Total
12110 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-4393 | 1 Apple | 1 Mac Os X | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14. | |||||
| CVE-2018-16595 | 1 Sony | 105 Kd-43xe7000, Kd-43xe7002, Kd-43xe7003 and 102 more | 2024-02-04 | 3.3 LOW | 6.5 MEDIUM |
| The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices has a Buffer Overflow. | |||||
| CVE-2018-1992 | 1 Ibm | 22 Power System Ac922 \(8335-gtg\), Power System Ac922 \(8335-gtg\) Firmware, Power System Ac922 \(8335-gth\) and 19 more | 2024-02-04 | 6.9 MEDIUM | 6.4 MEDIUM |
| The IBM Power 9 OP910, OP920, and FW910 boot firmware's bootloader is responsible for loading and validating the initial boot firmware image that drives the rest of the system's hardware initialization. The bootloader firmware contains a buffer overflow vulnerability such that, if an attacker were able to replace the initial boot firmware image with a very carefully crafted and sufficiently large, malicious replacement, it could cause the bootloader, during the load of that image, to overwrite its own instruction memory and circumvent secure boot protections, install trojans, etc. IBM X-Force ID: 154345. | |||||
| CVE-2017-10723 | 1 Ishekar | 2 Endoscope Camera, Endoscope Camera Firmware | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that an attacker connected to the device Wi-Fi SSID can exploit a memory corruption issue and execute remote code on the device. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries. The firmware contains binary uvc_stream that is the UDP daemon which is responsible for handling all the UDP requests that the device receives. The client application sends a UDP request to change the Wi-Fi name which contains the following format: "SETCMD0001+0001+[2 byte length of wifiname]+[Wifiname]. This request is handled by "control_Dev_thread" function which at address "0x00409AE0" compares the incoming request and determines if the 10th byte is 01 and if it is then it redirects to 0x0040A74C which calls the function "setwifiname". The function "setwifiname" uses a memcpy function but uses the length of the payload obtained by using strlen function as the third parameter which is the number of bytes to copy and this allows an attacker to overflow the function and control the $PC value. | |||||
| CVE-2019-13243 | 1 Irfanview | 1 Irfanview | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| IrfanView 4.52 has a User Mode Write AV starting at image00400000+0x00000000000249c6. | |||||
| CVE-2017-14854 | 1 Orpak | 1 Siteomat | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| A stack buffer overflow exists in one of the Orpak SiteOmat CGI components, allowing for remote code execution. The vulnerability affects all versions prior to 2017-09-25. | |||||
| CVE-2019-9966 | 2 Microsoft, Xnview | 2 Windows, Xnview Classic | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to xnview+0x38536c. | |||||
| CVE-2018-4372 | 2 Apple, Microsoft | 7 Icloud, Iphone Os, Itunes and 4 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. | |||||
| CVE-2018-4332 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. | |||||
| CVE-2019-12899 | 1 Deltaww | 1 Devicenet Builder | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Delta Electronics DeviceNet Builder 2.04 has a User Mode Write AV starting at ntdll!RtlQueueWorkItem+0x00000000000005e3. | |||||
| CVE-2018-1923 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 152859. | |||||
| CVE-2019-13452 | 2 Debian, Xymon | 2 Debian Linux, Xymon | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| In Xymon through 4.3.28, a buffer overflow vulnerability exists in reportlog.c. | |||||
| CVE-2019-1010292 | 1 Linaro | 1 Op-tee | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. The impact is: This could lead to corruption of any memory which the TA can access. The component is: optee_os. The fixed version is: v3.4.0. | |||||
| CVE-2019-9962 | 2 Microsoft, Xnview | 2 Windows, Xnview Mp | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to VCRUNTIME140!memcpy. | |||||
| CVE-2019-9814 | 1 Mozilla | 1 Firefox | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Mozilla developers and community members reported memory safety bugs present in Firefox 66. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 67. | |||||
| CVE-2018-4382 | 2 Apple, Microsoft | 7 Icloud, Iphone Os, Itunes and 4 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. | |||||
| CVE-2019-13252 | 1 Acdsee | 1 Acdsee | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000001172b0. | |||||
| CVE-2019-8045 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2018-4383 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved state management. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. | |||||
| CVE-2019-0170 | 1 Intel | 1 Converged Security Management Engine Firmware | 2024-02-04 | 4.6 MEDIUM | 6.7 MEDIUM |
| Buffer overflow in subsystem in Intel(R) DAL before version 12.0.35 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||