Total
12603 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-14749 | 1 Qnap | 1 Qts | 2024-08-05 | N/A |
Buffer Overflow vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could have unspecified impact on the NAS. | ||||
CVE-2018-14712 | 1 Asus | 2 Rt-ac3200, Rt-ac3200 Firmware | 2024-08-05 | N/A |
Buffer overflow in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to inject system commands via the "hook" URL parameter. | ||||
CVE-2018-14678 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2024-08-05 | 7.8 High |
An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which allows local users to cause a denial of service (uninitialized memory usage and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can trigger a guest OS crash or possibly gain privileges. | ||||
CVE-2018-14652 | 2 Debian, Redhat | 7 Debian Linux, Enterprise Linux, Enterprise Linux Server and 4 more | 2024-08-05 | 6.5 Medium |
The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of service. | ||||
CVE-2018-14615 | 1 Linux | 1 Linux Kernel | 2024-08-05 | N/A |
An issue was discovered in the Linux kernel through 4.17.10. There is a buffer overflow in truncate_inline_inode() in fs/f2fs/inline.c when umounting an f2fs image, because a length value may be negative. | ||||
CVE-2018-14563 | 1 Thunlp | 1 Thulac | 2024-08-05 | N/A |
An issue was discovered in libthulac.so in THULAC through 2018-02-25. "operator delete" is used with "operator new[]" in the TaggingLearner class in include/cb_tagging_learner.h, possibly leading to memory corruption. | ||||
CVE-2018-14590 | 1 Axiosys | 1 Bento4 | 2024-08-05 | N/A |
An issue has been discovered in Bento4 1.5.1-624. A SEGV can occur in AP4_Processor::ProcessFragments in Core/Ap4Processor.cpp. | ||||
CVE-2018-14557 | 1 Tenda | 6 Ac10, Ac10 Firmware, Ac7 and 3 more | 2024-08-05 | N/A |
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffer overflow vulnerability exists in the router's web server (httpd). When processing the page parameters for a post request, the value is directly written with sprintf to a local variable placed on the stack, which overrides the return address of the function, a causing buffer overflow. | ||||
CVE-2018-14553 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-08-05 | 7.5 High |
gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled). | ||||
CVE-2018-14559 | 1 Tenda | 6 Ac10, Ac10 Firmware, Ac7 and 3 more | 2024-08-05 | N/A |
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffer overflow vulnerability exists in the router's web server (httpd). When processing the list parameters for a post request, the value is directly written with sprintf to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow. | ||||
CVE-2018-14521 | 1 Aubio | 1 Aubio | 2024-08-05 | N/A |
An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_source_avcodec_readframe in io/source_avcodec.c, as demonstrated by aubiomfcc. | ||||
CVE-2018-14522 | 3 Aubio, Opensuse, Suse | 3 Aubio, Leap, Linux Enterprise | 2024-08-05 | N/A |
An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes. | ||||
CVE-2018-14586 | 1 Axiosys | 1 Bento4 | 2024-08-05 | N/A |
An issue has been discovered in Bento4 1.5.1-624. A SEGV can occur in AP4_Mpeg2TsAudioSampleStream::WriteSample in Core/Ap4Mpeg2Ts.cpp, a different vulnerability than CVE-2018-14532. | ||||
CVE-2018-14531 | 1 Axiosys | 1 Bento4 | 2024-08-05 | N/A |
An issue was discovered in Bento4 1.5.1-624. There is an unspecified "heap-buffer-overflow" crash in the AP4_HvccAtom class in Core/Ap4HvccAtom.cpp. | ||||
CVE-2018-14564 | 1 Thunlp | 1 Thulac | 2024-08-05 | N/A |
An issue was discovered in libthulac.so in THULAC through 2018-02-25. A SEGV can occur in NGramFeature::find_bases in include/cb_ngram_feature.h. | ||||
CVE-2018-14460 | 1 Hdfgroup | 1 Hdf5 | 2024-08-05 | N/A |
An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_sdspace_decode in H5Osdspace.c. | ||||
CVE-2018-14443 | 1 Gnu | 1 Libredwg | 2024-08-05 | N/A |
get_first_owned_object in dwg.c in GNU LibreDWG 0.5.1036 allows remote attackers to cause a denial of service (SEGV). | ||||
CVE-2018-14362 | 5 Canonical, Debian, Mutt and 2 more | 11 Ubuntu Linux, Debian Linux, Mutt and 8 more | 2024-08-05 | 9.8 Critical |
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character. | ||||
CVE-2018-14320 | 1 Podofo Project | 1 Podofo | 2024-08-05 | N/A |
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within PdfEncoding::ParseToUnicode. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5673. | ||||
CVE-2018-14290 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2024-08-05 | N/A |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6222. |