Total
1003 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-4833 | 1 Siemens | 18 Rfid 181-eip, Rfid 181-eip Firmware, Ruggedcom Wimax and 15 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.6), SCALANCE X-300 switch family (incl. SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X408 (All versions < V4.1.3), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client's DHCP request. | |||||
| CVE-2018-1123 | 3 Canonical, Debian, Procps-ng Project | 3 Ubuntu Linux, Debian Linux, Procps-ng | 2024-11-21 | 5.0 MEDIUM | 3.9 LOW |
| procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service). | |||||
| CVE-2018-19093 | 1 Mz-automation | 1 Libiec61850 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue has been found in libIEC61850 v1.3. It is a SEGV in ControlObjectClient_setCommandTerminationHandler in client/client_control.c. NOTE: the software maintainer disputes this because it requires incorrect usage of the client_example_control program | |||||
| CVE-2018-14653 | 2 Debian, Redhat | 4 Debian Linux, Enterprise Linux Server, Enterprise Linux Virtualization and 1 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact. | |||||
| CVE-2018-10893 | 1 Spice Project | 1 Spice | 2024-11-21 | 6.5 MEDIUM | 7.6 HIGH |
| Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code. | |||||
| CVE-2018-10840 | 3 Canonical, Linux, Redhat | 3 Ubuntu Linux, Linux Kernel, Enterprise Linux | 2024-11-21 | 7.2 HIGH | 6.6 MEDIUM |
| Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image. | |||||
| CVE-2016-9586 | 1 Haxx | 1 Curl | 2024-11-21 | 6.8 MEDIUM | 5.9 MEDIUM |
| curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks. | |||||
| CVE-2016-9581 | 1 Uclouvain | 1 Openjpeg | 2024-11-21 | 6.8 MEDIUM | 3.3 LOW |
| An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2. | |||||
| CVE-2016-9580 | 1 Uclouvain | 1 Openjpeg | 2024-11-21 | 6.8 MEDIUM | 3.3 LOW |
| An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow. | |||||
| CVE-2016-2123 | 1 Samba | 1 Samba | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects. This makes the defect a remote privilege escalation. | |||||
| CVE-2024-10204 | 2024-11-19 | N/A | 7.8 HIGH | ||
| Heap-based Buffer Overflow and Uninitialized Variable vulnerabilities exist in the X_B and SAT file reading procedure in eDrawings from Release SOLIDWORKS 2024 through Release SOLIDWORKS 2025. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted X_B or SAT file. | |||||
| CVE-2024-43462 | 1 Microsoft | 3 Sql Server 2016, Sql Server 2017, Sql Server 2019 | 2024-11-19 | N/A | 8.8 HIGH |
| SQL Server Native Client Remote Code Execution Vulnerability | |||||
| CVE-2024-48993 | 1 Microsoft | 3 Sql Server 2016, Sql Server 2017, Sql Server 2019 | 2024-11-19 | N/A | 8.8 HIGH |
| SQL Server Native Client Remote Code Execution Vulnerability | |||||
| CVE-2024-43598 | 1 Microsoft | 1 Lightgbm | 2024-11-19 | N/A | 8.1 HIGH |
| LightGBM Remote Code Execution Vulnerability | |||||
| CVE-2024-43626 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-11-19 | N/A | 7.8 HIGH |
| Windows Telephony Service Elevation of Privilege Vulnerability | |||||
| CVE-2024-43627 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-11-18 | N/A | 8.8 HIGH |
| Windows Telephony Service Remote Code Execution Vulnerability | |||||
| CVE-2024-38255 | 1 Microsoft | 3 Sql Server 2016, Sql Server 2017, Sql Server 2019 | 2024-11-18 | N/A | 8.8 HIGH |
| SQL Server Native Client Remote Code Execution Vulnerability | |||||
| CVE-2024-49509 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-16 | N/A | 7.8 HIGH |
| InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-49508 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-16 | N/A | 7.8 HIGH |
| InDesign Desktop versions ID18.5.2, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-49507 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-16 | N/A | 7.8 HIGH |
| InDesign Desktop versions ID18.5.2, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||