | 5 Chakracore, Edge, Windows 10 and 2 more | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8557, CVE-2018-8588. | |||||
| CVE-2018-11919 | 1 Google | 1 Android | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a potential heap overflow and memory corruption due to improper error handling in SOC infrastructure. | |||||
| CVE-2018-8555 | 1 Microsoft | 5 Chakracore, Edge, Windows 10 and 2 more | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8556, CVE-2018-8557, CVE-2018-8588. | |||||
| CVE-2018-8551 | 1 Microsoft | 4 Chakracore, Edge, Windows 10 and 1 more | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557, CVE-2018-8588. | |||||
| CVE-2018-8543 | 1 Microsoft | 5 Chakracore, Edge, Windows 10 and 2 more | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557, CVE-2018-8588. | |||||
| CVE-2018-8542 | 1 Microsoft | 5 Chakracore, Edge, Windows 10 and 2 more | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557, CVE-2018-8588. | |||||
| CVE-2018-8541 | 1 Microsoft | 4 Chakracore, Edge, Windows 10 and 1 more | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557, CVE-2018-8588. | |||||
| CVE-2018-8531 | 1 Microsoft | 2 Azure Internet Of Things Edge, Csharp Software Development Kit | 2020-08-24 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists in the way that Azure IoT Hub Device Client SDK using MQTT protocol accesses objects in memory, aka "Azure IoT Device Client SDK Memory Corruption Vulnerability." This affects Hub Device Client SDK, Azure IoT Edge. | |||||
| CVE-2018-8513 | 1 Microsoft | 4 Chakracore, Edge, Windows 10 and 1 more | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8503, CVE-2018-8505, CVE-2018-8510, CVE-2018-8511. | |||||
| CVE-2018-11824 | 1 Qualcomm | 20 Mdm9206, Mdm9206 Firmware, Mdm9607 and 17 more | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| A stack-based buffer overflow can occur in a firmware routine in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850, SDA660 | |||||
| CVE-2018-8511 | 1 Microsoft | 4 Chakracore, Edge, Windows 10 and 1 more | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8503, CVE-2018-8505, CVE-2018-8510, CVE-2018-8513. | |||||
| CVE-2018-11778 | 1 Apache | 1 Ranger | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| UnixAuthenticationService in Apache Ranger 1.2.0 was updated to correctly handle user input to avoid Stack-based buffer overflow. Versions prior to 1.2.0 should be upgraded to 1.2.0 | |||||
| CVE-2018-8510 | 1 Microsoft | 4 Chakracore, Edge, Windows 10 and 1 more | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8503, CVE-2018-8505, CVE-2018-8511, CVE-2018-8513. | |||||
| CVE-2019-9956 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file. | |||||
| CVE-2018-8509 | 1 Microsoft | 2 Edge, Windows 10 | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8473. | |||||
| CVE-2019-9928 | 3 Canonical, Debian, Gstreamer Project | 3 Ubuntu Linux, Debian Linux, Gstreamer | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution. | |||||
| CVE-2018-8505 | 1 Microsoft | 5 Chakracore, Edge, Windows 10 and 2 more | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8503, CVE-2018-8510, CVE-2018-8511, CVE-2018-8513. | |||||
| CVE-2018-8503 | 1 Microsoft | 5 Chakracore, Edge, Windows 10 and 2 more | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8505, CVE-2018-8510, CVE-2018-8511, CVE-2018-8513. | |||||
| CVE-2019-9766 | 1 Cleanersoft | 1 Free Mp3 Cd Ripper | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| Stack-based buffer overflow in Free MP3 CD Ripper 2.6, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .mp3 file. | |||||
| CVE-2018-8491 | 1 Microsoft | 9 Internet Explorer, Windows 10, Windows 7 and 6 more | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-8460. | |||||
| CVE-2018-11726 | 1 Libmobi Project | 1 Libmobi | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| The mobi_decode_font_resource function in util.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file. | |||||
| CVE-2019-9729 | 1 Shanda | 1 Maplestory Online | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| In Shanda MapleStory Online V160, the SdoKeyCrypt.sys driver allows privilege escalation to NT AUTHORITY\SYSTEM because of not validating the IOCtl 0x8000c01c input value, leading to an integer signedness error and a heap-based buffer underflow. | |||||
| CVE-2018-8473 | 1 Microsoft | 4 Chakracore, Edge, Windows 10 and 1 more | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8509. | |||||
| CVE-2018-8467 | 1 Microsoft | 4 Chakracore, Edge, Windows 10 and 1 more | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8367, CVE-2018-8465, CVE-2018-8466. | |||||
| CVE-2018-8466 | 1 Microsoft | 4 Chakracore, Edge, Windows 10 and 1 more | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8367, CVE-2018-8465, CVE-2018-8467. | |||||
| CVE-2019-9469 | 1 Google | 1 Android | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| In km_compute_shared_hmac of km4.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-130246677 | |||||
| CVE-2018-8465 | 1 Microsoft | 4 Chakracore, Edge, Windows 10 and 1 more | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8367, CVE-2018-8466, CVE-2018-8467. | |||||
| CVE-2018-8461 | 1 Microsoft | 2 Internet Explorer, Windows 10 | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-8447. | |||||
| CVE-2018-11685 | 3 Canonical, Liblouis, Opensuse | 3 Ubuntu Linux, Liblouis, Leap | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c. | |||||
| CVE-2018-8460 | 1 Microsoft | 9 Internet Explorer, Windows 10, Windows 7 and 6 more | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-8491. | |||||
| CVE-2018-8459 | 1 Microsoft | 3 Chakracore, Edge, Windows 10 | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8354, CVE-2018-8391, CVE-2018-8456, CVE-2018-8457. | |||||
| CVE-2018-8457 | 1 Microsoft | 9 Edge, Internet Explorer, Windows 10 and 6 more | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-8354, CVE-2018-8391, CVE-2018-8456, CVE-2018-8459. | |||||
| CVE-2019-9357 | 1 Google | 1 Android | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112662995 | |||||
| CVE-2018-11684 | 3 Canonical, Liblouis, Opensuse | 3 Ubuntu Linux, Liblouis, Leap | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c. | |||||
| CVE-2018-8456 | 1 Microsoft | 3 Chakracore, Edge, Windows 10 | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8354, CVE-2018-8391, CVE-2018-8457, CVE-2018-8459. | |||||