Total
12603 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-20304 | 1 Libexcel Project | 1 Libexcel | 2024-08-05 | N/A |
wbook_addworksheet in workbook.c in libexcel.a in libexcel 0.01 allows attackers to cause a denial of service (SEGV) via a long second argument. NOTE: this is not a Microsoft product. | ||||
CVE-2018-20340 | 2 Debian, Yubico | 2 Debian Linux, Libu2f-host | 2024-08-05 | N/A |
Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow. An attacker could use this to attempt to execute malicious code using a crafted USB device masquerading as a security token on a computer where the affected library is currently in use. It is not possible to perform this attack with a genuine YubiKey. | ||||
CVE-2018-20248 | 1 Foxitsoftware | 1 Quick Pdf Library | 2024-08-05 | N/A |
In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing invalid xref table pointers or invalid xref table data using the LoadFromFile, LoadFromString, LoadFromStream, DAOpenFile or DAOpenFileReadOnly functions may result in an access violation caused by out of bounds memory access. | ||||
CVE-2018-20331 | 1 Antiy | 1 Anti Virus Lab Atool | 2024-08-05 | N/A |
Local attackers can trigger a Kernel Pool Buffer Overflow in Antiy AVL ATool v1.0.0.22. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x80002004 by the ssdt.sys kernel driver. The bug is caused by failure to properly validate the length of the user-supplied data. An attacker can leverage this vulnerability to execute arbitrary code in the context of the kernel, which could lead to privilege escalation. A failed exploit could lead to denial of service. | ||||
CVE-2018-20182 | 2 Debian, Rdesktop | 2 Debian Linux, Rdesktop | 2024-08-05 | N/A |
rdesktop versions up to and including v1.8.3 contain a Buffer Overflow over the global variables in the function seamless_process_line() that results in memory corruption and probably even a remote code execution. | ||||
CVE-2018-20176 | 1 Rdesktop | 1 Rdesktop | 2024-08-05 | N/A |
rdesktop versions up to and including v1.8.3 contain several Out-Of- Bounds Reads in the file secure.c that result in a Denial of Service (segfault). | ||||
CVE-2018-20181 | 2 Debian, Rdesktop | 2 Debian Linux, Rdesktop | 2024-08-05 | N/A |
rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function seamless_process() and results in memory corruption and probably even a remote code execution. | ||||
CVE-2018-20177 | 3 Debian, Opensuse, Rdesktop | 4 Debian Linux, Backports, Leap and 1 more | 2024-08-05 | 9.8 Critical |
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution. | ||||
CVE-2018-20180 | 2 Debian, Rdesktop | 2 Debian Linux, Rdesktop | 2024-08-05 | N/A |
rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function rdpsnddbg_process() and results in memory corruption and probably even a remote code execution. | ||||
CVE-2018-20179 | 1 Rdesktop | 1 Rdesktop | 2024-08-05 | N/A |
rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function lspci_process() and results in memory corruption and probably even a remote code execution. | ||||
CVE-2018-20175 | 2 Debian, Rdesktop | 2 Debian Linux, Rdesktop | 2024-08-05 | N/A |
rdesktop versions up to and including v1.8.3 contains several Integer Signedness errors that lead to Out-Of-Bounds Reads in the file mcs.c and result in a Denial of Service (segfault). | ||||
CVE-2018-20097 | 4 Debian, Exiv2, Fedoraproject and 1 more | 7 Debian Linux, Exiv2, Fedora and 4 more | 2024-08-05 | 6.5 Medium |
There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack. | ||||
CVE-2018-19963 | 1 Xen | 1 Xen | 2024-08-05 | N/A |
An issue was discovered in Xen 4.11 allowing HVM guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because x86 IOREQ server resource accounting (for external emulators) was mishandled. | ||||
CVE-2018-19978 | 1 Auerswald | 2 Comfortel 1200 Ip, Comfortel 1200 Ip Firmware | 2024-08-05 | N/A |
A buffer overflow vulnerability in the DHCP and PPPOE configuration interface of the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows a remote attacker (authenticated as simple user in the same network as the device) to trigger remote code execution via a POST request (ManufacturerName parameter) to the web server on the device. The web server is running with root privileges and the injected code will also run with root privileges. | ||||
CVE-2018-19864 | 1 Nuuo | 1 Nvrmini2 Firmware | 2024-08-05 | N/A |
NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow), resulting in ability to read camera feeds or reconfigure the device. | ||||
CVE-2018-19873 | 4 Debian, Opensuse, Qt and 1 more | 4 Debian Linux, Leap, Qt and 1 more | 2024-08-05 | N/A |
An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data. | ||||
CVE-2018-19886 | 1 Audiocoding | 1 Freeware Advanced Audio Coder | 2024-08-05 | 5.5 Medium |
An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 8 case. | ||||
CVE-2018-19861 | 1 Minishare Project | 1 Minishare | 2024-08-05 | N/A |
Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP HEAD request. NOTE: this product is discontinued. | ||||
CVE-2018-19792 | 1 Litespeedtech | 1 Openlitespeed | 2024-08-05 | N/A |
The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 allows local users to cause a denial of service (buffer overflow) or possibly have unspecified other impact by creating a symlink through which the openlitespeed program can be invoked with a long command name (involving ../ characters), which is mishandled in the LshttpdMain::getServerRootFromExecutablePath function. | ||||
CVE-2018-19800 | 1 Aubio | 1 Aubio | 2024-08-05 | N/A |
aubio v0.4.0 to v0.4.8 has a Buffer Overflow in new_aubio_tempo. |