Total
12111 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-4146 | 4 Apple, Canonical, Microsoft and 1 more | 9 Icloud, Iphone Os, Itunes and 6 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows attackers to cause a denial of service (memory corruption) via a crafted web site. | |||||
| CVE-2017-5400 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. | |||||
| CVE-2018-10194 | 4 Artifex, Canonical, Debian and 1 more | 9 Ghostscript, Ubuntu Linux, Debian Linux and 6 more | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. | |||||
| CVE-2018-13869 | 1 Hdfgroup | 1 Hdf5 | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the HDF HDF5 1.8.20 library. There is a memcpy parameter overlap in the function H5O_link_decode in H5Olink.c. | |||||
| CVE-2017-17773 | 1 Qualcomm | 58 Mdm9206, Mdm9206 Firmware, Mdm9607 and 55 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| In Snapdragon Automobile, Snapdragon Wearable and Snapdragon Mobile MDM9206,MDM9607,MDM9650,SD 210/SD 212/SD 205,SD 400,SD 410/12,SD 425,SD 430,SD 450,SD 600,SD 602A,SD 615/16/SD 415,SD 617,SD 625,SD 650/52,SD 800,SD 808,SD 810,SD 820,SD 820Am,SD 835,SD 845,MSM8909W, improper input validation in video_fmt_mp4r_process_atom_avc1() causes a potential buffer overflow. | |||||
| CVE-2017-15335 | 1 Huawei | 52 Dp300, Dp300 Firmware, Espace U1981 and 49 more | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| The SIP backup feature in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, RP200 V500R002C00, V600R006C00, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, USG9500 V500R001C00, V500R001C20, V500R001C30, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V200R001C02, V200R001C30, V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02, V100R011C03, eSpace U1981 V100R001C20, V200R003C00, V200R003C20, V200R003C30 has a buffer overflow vulnerability. An attacker may send specially crafted messages to the affected products. Due to the insufficient validation of some values for SIP messages, successful exploit may cause services abnormal. | |||||
| CVE-2018-0541 | 1 Tinyftp Project | 1 Tinyftp | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| Buffer overflow in Tiny FTP Daemon Ver0.52d allows an attacker to cause a denial-of-service (DoS) condition or execute arbitrary code via unspecified vectors. | |||||
| CVE-2018-11100 | 1 Libming | 1 Libming | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| The decompileSETTARGET function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact. | |||||
| CVE-2018-4998 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, and 2015.006.30394 and earlier have a Memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
| CVE-2018-4109 | 1 Apple | 3 Apple Tv, Iphone Os, Watchos | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2018-5183 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox Esr and 8 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8. | |||||
| CVE-2018-0608 | 1 Dena | 1 H2o | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in H2O version 2.2.4 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via unspecified vectors. | |||||
| CVE-2018-5848 | 3 Debian, Google, Redhat | 6 Debian Linux, Android, Enterprise Linux Desktop and 3 more | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | |||||
| CVE-2017-15355 | 1 Huawei | 14 Dp300, Dp300 Firmware, Rp200 and 11 more | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, V500R002C00,V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00,V600R006C00, TE60, V100R001C10, V500R002C00, V600R006C00, TX50,V500R002C00, V600R006C00 have a buffer overflow vulnerability. An attacker may send specially crafted HTTP messages to the affected products. Due insufficient input validation of three different parameters in the messages, successful exploit may cause some service abnormal. | |||||
| CVE-2014-1215 | 1 Coreftp | 1 Core Ftp | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| Multiple buffer overflows in Core FTP Server before 1.2 build 508 allow local users to gain privileges via vectors related to reading data from config.dat and Windows Registry. | |||||
| CVE-2017-14884 | 1 Google | 1 Android | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, due to lack of bounds checking on the variable "data_len" from the function WLANQCMBR_McProcessMsg, a buffer overflow may potentially occur in WLANFTM_McProcessMsg. | |||||
| CVE-2018-6851 | 1 Sophos | 3 Safeguard Easy Device Encryption Client, Safeguard Enterprise Client, Safeguard Lan Crypt Client | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80206040. By crafting an input buffer we can control the execution path to the point where the constant DWORD 0 will be written to a user-controlled address. We can take advantage of this condition to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor itself and run code in the context of a process running as SYSTEM. | |||||
| CVE-2018-7573 | 1 Ftpshell | 1 Ftpshell Client | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in FTPShell Client 6.7. A remote FTP server can send 400 characters of 'F' in conjunction with the FTP 220 response code to crash the application; after this overflow, one can run arbitrary code on the victim machine. This is similar to CVE-2009-3364 and CVE-2017-6465. | |||||
| CVE-2018-12982 | 1 Podofo Project | 1 Podofo | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact via a crafted file. | |||||
| CVE-2016-8783 | 1 Huawei | 4 Honor 6, Honor 6 Firmware, P9 Plus and 1 more | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
| Touchscreen drive in Huawei H60 (Honor 6) Versions earlier than H60-L02_6.12.16 and P9 Plus Versions earlier than VIE-AL10BC00B356 has a stack overflow vulnerabilities. An attacker tricks a user into installing a malicious application on the smart phone, and send given parameter to touchscreen drive to crash the system or escalate privilege. | |||||