Total
6831 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20314 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCheckLicence race condition that can cause a stack-based buffer overflow or an out-of-bounds read. | |||||
| CVE-2018-20313 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyPreviewAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read. | |||||
| CVE-2018-20312 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read, a different issue than CVE-2018-20310 because of a different opcode. | |||||
| CVE-2018-20311 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCPDFAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read. | |||||
| CVE-2018-20310 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read. | |||||
| CVE-2018-20309 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyGetAppEdition race condition that can cause a stack-based buffer overflow or an out-of-bounds read. | |||||
| CVE-2018-20253 | 1 Rarlab | 1 Winrar | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| In WinRAR versions prior to and including 5.60, There is an out-of-bounds write vulnerability during parsing of a crafted LHA / LZH archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
| CVE-2018-20252 | 1 Rarlab | 1 Winrar | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during parsing of crafted ACE and RAR archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
| CVE-2018-20247 | 1 Foxitsoftware | 1 Quick Pdf Library | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing a recursive page tree structure using the LoadFromFile, LoadFromString or LoadFromStream functions results in a stack overflow. | |||||
| CVE-2018-20230 | 1 Gnu | 1 Pspp | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
| CVE-2018-20197 | 1 Audiocoding | 1 Freeware Advanced Audio Decoder 2 | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the additional noise energy level is mishandled for the G_max > G case. | |||||
| CVE-2018-20196 | 2 Audiocoding, Debian | 2 Freeware Advanced Audio Decoder 2, Debian Linux | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is mishandled. | |||||
| CVE-2018-20194 | 1 Audiocoding | 1 Freeware Advanced Audio Decoder 2 | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the additional noise energy level is mishandled for the G_max <= G case. | |||||
| CVE-2018-20004 | 3 Debian, Fedoraproject, Mini-xml Project | 3 Debian Linux, Fedora, Mini-xml | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based buffer overflow in mxml_write_node in mxml-file.c via vectors involving a double-precision floating point number and the '<order type="real">' substring, as demonstrated by testmxml. | |||||
| CVE-2018-1936 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2024-11-21 | 7.2 HIGH | 8.4 HIGH |
| IBM DB2 9.7, 10.1, 10.5, and 11.1 libdb2e.so.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 153316. | |||||
| CVE-2018-1897 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2024-11-21 | 4.6 MEDIUM | 8.4 HIGH |
| IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5., and 11.1 db2pdcfg is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 152462. | |||||
| CVE-2018-1459 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to stack based buffer overflow, caused by improper bounds checking which could lead an attacker to execute arbitrary code. IBM X-Force ID: 140210. | |||||
| CVE-2018-1232 | 1 Rsa | 1 Authentication Agent For Web | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are impacted by a stack-based buffer overflow which may occur when handling certain malicious web cookies that have invalid formats. The attacker could exploit this vulnerability to crash the authentication agent and cause a denial-of-service situation. | |||||
| CVE-2018-1176 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ePub files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5442. | |||||
| CVE-2018-1171 | 2 Joyent, Oracle | 2 Smartos, Solaris | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
| This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DTrace DOF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the host OS. Was ZDI-CAN-5106. | |||||