Search
Total
6424 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-11726 | 1 Libmobi Project | 1 Libmobi | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| The mobi_decode_font_resource function in util.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file. | |||||
| CVE-2018-11778 | 1 Apache | 1 Ranger | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| UnixAuthenticationService in Apache Ranger 1.2.0 was updated to correctly handle user input to avoid Stack-based buffer overflow. Versions prior to 1.2.0 should be upgraded to 1.2.0 | |||||
| CVE-2018-11824 | 1 Qualcomm | 20 Mdm9206, Mdm9206 Firmware, Mdm9607 and 17 more | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| A stack-based buffer overflow can occur in a firmware routine in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850, SDA660 | |||||
| CVE-2018-11919 | 1 Google | 1 Android | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a potential heap overflow and memory corruption due to improper error handling in SOC infrastructure. | |||||
| CVE-2018-11929 | 1 Qualcomm | 58 Mdm9150, Mdm9150 Firmware, Mdm9206 and 55 more | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| Lack of input validation in WLAN function can lead to potential heap overflow in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM630, SDM660, SDX20, SDX24 | |||||
| CVE-2018-11945 | 1 Qualcomm | 100 Mdm9150, Mdm9150 Firmware, Mdm9206 and 97 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Improper input validation in wireless service messaging module for data received from broadcast messages can lead to heap overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in versions MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130. | |||||
| CVE-2018-12010 | 1 Google | 1 Android | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Absence of length sanity check may lead to possible stack overflow resulting in memory corruption in trustzone region. | |||||
| CVE-2018-12085 | 3 Canonical, Liblouis, Opensuse | 3 Ubuntu Linux, Liblouis, Leap | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440. | |||||
| CVE-2018-12086 | 2 Debian, Opcfoundation | 5 Debian Linux, Unified Architecture-.net-legacy, Unified Architecture-java and 2 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests. | |||||
| CVE-2018-12109 | 1 Flif | 1 Flif | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The TransformPaletteC<FileIO>::process function in transform/palette_C.hpp allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PAM image file. | |||||
| CVE-2018-12181 | 1 Tianocore | 1 Edk Ii | 2020-08-24 | 3.6 LOW | 6.0 MEDIUM |
| Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access. | |||||
| CVE-2018-12174 | 1 Intel | 1 Parallel Studio Xe | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| Heap overflow in Intel Trace Analyzer 2018 in Intel Parallel Studio XE 2018 Update 3 may allow an authenticated user to potentially escalate privileges via local access. | |||||
| CVE-2019-2034 | 1 Google | 1 Android | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| In rw_i93_sm_read_ndef of rw_i93.cc, there is a possible out-of-bounds write due to an integer overflow. This could lead to local escalation of privilege in the NFC process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-122035770. | |||||
| CVE-2018-12293 | 3 Canonical, Webkitgtk, Wpewebkit | 3 Ubuntu Linux, Webkitgtk\+, Wpe Webkit | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer overflow, which could be abused by crafted HTML content. | |||||
| CVE-2018-12327 | 1 Ntp | 1 Ntp | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source. | |||||
| CVE-2019-20426 | 1 Lustre | 1 Lustre | 2020-08-24 | 7.8 HIGH | 7.5 HIGH |
| In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function ldlm_cancel_hpreq_check, there is no lock_count bounds check. | |||||
| CVE-2018-1232 | 1 Rsa | 1 Authentication Agent For Web | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are impacted by a stack-based buffer overflow which may occur when handling certain malicious web cookies that have invalid formats. The attacker could exploit this vulnerability to crash the authentication agent and cause a denial-of-service situation. | |||||
| CVE-2018-12393 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3. | |||||
| CVE-2018-12447 | 1 Libbpg Project | 1 Libbpg | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.8 and other products, has an integer overflow that leads to a heap-based buffer overflow and remote code execution. | |||||
| CVE-2018-7487 | 2 Debian, Sam2p Project | 2 Debian Linux, Sam2p | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| There is a heap-based buffer overflow in the LoadPCX function of in_pcx.cpp in sam2p 0.49.4. A Crafted input will lead to a denial of service or possibly unspecified other impact. | |||||
| CVE-2018-12601 | 2 Debian, Sam2p Project | 2 Debian Linux, Sam2p | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| There is a heap-based buffer overflow in ReadImage in input-tga.ci in sam2p 0.49.4 that leads to a denial of service or possibly unspecified other impact. | |||||
| CVE-2018-12578 | 1 Sam2p Project | 1 Sam2p | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| There is a heap-based buffer overflow in bmp_compress1_row in appliers.cpp in sam2p 0.49.4 that leads to a denial of service or possibly unspecified other impact. | |||||
| CVE-2018-12693 | 1 Tp-link | 2 Tl-wa850re, Tl-wa850re Firmware | 2020-08-24 | 6.8 MEDIUM | 6.5 MEDIUM |
| Stack-based buffer overflow in TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to cause a denial of service (outage) via a long type parameter to /data/syslog.filter.json. | |||||
| CVE-2018-12785 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
| CVE-2019-20541 | 1 Google | 1 Android | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. The Wi-Fi kernel drivers have a stack overflow. The Samsung IDs are SVE-2019-14965, SVE-2019-14966, SVE-2019-14968, SVE-2019-14969, SVE-2019-14970, SVE-2019-14980, SVE-2019-14981, SVE-2019-14982, SVE-2019-14983, SVE-2019-14984, SVE-2019-15122, SVE-2019-15123 (November 2019). | |||||
| CVE-2018-12788 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
| CVE-2018-12798 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
| CVE-2019-20556 | 3 Google, Qualcomm, Samsung | 7 Android, Sm6150, Sm8150 and 4 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with P(9.0) (SM6150, SM8150, SM8150_FUSION, exynos7885, exynos9610, and exynos9820 chipsets) software. RKP memory corruption allows attackers to control the effective address in EL2. The Samsung ID is SVE-2019-15221 (October 2019). | |||||
| CVE-2018-12813 | 1 Adobe | 1 Digital Editions | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-20566 | 1 Samsung | 1 Exynos Smp1300 | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with any (before September 2019 for SMP1300 Exynos modem chipsets) software. Attackers can trigger stack corruption in the Shannon modem via a crafted RP-Originator/Destination address. The Samsung ID is SVE-2019-14858 (September 2019). | |||||
| CVE-2018-12814 | 1 Adobe | 1 Digital Editions | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2018-7359 | 1 Zte | 2 Zxhn F670, Zxhn F670 Firmware | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by heap-based buffer overflow vulnerability, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2018-12823 | 1 Adobe | 1 Digital Editions | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2018-12830 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2020-08-24 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2018-12832 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2020-08-24 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2018-12833 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2020-08-24 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-20601 | 2 Google, Samsung | 6 Android, Exynos 7570, Exynos 7580 and 3 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos7570, 7580, 7870, 7880, and 8890 chipsets) software. RKP memory corruption causes an arbitrary write to protected memory. The Samsung ID is SVE-2019-13921-2 (May 2019). | |||||
| CVE-2018-12836 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2020-08-24 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2018-12837 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2020-08-24 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2018-12846 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2020-08-24 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2018-12847 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2018-12851 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2020-08-24 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2018-12889 | 1 Ccn-lite | 1 Ccn-lite | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in CCN-lite 2.0.1. There is a heap-based buffer overflow in mkAddToRelayCacheRequest and in ccnl_populate_cache for an array lacking '\0' termination when reading a binary CCNx or NDN file. This can result in Heap Corruption. This was addressed by fixing the memory management in mkAddToRelayCacheRequest in ccn-lite-ctrl.c. | |||||
| CVE-2018-12932 | 1 Winehq | 1 Wine | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by triggering a large pAlphaBlend->cbBitsSrc value. | |||||
| CVE-2018-13030 | 1 Jpeg-compressor Project | 1 Jpeg Compressor | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in jpeg-compressor 0.1. The build_huffman function in stb_image.c allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact. | |||||
| CVE-2018-13037 | 1 Jpeg-compressor Project | 1 Jpeg Compressor | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in jpeg-compressor 0.1. The bmp_load function in stb_image.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact. | |||||
| CVE-2018-6913 | 3 Canonical, Debian, Perl | 3 Ubuntu Linux, Debian Linux, Perl | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count. | |||||
| CVE-2018-13095 | 1 Linux | 1 Linux Kernel | 2020-08-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. A denial of service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork. | |||||
| CVE-2018-13139 | 2 Debian, Libsndfile Project | 2 Debian Linux, Libsndfile | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave. | |||||
| CVE-2018-13833 | 1 Cmft Project | 1 Cmft | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in cmft through 2017-09-24. The cmft::rwReadFile function in image.cpp allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact. | |||||